News

23 ClawHub plugins squatting official scopes expose AI registry security gaps

agentic AI, AI, cybersecurity, Don't miss, News, OpenClaw, research, Video /

23 ClawHub plugins squatting official scopes expose AI registry security gaps 2026-06-22 at 11:00 By Help Net Security Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved […]

23 ClawHub plugins squatting official scopes expose AI registry security gaps Read More »

Who pays when you gate cyber-capable AI models?

AI, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy /

Who pays when you gate cyber-capable AI models? 2026-06-22 at 09:00 By Mirko Zorz In this interview with Help Net Security, Jaya Baloo, COO & CISO at Aisle, examines the debate over restricting access to cyber-capable AI models. She lays out the strongest argument for gating these tools, then explains where it breaks down for

Who pays when you gate cyber-capable AI models? Read More »

Agent Beacon: Open-source telemetry layer for AI agents

agentic AI, AI, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, security telemetry, software /

Agent Beacon: Open-source telemetry layer for AI agents 2026-06-22 at 08:30 By Mirko Zorz AI coding agents such as Claude Code, Codex CLI, Cursor, and Claude Cowork run on developer laptops, CI jobs, cloud environments, where they edit files, run commands, and call outside tools. Beacon, an open-source project from Asymptote Labs, configures telemetry for

Agent Beacon: Open-source telemetry layer for AI agents Read More »

Encrypted DNS still tells an eavesdropper where to look

cybersecurity, data analysis, DNS, Don't miss, Encryption, Features, Hot stuff, Internet of Things, network, News, packet analysis, Privacy, research /

Encrypted DNS still tells an eavesdropper where to look 2026-06-22 at 08:00 By Mirko Zorz Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext

Encrypted DNS still tells an eavesdropper where to look Read More »

Product showcase: Avira Security for iOS blends security, privacy, and device optimization

antivirus, Avira, cybersecurity, mobile security, News, Privacy, VPN /

Product showcase: Avira Security for iOS blends security, privacy, and device optimization 2026-06-22 at 07:30 By Anamarija Pogorelec Avira Mobile Security for iOS combines security, privacy, and device optimization tools in a single application. The app is also available for Android, macOS, and Windows devices. After downloading the application from the App Store users are

Product showcase: Avira Security for iOS blends security, privacy, and device optimization Read More »

The systemd 261 release brings a software TPM, new OS installer

News, open source, software /

The systemd 261 release brings a software TPM, new OS installer 2026-06-22 at 01:30 By Anamarija Pogorelec Linux distributions that ship systemd as their init system now have a new version to track. The systemd 261 update adds a cloud metadata subsystem, carries process state through kexec reboots, and continues a long-running effort to load

The systemd 261 release brings a software TPM, new OS installer Read More »

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

News, Week in review /

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack 2026-06-21 at 11:00 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning systems on edge devices often rely on

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack Read More »

Klue breach lead to Salesforce data theft, Huntress affected

data theft, Don't miss, extortion, Hot stuff, Huntress, Klue, News, Salesforce, supply chain compromise /

Klue breach lead to Salesforce data theft, Huntress affected 2026-06-19 at 15:57 By Zeljka Zorz Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on June 18,

Klue breach lead to Salesforce data theft, Huntress affected Read More »

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

Check Point, Crypto, Cryptocurrency, cybercrime, Malware, News /

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware 2026-06-19 at 15:11 By Sinisa Markovic A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware Read More »

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA, Don't miss, enterprise, Hot stuff, monitoring, News, Resecurity, SIEM, Splunk, vulnerability /

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) 2026-06-19 at 13:50 By Zeljka Zorz CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) Read More »

Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures

data collection, fraud, Google, Google Cloud, identity protection, News /

Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures 2026-06-19 at 13:46 By Anamarija Pogorelec Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection.

Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures Read More »

Mastodon 4.6 adds profile Collections and two-factor controls

News, social media, social networking /

Mastodon 4.6 adds profile Collections and two-factor controls 2026-06-19 at 12:54 By Anamarija Pogorelec People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls,

Mastodon 4.6 adds profile Collections and two-factor controls Read More »

Google sets timeline for Android developer verification enforcement

Android, Google, identity verification, News, software development /

Google sets timeline for Android developer verification enforcement 2026-06-19 at 12:10 By Anamarija Pogorelec Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR App

Google sets timeline for Android developer verification enforcement Read More »

Your browser tab could become encrypted storage for someone else’s files

browser, cybersecurity, data, Don't miss, Encryption, Features, Hot stuff, News, research, storage /

Your browser tab could become encrypted storage for someone else’s files 2026-06-19 at 08:30 By Mirko Zorz Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC,

Your browser tab could become encrypted storage for someone else’s files Read More »

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

Don't miss, Hot stuff, Infoblox, law enforcement, Malware, News, Proofpoint, WordPress /

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned 2026-06-18 at 17:21 By Zeljka Zorz SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned up nearly

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned Read More »

Malware attacks strip Roblox developers of entire games

cybercrime, Kaspersky, Malware, News, online gaming, social engineering /

Malware attacks strip Roblox developers of entire games 2026-06-18 at 15:41 By Sinisa Markovic Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games on it. Successful games can generate substantial revenue through in-game purchases. Some developers

Malware attacks strip Roblox developers of entire games Read More »

74,000 Fortinet firewall credentials exposed in FortiBleed data leak

credentials, critical infrastructure, Data leak, data theft, Don't miss, enterprise, firewall, Fortinet, Government, Hot stuff, Hudson Rock, News, VPN /

74,000 Fortinet firewall credentials exposed in FortiBleed data leak 2026-06-18 at 15:10 By Zeljka Zorz A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artifacts and tools,

74,000 Fortinet firewall credentials exposed in FortiBleed data leak Read More »

GentleKiller targets more than 400 security processes across 48 products

cybercrime, Don't miss, Endpoint Security, ESET, Malware, News, Ransomware, research /

GentleKiller targets more than 400 security processes across 48 products 2026-06-18 at 12:00 By Anamarija Pogorelec Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR)

GentleKiller targets more than 400 security processes across 48 products Read More »

Securing digital keys when your phone unlocks the car

authentication, automotive security, car, Car Connectivity Consortium, Don't miss, Features, hardware, Hot stuff, Internet of Things, News, opinion /

Securing digital keys when your phone unlocks the car 2026-06-18 at 09:00 By Mirko Zorz In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She

Securing digital keys when your phone unlocks the car Read More »

How security teams are getting credential visibility into developer endpoints

Don't miss, GitGuardian, News /

How security teams are getting credential visibility into developer endpoints 2026-06-18 at 08:30 By Help Net Security As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub

How security teams are getting credential visibility into developer endpoints Read More »

Scroll to Top