Hot stuff

Threat actors weaponize OAuth redirection logic to deliver malware

Threat actors weaponize OAuth redirection logic to deliver malware 2026-03-03 at 19:46 By Zeljka Zorz An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to […]

Threat actors weaponize OAuth redirection logic to deliver malware Read More »

Secure by Design: Building security in at the beginning

Secure by Design: Building security in at the beginning 2026-03-03 at 16:16 By Help Net Security Secure by Design is not a single tool, product, or one‑time activity. It is a holistic approach that requires security to be deliberately embedded from the very beginning, at the point where systems, software, and services are conceived and

Secure by Design: Building security in at the beginning Read More »

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation 2026-03-03 at 13:58 By Anamarija Pogorelec The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch level of 2026-03-05 or later receive fixes for all disclosed issues. Android

Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation Read More »

AI went from assistant to autonomous actor and security never caught up

AI went from assistant to autonomous actor and security never caught up 2026-03-03 at 08:35 By Mirko Zorz Enterprise AI deployments have shifted from pilot programs to production systems handling customer data, executing business transactions, and integrating with core infrastructure. That has exposed a significant gap between what AI agents can do and what security

AI went from assistant to autonomous actor and security never caught up Read More »

BlacksmithAI: Open-source AI-powered penetration testing framework

BlacksmithAI: Open-source AI-powered penetration testing framework 2026-03-02 at 08:00 By Mirko Zorz BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent structure for offensive workflows BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents.

BlacksmithAI: Open-source AI-powered penetration testing framework Read More »

IronCurtain: An open-source, safeguard layer for autonomous AI assistants

IronCurtain: An open-source, safeguard layer for autonomous AI assistants 2026-02-28 at 07:07 By Zeljka Zorz Veteran security engineer Niels Provos is working on a new technical approach designed to stop autonomous AI agents from taking actions you haven’t specifically authorized. His open-source software solution, called IronCurtain, aims to neutralize the risk of an LLM-powered agent

IronCurtain: An open-source, safeguard layer for autonomous AI assistants Read More »

Industrial networks continue to leak onto the internet

Industrial networks continue to leak onto the internet 2026-02-27 at 07:30 By Mirko Zorz Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto Networks, Siemens, and Idaho National Laboratory describe the scope of that exposure in the Intelligence-Driven Active Defense Report

Industrial networks continue to leak onto the internet Read More »

Scattered Lapsus$ Hunters seeks women for vishing attacks

Scattered Lapsus$ Hunters seeks women for vishing attacks 2026-02-26 at 14:55 By Zeljka Zorz The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel advertising

Scattered Lapsus$ Hunters seeks women for vishing attacks Read More »

Open-source security debt grows across commercial software

Open-source security debt grows across commercial software 2026-02-26 at 08:36 By Mirko Zorz Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open source components, with average component counts

Open-source security debt grows across commercial software Read More »

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities 2026-02-26 at 07:35 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in

AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities Read More »

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) 2026-02-25 at 19:04 By Zeljka Zorz A “highly sophisticated” cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller (formerly vSmart), Cisco has announced today. The vulnerability was reported by Australian Signals Directorate’s Australian Cyber Security Centre, who said

Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127) Read More »

Fake Zoom meeting leads to silent install of surveillance software

Fake Zoom meeting leads to silent install of surveillance software 2026-02-25 at 18:16 By Zeljka Zorz Malwarebytes researchers have uncovered a fake (but convincing) Zoom meeting page that downloads surveillance software on Windows computers and tricks users into running it. According to Microsoft MVP Steven Lim, the page has claimed nearly 1,500 victims in 12

Fake Zoom meeting leads to silent install of surveillance software Read More »

SolarWinds Serv-U hit by four critical RCE-level vulnerabilities

SolarWinds Serv-U hit by four critical RCE-level vulnerabilities 2026-02-25 at 13:55 By Zeljka Zorz SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the flaws may allow attackers to create a system admin user and/or execute code as a

SolarWinds Serv-U hit by four critical RCE-level vulnerabilities Read More »

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) 2026-02-25 at 12:14 By Zeljka Zorz CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities (KEV) catalog. The vendor has confirmed active exploitation, stating it has received multiple reports of damage caused

CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108) Read More »

Self-spreading npm malware targets developers in new supply chain attack

Self-spreading npm malware targets developers in new supply chain attack 2026-02-24 at 15:10 By Zeljka Zorz Security researchers have uncovered another supply chain attack targeting developers: 19 typosquatting npm packages published on npmjs.com that steal credentials, infect projects, and propagate themselves across developer environments. The operation, dubbed “SANDWORM_MODE,” represents a (still) rare example of worm-like

Self-spreading npm malware targets developers in new supply chain attack Read More »

AI is becoming part of everyday criminal workflows

AI is becoming part of everyday criminal workflows 2026-02-24 at 09:00 By Mirko Zorz Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined conversations captured between January 1, 2025 and July 31, 2025 across dozens of cybercrime forums to map how AI

AI is becoming part of everyday criminal workflows Read More »

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment 2026-02-09 at 17:18 By Zeljka Zorz SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curtis, the firm’s Chief Operating Officer,

Ransomware group breached SmarterTools via flaw in its SmarterMail deployment Read More »

European Commission hit by cyberattackers targeting mobile management platform

European Commission hit by cyberattackers targeting mobile management platform 2026-02-09 at 16:02 By Zeljka Zorz The European Commission’s mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU’s executive branch announced on Friday. The intrusion was detected on January 30, 2026, by CERT-EU, the

European Commission hit by cyberattackers targeting mobile management platform Read More »

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) 2026-02-09 at 13:36 By Zeljka Zorz BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day

BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731) Read More »

United Airlines CISO on building resilience when disruption is inevitable

United Airlines CISO on building resilience when disruption is inevitable 2026-02-09 at 09:09 By Mirko Zorz Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption can quickly become an operational and public trust crisis. In this Help Net Security interview,

United Airlines CISO on building resilience when disruption is inevitable Read More »

Scroll to Top