Don’t miss

Scenario: Open-source framework for automated AI app red-teaming

agentic AI, automation, Don't miss, framework, GitHub, LLMs, News, open source, red team, software /

Scenario: Open-source framework for automated AI app red-teaming 2026-04-23 at 09:47 By Mirko Zorz Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents using […]

Scenario: Open-source framework for automated AI app red-teaming Read More »

A year in, Zoom’s CISO reflects on balancing security and business

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, tips, Zoom /

A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and

A year in, Zoom’s CISO reflects on balancing security and business Read More »

GDPR works, but only where someone enforces it

CCPA, Compliance, data, Don't miss, EU, Europe, Features, GDPR, News, online tracking, Privacy, regulation, research /

GDPR works, but only where someone enforces it 2026-04-23 at 07:32 By Sinisa Markovic A new measurement study of web tracking across ten countries offers a reality check for anyone working on privacy compliance. Researchers crawled the same set of globally popular websites from virtual machines located in Australia, Brazil, Canada, Germany, India, Singapore, South

GDPR works, but only where someone enforces it Read More »

New Mirai variants target routers and DVRs in parallel campaigns

Akamai, botnet, consumer, DDoS, Don't miss, DVR, end of support, enterprise, exploit, Fortinet, Hot stuff, Internet of Things, Malware, News, router, SMBs /

New Mirai variants target routers and DVRs in parallel campaigns 2026-04-22 at 16:42 By Zeljka Zorz Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging

New Mirai variants target routers and DVRs in parallel campaigns Read More »

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security /

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

PentAGI: Open-source autonomous AI penetration testing system

AI, automation, cybersecurity, Don't miss, GitHub, LLMs, News, open source, penetration testing, software /

PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and

PentAGI: Open-source autonomous AI penetration testing system Read More »

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)

Arctic Wolf Networks, CISA, Cisco, Don't miss, Government, Hot stuff, News, VulnCheck /

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) 2026-04-21 at 15:29 By Zeljka Zorz CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploited. Three Cisco Catalyst SD-WAN Manager vulnerabilities Alongside CVE-2026-20133, CISA has

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) Read More »

A single platform powers SIM farm proxy networks across 17 countries

cybercrime, Don't miss, fraud, hardware, mobile, network, News, spoofing /

A single platform powers SIM farm proxy networks across 17 countries 2026-04-21 at 12:30 By Mirko Zorz Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries. An investigation by infrastructure intelligence firm Infrawatch traced a large

A single platform powers SIM farm proxy networks across 17 countries Read More »

Researchers build an encrypted routing layer for private AI inference

Artificial Intelligence, cybersecurity, Don't miss, Encryption, LLMs, News, research /

Researchers build an encrypted routing layer for private AI inference 2026-04-21 at 07:31 By Sinisa Markovic Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique called Secure Multi-Party Computation (MPC) makes this possible. It splits data

Researchers build an encrypted routing layer for private AI inference Read More »

Vercel breached via compromised third-party AI tool

breach, data theft, Don't miss, extension, Hot stuff, News, third party compromise, Vercel /

Vercel breached via compromised third-party AI tool 2026-04-20 at 18:12 By Zeljka Zorz Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”. Advice for affected customers “The incident originated with a compromise of

Vercel breached via compromised third-party AI tool Read More »

AI platform ATHR makes voice phishing a one-person job

Abnormal AI, AI, Don't miss, Hot stuff, News, phishing, vishing /

AI platform ATHR makes voice phishing a one-person job 2026-04-20 at 14:37 By Zeljka Zorz For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and

AI platform ATHR makes voice phishing a one-person job Read More »

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines

DevOps, Don't miss, GitHub, News, open source, software /

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines 2026-04-20 at 09:14 By Mirko Zorz Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment. What the tool does SmokedMeat takes a flagged

SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Read More »

How to spot a North Korean fake in a job interview

deepfakes, Don't miss, Flare, identity, News, Threat Intelligence, Video /

How to spot a North Korean fake in a job interview 2026-04-20 at 08:17 By Help Net Security North Korean operatives are getting hired at companies by passing job interviews using fake identities and AI tools. In this Help Net Security video, Adrian Cheek, a senior cybercrime researcher at Flare, outlines several ways organizations can

How to spot a North Korean fake in a job interview Read More »

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

0-day, Don't miss, exploit, Hot stuff, Huntress, Microsoft, Microsoft Defender, News, PoC /

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild 2026-04-17 at 14:32 By Zeljka Zorz The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild Read More »

Workplace stress in 2026 is still worse than before the pandemic

burnout, Don't miss, News, report, research /

Workplace stress in 2026 is still worse than before the pandemic 2026-04-17 at 07:42 By Mirko Zorz Roughly 40% of employees worldwide said they experienced a lot of stress during the previous day, according to Gallup’s State of the Global Workplace 2026 report, a figure that has remained above pre-pandemic levels for several years. Daily

Workplace stress in 2026 is still worse than before the pandemic Read More »

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

CVE, Don't miss, ENISA, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward 2026-04-16 at 19:48 By Zeljka Zorz NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Read More »

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards

agentic AI, Anthropic, Artificial Intelligence, cybersecurity, Don't miss, News /

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards 2026-04-16 at 18:06 By Sinisa Markovic Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards Read More »

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

cybercrime, cybersecurity, Data exfiltration, Don't miss, fraud, Malware, News, PowerShell, Proofpoint, Pulseway, SimpleHelp, social engineering /

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug 2026-04-16 at 13:34 By Mirko Zorz Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug Read More »

EU cybersecurity standards are at risk if supplier ban passes

cybersecurity, Don't miss, ENISA, ETSI, EU, Europe, European Commission, framework, News, opinion, standards /

EU cybersecurity standards are at risk if supplier ban passes 2026-04-16 at 10:16 By Mirko Zorz Today, the European standards body ETSI sent a formal position paper to the European Commission, calling for changes to the proposed Cybersecurity Act 2 (CSA2), the EU’s planned revision to its existing cybersecurity certification framework. The paper focuses on

EU cybersecurity standards are at risk if supplier ban passes Read More »

What the EU AI Act requires for AI agent logging

Artificial Intelligence, Compliance, Don't miss, EU, Europe, Expert analysis, Expert corner, Hot stuff, logging, opinion, regulation, strategy /

What the EU AI Act requires for AI agent logging 2026-04-16 at 09:02 By Help Net Security The EU AI Act is 144 pages long. The logging requirements that matter for AI agent developers sit across four articles that keep referencing each other. Here’s what they say, when the deadlines hit, and where the gaps

What the EU AI Act requires for AI agent logging Read More »

Scroll to Top