News - Security Ticks

Your coworker might be selling company logins, and thinks it’s fine

credentials, cybersecurity, fraud, News, report, user behavior / SecurityTicks

Your coworker might be selling company logins, and thinks it’s fine 2026-05-08 at 08:17 By Anamarija Pogorelec Employee behavior once considered unacceptable is becoming tolerated across various industries, particularly in IT and telecommunications, and at all levels of seniority, including leadership. Cifas Workplace Fraud Trends research, based on a survey of 2,000 UK employees working […]

Your coworker might be selling company logins, and thinks it’s fine Read More »

Product showcase: NetGuard open-source firewall for Android

Android, Don't miss, firewall, Google Play, network monitoring, News, open source, Product showcase, software / SecurityTicks

Product showcase: NetGuard open-source firewall for Android 2026-05-08 at 08:17 By Anamarija Pogorelec NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to be chained, so the app uses the Android VPN service to route all

Product showcase: NetGuard open-source firewall for Android Read More »

New infosec products of the week: May 8, 2026

LastPass, News, Sysdig, Viavi Solutions / SecurityTicks

New infosec products of the week: May 8, 2026 2026-05-08 at 08:17 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week LastPass, Operant AI, Sysdig, and VIAVI. Operant AI Endpoint Protector secures AI agents and MCP tools Operant AI has launched Operant Endpoint Protector, a new addition to its

New infosec products of the week: May 8, 2026 Read More »

$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets

Cryptocurrency, cybercrime, law enforcement, News, social engineering, USA / SecurityTicks

$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets 2026-05-08 at 01:14 By Sinisa Markovic 20-year-old California resident Marlon Ferro, known online as “GothFerrari,” was sentenced to 78 months in prison for his role in a cryptocurrency theft operation tied to more than $250 million in stolen digital assets. Federal prosecutors said

$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets Read More »

What Mozilla learned running an AI security bug hunting pipeline on Firefox

AI, Anthropic, BH Consulting, Brian Honan, code analysis, Don't miss, Firefox, Hot stuff, Mozilla, News, strategy, tips / SecurityTicks

What Mozilla learned running an AI security bug hunting pipeline on Firefox 2026-05-08 at 01:14 By Mirko Zorz Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and

What Mozilla learned running an AI security bug hunting pipeline on Firefox Read More »

One keypress is all it takes to compromise four AI coding tools

AI, Anthropic, Cursor, cybersecurity, DevSecOps, Don't miss, Features, GitHub, Google, Hot stuff, Microsoft, News, research, vulnerability / SecurityTicks

One keypress is all it takes to compromise four AI coding tools 2026-05-08 at 01:14 By Mirko Zorz Developers clone unfamiliar repositories all the time. Open-source projects, work from teammates, sample code from a tutorial, a library someone recommended on a forum. The convention is old and reasonable: you look at what’s inside before you

One keypress is all it takes to compromise four AI coding tools Read More »

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls

0-day, APT, Don't miss, firewall, government-backed attacks, Hot stuff, News, Palo Alto Networks / SecurityTicks

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls 2026-05-08 at 01:14 By Zeljka Zorz Palo Alto Networks believes the in-the-wild exploitation of a zero-day vulnerability (CVE-2026-0300) in its firewalls is likely the work of state-sponsored threat actors. A flaw with no patch (yet) CVE-2026-0300 is a buffer overflow vulnerability in the User-ID Authentication

State-sponsored hackers likely behind zero-day attacks on Palo Alto firewalls Read More »

Node.js 26 ships with Temporal API enabled by default

JavaScript, News, Node.js, programming, software development / SecurityTicks

Node.js 26 ships with Temporal API enabled by default 2026-05-07 at 12:26 By Anamarija Pogorelec Developers managing JavaScript runtimes have a new major version to evaluate. Node.js 26.0.0 brings the long-awaited Temporal API to the platform alongside an updated V8 engine, a refreshed HTTP client, and several long-flagged removals that will require code changes in

