Don’t miss

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory

agentic AI, Don't miss, GitHub, News, open source, OWASP, software /

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory 2026-06-01 at 08:19 By Mirko Zorz AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who […]

OWASP Agent Memory Guard: Stop AI agents from being weaponized through their own memory Read More »

New infostealer reaches enterprise devices through FortiClient EMS vulnerability

Arctic Wolf Networks, cookies, credentials, data theft, Don't miss, endpoint management, enterprise, Fortinet, Hot stuff, News, vulnerability /

New infostealer reaches enterprise devices through FortiClient EMS vulnerability 2026-05-29 at 18:31 By Zeljka Zorz Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold

New infostealer reaches enterprise devices through FortiClient EMS vulnerability Read More »

Dutch police disrupts botnet composed of 17 million devices

botnet, Don't miss, Europe, Hot stuff, law enforcement, News, Proxy /

Dutch police disrupts botnet composed of 17 million devices 2026-05-29 at 17:26 By Zeljka Zorz The Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a

Dutch police disrupts botnet composed of 17 million devices Read More »

LinkedIn-themed phishing abuses Adobe’s A/B testing platform

Don't miss, Hot stuff, LinkedIn, Malwarebytes, News, phishing /

LinkedIn-themed phishing abuses Adobe’s A/B testing platform 2026-05-29 at 14:08 By Zeljka Zorz A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a routine business

LinkedIn-themed phishing abuses Adobe’s A/B testing platform Read More »

Zapier exploit chain shows how known anti-patterns compose into critical risk

AWS, cybersecurity, Don't miss, News, research, Token Security, vulnerability /

Zapier exploit chain shows how known anti-patterns compose into critical risk 2026-05-28 at 16:00 By Mirko Zorz A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the

Zapier exploit chain shows how known anti-patterns compose into critical risk Read More »

The CISO selling confidence in a market full of breach headlines

AI, CISO, cyber risk, cybersecurity, Don't miss, enterprise, Features, Hot stuff, identity management, identity protection, News, Risk Management, security operations, skill development, SOC, Span, strategy, tips /

The CISO selling confidence in a market full of breach headlines 2026-05-28 at 10:16 By Mirko Zorz Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled

The CISO selling confidence in a market full of breach headlines Read More »

Frontier AI models collapse under multi-turn AI attacks, Cisco finds

AI, Amazon, Anthropic, Cisco, cybersecurity, Don't miss, Google, News, OpenAI, report, research /

Frontier AI models collapse under multi-turn AI attacks, Cisco finds 2026-05-28 at 10:16 By Mirko Zorz Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks used across the

Frontier AI models collapse under multi-turn AI attacks, Cisco finds Read More »

Coinflow CISO on crypto payments security under AI pressure

APT, boardroom, CISO, communication, conferences, Crypto, cyber risk, cybercrime, cybersecurity, Don't miss, enterprise, Features, fraud, Hot stuff, News, opinion, Risk Management, Span, strategy, tips /

Coinflow CISO on crypto payments security under AI pressure 2026-05-27 at 09:24 By Mirko Zorz Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered

Coinflow CISO on crypto payments security under AI pressure Read More »

Vigolium: Open-source vulnerability scanner

Don't miss, GitHub, News, open source, scanner, software, vulnerability assessment /

Vigolium: Open-source vulnerability scanner 2026-05-27 at 09:24 By Anamarija Pogorelec Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes

Vigolium: Open-source vulnerability scanner Read More »

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

0-day, CISA, Don't miss, Endpoint Security, enterprise, Hot stuff, News, security update, Trend Micro /

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

Anthropic: Claude Mythos identified 10,000+ software flaws

AI, Anthropic, Don't miss, News, open source, vulnerability disclosure /

Anthropic: Claude Mythos identified 10,000+ software flaws 2026-05-26 at 17:30 By Anamarija Pogorelec Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities In April 2026, Anthropic introduced Claude Mythos

Anthropic: Claude Mythos identified 10,000+ software flaws Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Don't miss, Hot stuff, Microsoft, News, security update, SharePoint, vulnerability /

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

What happens when security teams inherit identity

CISO, cybersecurity, Don't miss, Features, Hot stuff, identity, identity management, News, opinion, Span /

What happens when security teams inherit identity 2026-05-26 at 13:38 By Sinisa Markovic At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle with

What happens when security teams inherit identity Read More »

Manage machine identities: The hidden privileged access layer you need to manage

access management, AI, Delinea, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, Non Human Identities, opinion /

Manage machine identities: The hidden privileged access layer you need to manage 2026-05-26 at 08:37 By Help Net Security Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of

Manage machine identities: The hidden privileged access layer you need to manage Read More »

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report

AI, BH Consulting, cybercrime, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Ransomware /

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report 2026-05-25 at 08:59 By Help Net Security This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report Read More »

Boards want cyber risk in dollars, not CVE counts

boardroom, CISO, communication, CVE, cyber risk, CYE, Don't miss, News, strategy, tips, Video /

Boards want cyber risk in dollars, not CVE counts 2026-05-25 at 08:11 By Help Net Security In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business

Boards want cyber risk in dollars, not CVE counts Read More »

OpenHack: Open-source AI-powered vulnerability research

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source /

OpenHack: Open-source AI-powered vulnerability research 2026-05-25 at 08:11 By Sinisa Markovic Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of

OpenHack: Open-source AI-powered vulnerability research Read More »

$20 per zero-day is already the WordPress plugin reality

0-day, AI, conferences, cybersecurity, Don't miss, Hot stuff, News, research, Trend Micro, WordPress /

$20 per zero-day is already the WordPress plugin reality 2026-05-22 at 17:05 By Mirko Zorz Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer,

$20 per zero-day is already the WordPress plugin reality Read More »

Deleted Google API keys keep working for up to 23 minutes, researchers warn

Aikido Security, API security, credentials, Don't miss, Google, Google Cloud, Hot stuff, News, research /

Deleted Google API keys keep working for up to 23 minutes, researchers warn 2026-05-22 at 15:08 By Zeljka Zorz Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if

Deleted Google API keys keep working for up to 23 minutes, researchers warn Read More »

Meet Fractal, an OS made for microarchitecture reverse engineering

apple, chip, Don't miss, hardware, Hot stuff, MIT, News, operating system, research, reverse engineering /

Meet Fractal, an OS made for microarchitecture reverse engineering 2026-05-22 at 12:17 By Sinisa Markovic Probing how a CPU isolates user code from kernel code is messy work. Researchers patch kernels, write drivers, or boot stripped-down bare-metal programs, and any of those choices change variables they were trying to hold still. Fractal, a new operating

Meet Fractal, an OS made for microarchitecture reverse engineering Read More »

Scroll to Top