News

The SOC’s visibility gap comes down to staffing

The SOC’s visibility gap comes down to staffing 2026-06-17 at 09:00 By Mirko Zorz AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third […]

The SOC’s visibility gap comes down to staffing Read More »

Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure

Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure 2026-06-17 at 07:30 By Help Net Security In this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident. He opens with a 3.47 a.m. call: the team cannot confirm

Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure Read More »

The checklist problem behind critical infrastructure cyber safety

The checklist problem behind critical infrastructure cyber safety 2026-06-17 at 07:00 By Anamarija Pogorelec An asset owner can meet major federal cyber compliance standards and still run equipment that lacks the engineering to withstand an attack or a failure. New research from George Mason University examines how United States cyber policy defines reasonable care for

The checklist problem behind critical infrastructure cyber safety Read More »

Attackers are exploiting FortiSandbox vulnerabilities

Attackers are exploiting FortiSandbox vulnerabilities 2026-06-16 at 18:27 By Zeljka Zorz Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said

Attackers are exploiting FortiSandbox vulnerabilities Read More »

Cybercriminals mask malicious communications through Microsoft Teams relays

Cybercriminals mask malicious communications through Microsoft Teams relays 2026-06-16 at 17:22 By Sinisa Markovic The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion at a U.S. services company, according to Symantec. DragonForce is a ransomware-as-a-service operation that has been active since 2023.

Cybercriminals mask malicious communications through Microsoft Teams relays Read More »

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) 2026-06-16 at 16:33 By Zeljka Zorz A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts,

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558) Read More »

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) 2026-06-16 at 13:20 By Zeljka Zorz Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was found during internal security testing”, raising the

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262) Read More »

Crypto scammers are sending couriers to victims’ homes to collect cash

Crypto scammers are sending couriers to victims’ homes to collect cash 2026-06-16 at 13:05 By Sinisa Markovic Scammers behind cryptocurrency investment schemes are dispatching couriers to pick up cash from victims in person, the FBI warns. According to the agency, scammers usually approach victims through social media, text messages, or fake investment personas, luring them

Crypto scammers are sending couriers to victims’ homes to collect cash Read More »

Software supply chains are heading for a transparency test

Software supply chains are heading for a transparency test 2026-06-16 at 12:24 By Anamarija Pogorelec Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling,

Software supply chains are heading for a transparency test Read More »

Planning a trip? Fake travel sites are multiplying this summer

Planning a trip? Fake travel sites are multiplying this summer 2026-06-16 at 11:27 By Sinisa Markovic Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. (Source: Check Point) “The sector has more than doubled its

Planning a trip? Fake travel sites are multiplying this summer Read More »

GitHub releases an open dataset for multilingual developer content

GitHub releases an open dataset for multilingual developer content 2026-06-16 at 09:55 By Anamarija Pogorelec Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers locate public

GitHub releases an open dataset for multilingual developer content Read More »

Reachability makes AI threat modeling worth the trust

Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks

Reachability makes AI threat modeling worth the trust Read More »

EU Cybersecurity Act 2.0: When good regulation goes bad

EU Cybersecurity Act 2.0: When good regulation goes bad 2026-06-16 at 08:30 By Help Net Security Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy

EU Cybersecurity Act 2.0: When good regulation goes bad Read More »

Chinese hackers breached North American research institutions via REDCap servers

Chinese hackers breached North American research institutions via REDCap servers 2026-06-15 at 21:41 By Sinisa Markovic A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG

Chinese hackers breached North American research institutions via REDCap servers Read More »

China-linked spies backdoored authentication stack to stay hidden for years

China-linked spies backdoored authentication stack to stay hidden for years 2026-06-15 at 18:27 By Zeljka Zorz A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s

China-linked spies backdoored authentication stack to stay hidden for years Read More »

Onspring CISO on where automated GRC systems fall short

Onspring CISO on where automated GRC systems fall short 2026-06-15 at 09:00 By Mirko Zorz In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their

Onspring CISO on where automated GRC systems fall short Read More »

Open-source CI/CD abuse detector guards against stolen credential attacks

Open-source CI/CD abuse detector guards against stolen credential attacks 2026-06-15 at 08:30 By Sinisa Markovic CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure

Open-source CI/CD abuse detector guards against stolen credential attacks Read More »

A hardware neural network backdoor that hides in plain sight

A hardware neural network backdoor that hides in plain sight 2026-06-15 at 08:00 By Mirko Zorz Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips

A hardware neural network backdoor that hides in plain sight Read More »

Proving what a military AI model will do is the real problem

Proving what a military AI model will do is the real problem 2026-06-15 at 07:30 By Sinisa Markovic Defense contractors build AI systems that task drones automatically and propose kill-chains to support soldiers. Several of these contractors have partnered with frontier AI companies to put advanced models into military tools. Anduril works with OpenAI, Palantir

Proving what a military AI model will do is the real problem Read More »

Senior engineers are spending their week cleaning up AI-generated code

Senior engineers are spending their week cleaning up AI-generated code 2026-06-15 at 07:00 By Anamarija Pogorelec At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated

Senior engineers are spending their week cleaning up AI-generated code Read More »

Scroll to Top