Node.js 26 ships with Temporal API enabled by default Read More »

Facial recognition arrives at the gates of Disney’s magic kingdom

Facial Recognition, News, Privacy, surveillance / SecurityTicks

Facial recognition arrives at the gates of Disney’s magic kingdom 2026-05-07 at 12:23 By Sinisa Markovic Disney has equipped select entrance lanes at Disneyland Park and Disney California Adventure Park with facial recognition technology, saying the system is intended to streamline re-entry procedures and help prevent fraud. According to the company, certain entrance lanes use

Facial recognition arrives at the gates of Disney’s magic kingdom Read More »

CallPhantom Android scam reached 7.3 million downloads on Google Play

Android, cybercrime, ESET, Google Play, Malware, News, scams, smartphones, threats / SecurityTicks

CallPhantom Android scam reached 7.3 million downloads on Google Play 2026-05-07 at 12:00 By Anamarija Pogorelec Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone number. A cluster of 28 fraudulent apps on Google Play

CallPhantom Android scam reached 7.3 million downloads on Google Play Read More »

Download: Secure Foundations for AI Workloads on AWS

Center for Internet Security, News, Whitepapers and webinars / SecurityTicks

Download: Secure Foundations for AI Workloads on AWS 2026-05-05 at 17:46 By Help Net Security Center for Internet Security helps organizations deploy AI and high-performance compute environments from a trusted, hardened operating system baseline. CIS Hardened Images help teams reduce misconfiguration risk, support compliance efforts, and move faster in AWS. What are AI-optimized CIS Hardened

Download: Secure Foundations for AI Workloads on AWS Read More »

Conti ransomware gang member sentenced to 102 months in prison

cybercrime, law enforcement, News, Ransomware, USA / SecurityTicks

Conti ransomware gang member sentenced to 102 months in prison 2026-05-05 at 17:46 By Sinisa Markovic A Latvian national who was part of a major Russian ransomware organization that stole from and extorted more than 54 companies has been sentenced to 102 months in prison. Deniss Zolotarjovs, 35, of Moscow, Russia, was part of a

Conti ransomware gang member sentenced to 102 months in prison Read More »

Oracle rolls out monthly security patch updates

AI, cloud security, News, Oracle, security update / SecurityTicks

Oracle rolls out monthly security patch updates 2026-05-05 at 17:46 By Anamarija Pogorelec Oracle is changing how its security fixes are delivered: starting in May 2026, there will be a monthly Critical Security Patch Update. “Each [monthly] CSPU is smaller and more focused, making it easier to apply critical fixes quickly [to customer-managed deployments],” Oracle

Oracle rolls out monthly security patch updates Read More »

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits

Android, bug bounty, Chrome, Google, News / SecurityTicks

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits 2026-05-05 at 17:29 By Anamarija Pogorelec Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits Read More »

Meta adds proof-based security to encrypted backups

backup, Encryption, Facebook Messenger, Meta, News, Privacy, WhatsApp / SecurityTicks

Meta adds proof-based security to encrypted backups 2026-05-05 at 13:21 By Anamarija Pogorelec Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on the company’s HSM-based Backup Key

Meta adds proof-based security to encrypted backups Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats / SecurityTicks

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

One in four MCP servers opens AI agent security to code execution risk

agentic AI, AI, cybersecurity, data, enterprise, framework, News, report / SecurityTicks

One in four MCP servers opens AI agent security to code execution risk 2026-05-05 at 13:21 By Anamarija Pogorelec Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into

One in four MCP servers opens AI agent security to code execution risk Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development / SecurityTicks

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

Cybersecurity jobs available right now: May 5, 2026

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: May 5, 2026 2026-05-05 at 13:21 By Anamarija Pogorelec Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies

Cybersecurity jobs available right now: May 5, 2026 Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, security update, vulnerability / SecurityTicks

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »