Webinar: The IT Leader’s Guide to AI Governance 2026-04-15 at 16:07 By Help Net Security Generative AI is moving from experimentation to everyday enterprise use, often faster than governance models were designed to support. As adoption accelerates, organizations are navigating the evolving landscape with new questions around security, data privacy, compliance, and control, all while […]
Webinar: The IT Leader’s Guide to AI Governance Read More »
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers 2026-04-15 at 10:02 By Sinisa Markovic Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers Read More »
Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure
The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers
The exploit gap is closing, and your patch cycle wasn’t built for this Read More »
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab 2026-04-15 at 08:18 By Anamarija Pogorelec Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab Read More »
Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian 2026-04-15 at 07:32 By Help Net Security AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read files, run shell commands, and call external tools
Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian Read More »
Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that
Testing reveals Claude Mythos’s offensive capabilities and limits Read More »
Booking.com data breach: Customer reservation data exposed 2026-04-14 at 16:21 By Zeljka Zorz “Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over the weekend warn. The online travel agency did not say which system(s) were accessed by the unauthorized third parties
Booking.com data breach: Customer reservation data exposed Read More »
AI adoption is outpacing the safeguards around it 2026-04-14 at 12:59 By Anamarija Pogorelec AI is becoming part of professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are tested in reasoning, safety, and real-world tasks, but the reliability of those measurements remains uncertain. The 2026 AI
AI adoption is outpacing the safeguards around it Read More »
Review: The Psychology of Information Security 2026-04-14 at 09:15 By Mirko Zorz Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change
Review: The Psychology of Information Security Read More »
Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready 2026-04-14 at 09:15 By Mirko Zorz In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed
29 million leaked secrets in 2025: Why AI agents credentials are out of control 2026-04-14 at 08:11 By Help Net Security AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most
29 million leaked secrets in 2025: Why AI agents credentials are out of control Read More »
Hackers hijacked CPUID downloads, served STX RAT to victims 2026-04-13 at 16:08 By Zeljka Zorz If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between
Hackers hijacked CPUID downloads, served STX RAT to victims Read More »
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621) 2026-04-13 at 13:22 By Zeljka Zorz Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerability – a type
ZeroID: Open-source identity platform for autonomous AI agents 2026-04-13 at 09:02 By Mirko Zorz ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution problem The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to carry
ZeroID: Open-source identity platform for autonomous AI agents Read More »
Fixing vulnerability data quality requires fixing the architecture first 2026-04-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce
Fixing vulnerability data quality requires fixing the architecture first Read More »
MITRE releases a shared fraud-cyber framework built from real attack data 2026-04-13 at 09:02 By Mirko Zorz Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible for stopping fraud, fraud investigators and cybersecurity analysts, have historically
MITRE releases a shared fraud-cyber framework built from real attack data Read More »
Bringing governance and visibility to machine and AI identities 2026-04-13 at 07:32 By Mirko Zorz In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and
Bringing governance and visibility to machine and AI identities Read More »
ClickFix campaign delivers Mac malware via fake Apple page 2026-04-10 at 17:22 By Zeljka Zorz Security researchers at Jamf have uncovered a new ClickFix-style attack targeting Mac users via a fake Apple-themed webpage offering instructions on how to “reclaim disk space on your Mac”. The malicious page (Source: Jamf) ClickFix for everybody ClickFix is a
ClickFix campaign delivers Mac malware via fake Apple page Read More »
Poisoned “Office 365” search results lead to stolen paychecks 2026-04-10 at 14:45 By Zeljka Zorz A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks
Poisoned “Office 365” search results lead to stolen paychecks Read More »