Hot stuff

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) 2026-07-14 at 20:40 By Zeljka Zorz SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined […]

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) Read More »

“Context bombs” can frustrate AI-driven attacks, researchers found

“Context bombs” can frustrate AI-driven attacks, researchers found 2026-07-14 at 15:27 By Zeljka Zorz A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not

“Context bombs” can frustrate AI-driven attacks, researchers found Read More »

The best defense against AI attacks turns out to be a skeptical human

The best defense against AI attacks turns out to be a skeptical human 2026-07-14 at 09:00 By Mirko Zorz Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a

The best defense against AI attacks turns out to be a skeptical human Read More »

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers 2026-07-13 at 14:45 By Zeljka Zorz A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers Read More »

Why SBOMs, signing, and provenance still don’t tell you if software is safe

Why SBOMs, signing, and provenance still don’t tell you if software is safe 2026-07-13 at 09:30 By Help Net Security We have made real progress in software supply chain security, improving visibility into software components, authenticity and build integrity. Much of this progress traces back to Executive Order 14028, which pushed agencies, contractors and enterprises

Why SBOMs, signing, and provenance still don’t tell you if software is safe Read More »

Cynative: Open-source deep research agent

Cynative: Open-source deep research agent 2026-07-13 at 09:00 By Mirko Zorz Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on

Cynative: Open-source deep research agent Read More »

Microsoft demystifies how Windows updates work

Microsoft demystifies how Windows updates work 2026-07-13 at 08:30 By Anamarija Pogorelec Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year. “Most individuals and organizations regularly deploy monthly security updates, released

Microsoft demystifies how Windows updates work Read More »

A hardware security AI assistant that checks chips for hidden backdoors

A hardware security AI assistant that checks chips for hidden backdoors 2026-07-13 at 08:00 By Sinisa Markovic Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each written by a company the buyer may never deal with directly.

A hardware security AI assistant that checks chips for hidden backdoors Read More »

July 2026 Patch Tuesday forecast: Is CVE tracking still practical?

July 2026 Patch Tuesday forecast: Is CVE tracking still practical? 2026-07-10 at 10:30 By Help Net Security I was off by a month in my forecast of record-setting CVE releases from Microsoft. In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 CVEs for Windows 11

July 2026 Patch Tuesday forecast: Is CVE tracking still practical? Read More »

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) 2026-07-09 at 15:14 By Zeljka Zorz Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit. The vulnerability and the fix CVE-2026-50656 is due to improper link resolution before

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) Read More »

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) 2026-07-08 at 17:03 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) Read More »

Accenture acknowledges security incident following 35GB data theft claim

Accenture acknowledges security incident following 35GB data theft claim 2026-07-08 at 14:28 By Zeljka Zorz Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting company and

Accenture acknowledges security incident following 35GB data theft claim Read More »

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure 2026-07-08 at 09:00 By Mirko Zorz In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure Read More »

20 open-source cybersecurity tools to keep your team ready for anything

20 open-source cybersecurity tools to keep your team ready for anything 2026-07-08 at 08:30 By Anamarija Pogorelec AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent

20 open-source cybersecurity tools to keep your team ready for anything Read More »

macOS is becoming a proving ground for AI agents

macOS is becoming a proving ground for AI agents 2026-07-08 at 08:00 By Sinisa Markovic Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, digs up a release year, then quietly files a reminder, the

macOS is becoming a proving ground for AI agents Read More »

How to implement a continuous offensive security testing program

How to implement a continuous offensive security testing program 2026-07-08 at 07:30 By Help Net Security The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for

How to implement a continuous offensive security testing program Read More »

OpenAI and Anthropic are pulling in different directions

OpenAI and Anthropic are pulling in different directions 2026-07-08 at 07:00 By Mirko Zorz Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can drift across weeks and months. That drift opens a security gap outside the reach

OpenAI and Anthropic are pulling in different directions Read More »

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) 2026-07-07 at 15:03 By Zeljka Zorz CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-intelligence service KEVIntel, mere minutes after

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282) Read More »

How to prioritize AI agent security by business impact

How to prioritize AI agent security by business impact 2026-07-06 at 09:30 By Help Net Security Your CEO calls about an AI agent security incident in finance. He wants to know whether money moved, whether financial data was exposed, who owned the agent and why it had this level of access. The agent was connected

How to prioritize AI agent security by business impact Read More »

Scroll to Top