One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you […]
One keypress is all it takes to compromise four AI coding tools Read More »
State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication
State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »
Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years
Can your coding style predict whether your code is vulnerable? Read More »
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s
Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »
Pipelock: Open-source AI agent firewall 2026-05-04 at 09:46 By Mirko Zorz AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under
Pipelock: Open-source AI agent firewall Read More »
Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one
Spotting third-party cyber risk before attackers do Read More »
Download: Automating Pentest Delivery Guide 2026-05-01 at 18:21 By Help Net Security Pentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. This guide on Automating
Download: Automating Pentest Delivery Guide Read More »
Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an
Open-source privacy proxy masks PII before prompts reach external AI services Read More »
cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical
cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »
Cisco releases open-source toolkit for verifying AI model lineage 2026-04-30 at 16:02 By Mirko Zorz Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026
Cisco releases open-source toolkit for verifying AI model lineage Read More »
Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit
The AI criminal mastermind is already hiring on gig platforms 2026-04-27 at 10:30 By Mirko Zorz Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs
The AI criminal mastermind is already hiring on gig platforms Read More »
Indirect prompt injection is taking hold in the wild 2026-04-24 at 23:26 By Zeljka Zorz The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for an AI agent
Indirect prompt injection is taking hold in the wild Read More »
New Cisco firewall malware can only be killed by pulling the plug 2026-04-24 at 13:17 By Zeljka Zorz Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco
New Cisco firewall malware can only be killed by pulling the plug Read More »
OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards 2026-04-24 at 11:27 By Sinisa Markovic Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users in
OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards Read More »
AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools.
AI is speeding up nation-state cyber programs Read More »
A study of 1,000 Android apps finds a privacy policy logging gap 2026-04-24 at 08:22 By Anamarija Pogorelec Android developers write log statements for the same reasons they always have: debugging crashes, tracing performance issues, and understanding how features behave in production. Legal and privacy teams, working from templates and regulatory checklists, draft policies describing
A study of 1,000 Android apps finds a privacy policy logging gap Read More »
With AI’s help, North Korean hackers stumbled into a near-undetectable attack 2026-04-24 at 08:22 By Zeljka Zorz For many years, state-sponsored hacking was defined by human expertise in finding security holes, writing malware and exploits, pulling off social engineering and phishing attacks, and much more. Since the advent of LLM-powered AI assistants and tools, less
With AI’s help, North Korean hackers stumbled into a near-undetectable attack Read More »
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) 2026-04-23 at 14:17 By Zeljka Zorz Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the
Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) Read More »
GopherWhisper APT group hides command and control traffic in Slack and Discord 2026-04-23 at 12:17 By Anamarija Pogorelec Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook
GopherWhisper APT group hides command and control traffic in Slack and Discord Read More »