Hot stuff

Trust, friction, and ROI: A CISO’s take on making security work for the business

Trust, friction, and ROI: A CISO’s take on making security work for the business 2026-04-02 at 08:42 By Mirko Zorz In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A […]

Trust, friction, and ROI: A CISO’s take on making security work for the business Read More »

North Korean hackers linked to Axios npm supply chain compromise

North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,

North Korean hackers linked to Axios npm supply chain compromise Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) 2026-04-01 at 14:31 By Zeljka Zorz Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) Read More »

Mimecast makes enterprise email security deployable in minutes

Mimecast makes enterprise email security deployable in minutes 2026-04-01 at 10:34 By Mirko Zorz Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend exclusively on those native controls for collaboration security, and 64% say those controls are insufficient against the

Mimecast makes enterprise email security deployable in minutes Read More »

Axios npm packages backdoored in supply chain attack

Axios npm packages backdoored in supply chain attack 2026-03-31 at 15:43 By Zeljka Zorz An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans.

Axios npm packages backdoored in supply chain attack Read More »

Why I’m done calling humans the weakest link

Why I’m done calling humans the weakest link 2026-03-31 at 11:22 By Help Net Security Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners

Why I’m done calling humans the weakest link Read More »

TeamPCP’s attack spree slows, but threat escalates with ransomware pivot

TeamPCP’s attack spree slows, but threat escalates with ransomware pivot 2026-03-30 at 18:52 By Zeljka Zorz TeamPCP’s destructive run of supply chain breaches has stopped, for now: it has been three days since the group published malicious versions of Telnyx’s SDK on PyPI, and there haven’t been reports of new open-source project compromises. Partnership with

TeamPCP’s attack spree slows, but threat escalates with ransomware pivot Read More »

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) 2026-03-30 at 15:37 By Zeljka Zorz A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and

Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643) Read More »

ShipSec Studio brings open-source workflow orchestration to security operations

ShipSec Studio brings open-source workflow orchestration to security operations 2026-03-30 at 08:04 By Anamarija Pogorelec Security teams have long relied on a mix of shell scripts, cron jobs, and loosely connected tools to chain reconnaissance and vulnerability scanning work together. ShipSec Studio, an open-source security workflow automation platform from ShipSec AI, aims to replace that

ShipSec Studio brings open-source workflow orchestration to security operations Read More »

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) 2026-03-28 at 11:30 By Zeljka Zorz A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) Read More »

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation 2026-03-27 at 12:43 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for building AI agents and

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation Read More »

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks Read More »

AI SOC vendors are selling a future that production deployments haven’t reached yet

AI SOC vendors are selling a future that production deployments haven’t reached yet 2026-03-26 at 12:32 By Mirko Zorz Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in analyst workload, and an accelerating path toward humanless operations. Practitioners buying and deploying those

AI SOC vendors are selling a future that production deployments haven’t reached yet Read More »

Your facilities run on fragile supply chains and nobody wants to admit it

Your facilities run on fragile supply chains and nobody wants to admit it 2026-03-26 at 12:32 By Mirko Zorz In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are

Your facilities run on fragile supply chains and nobody wants to admit it Read More »

A nearly undetectable LLM attack needs only a handful of poisoned samples

A nearly undetectable LLM attack needs only a handful of poisoned samples 2026-03-26 at 12:32 By Mirko Zorz Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack

A nearly undetectable LLM attack needs only a handful of poisoned samples Read More »

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular

LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »

Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18

Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 2026-03-25 at 08:07 By Anamarija Pogorelec Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel

Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 Read More »

The AI safety conversation is focused on the wrong layer

The AI safety conversation is focused on the wrong layer 2026-03-24 at 16:30 By Mirko Zorz Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that fragmentation was manageable. Humans log in, log out, and make decisions slowly enough that gaps

The AI safety conversation is focused on the wrong layer Read More »

Scroll to Top