News

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits

Android, bug bounty, Chrome, Google, News /

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits 2026-05-05 at 17:29 By Anamarija Pogorelec Google has revised its Android and Chrome Vulnerability Reward Programs (VRPs), which pay security researchers to report vulnerabilities in Android, Google hardware, and the Chrome browser. The update raises top bounties to $1.5 million and adjusts […]

Google to pay up to $1.5 million for zero-click Pixel Titan M exploits Read More »

Meta adds proof-based security to encrypted backups

backup, Encryption, Facebook Messenger, Meta, News, Privacy, WhatsApp /

Meta adds proof-based security to encrypted backups 2026-05-05 at 13:21 By Anamarija Pogorelec Meta has updated its infrastructure for protecting password-based and end-to-end encrypted backups, introducing over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments. How encrypted backups work These updates build on the company’s HSM-based Backup Key

Meta adds proof-based security to encrypted backups Read More »

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China

attack, cybercrime, ESET, Malware, News, North Korea, online gaming, supply chain attacks, threats /

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China 2026-05-05 at 13:21 By Sinisa Markovic A gaming platform built for ethnic Koreans in China has been serving backdoored Windows and Android software to its users since late 2024. The platform, sqgame[.]net, hosts traditional card and board games for a community that

North Korean hackers trojanize gaming platform to spy on ethnic Koreans in China Read More »

One in four MCP servers opens AI agent security to code execution risk

agentic AI, AI, cybersecurity, data, enterprise, framework, News, report /

One in four MCP servers opens AI agent security to code execution risk 2026-05-05 at 13:21 By Anamarija Pogorelec Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with structured, loggable invocations. Skills load textual instruction sets directly into

One in four MCP servers opens AI agent security to code execution risk Read More »

Can your coding style predict whether your code is vulnerable?

code analysis, cybersecurity, Don't miss, LLMs, News, research, software development /

Can your coding style predict whether your code is vulnerable? 2026-05-05 at 13:21 By Sinisa Markovic Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all carry traces of individual habit. Researchers have used these stylistic signals for years

Can your coding style predict whether your code is vulnerable? Read More »

Cybersecurity jobs available right now: May 5, 2026

cybersecurity jobs, News /

Cybersecurity jobs available right now: May 5, 2026 2026-05-05 at 13:21 By Anamarija Pogorelec Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies

Cybersecurity jobs available right now: May 5, 2026 Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, security update, vulnerability /

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

DigiCert breached via malicious screensaver file

breach, DigiCert, Malware, Microsoft Defender, News, social engineering /

DigiCert breached via malicious screensaver file 2026-05-04 at 18:59 By Sinisa Markovic A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and

DigiCert breached via malicious screensaver file Read More »

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching

AI, Anthropic, ChatGPT, code analysis, News, OpenAI, patching /

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching 2026-05-04 at 13:11 By Anamarija Pogorelec Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching Read More »

15-year-old detained over massive data breach at French government agency

cybercrime, data breach, EU, France, Government, News /

15-year-old detained over massive data breach at French government agency 2026-05-04 at 13:11 By Sinisa Markovic French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal

15-year-old detained over massive data breach at French government agency Read More »

Pipelock: Open-source AI agent firewall

agentic AI, AI, cybersecurity, Don't miss, firewall, GitHub, Hot stuff, News, open source /

Pipelock: Open-source AI agent firewall 2026-05-04 at 09:46 By Mirko Zorz AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under

Pipelock: Open-source AI agent firewall Read More »

What researchers learned about building an LLM security workflow

cybersecurity, LLMs, News, research, security operations, SOC /

What researchers learned about building an LLM security workflow 2026-05-04 at 09:46 By Sinisa Markovic Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth

What researchers learned about building an LLM security workflow Read More »

Spotting third-party cyber risk before attackers do

CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, News, opinion, Risk Management, strategy, tips, Video /

Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one

Spotting third-party cyber risk before attackers do Read More »

Your work apps are quietly handing 19 data points to someone

Android, BYOD, data, data collection, data security, Gmail, Google Play, Microsoft Teams, News, Privacy, Slack, software, Workday /

Your work apps are quietly handing 19 data points to someone 2026-05-04 at 09:46 By Mirko Zorz Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most common workplace apps in use across U.S.

Your work apps are quietly handing 19 data points to someone Read More »

Brush shell 0.4.0 tightens script safety, widens platform support

GitHub, News, open source, software /

Brush shell 0.4.0 tightens script safety, widens platform support 2026-05-04 at 09:16 By Sinisa Markovic Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version 0.4.0 brings

Brush shell 0.4.0 tightens script safety, widens platform support Read More »

ChatGPT advanced account security adds passkeys and hardware keys

authentication, ChatGPT, FIDO Alliance, hardware, News, OpenAI, security update, Yubico /

ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and

ChatGPT advanced account security adds passkeys and hardware keys Read More »

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months

News, Week in review /

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months 2026-05-03 at 12:54 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Read More »

Download: Automating Pentest Delivery Guide

Don't miss, News, PlexTrac, Whitepapers and webinars /

Download: Automating Pentest Delivery Guide 2026-05-01 at 18:21 By Help Net Security Pentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. This guide on Automating

Download: Automating Pentest Delivery Guide Read More »

Shadow AI risks deepen as 31% of users get no employer training

AI, enterprise, Lenovo, News, report, survey /

Shadow AI risks deepen as 31% of users get no employer training 2026-05-01 at 11:49 By Anamarija Pogorelec Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI

Shadow AI risks deepen as 31% of users get no employer training Read More »

Open-source privacy proxy masks PII before prompts reach external AI services

data security, Dataiku, Don't miss, generative AI, GitHub, LLMs, News, open source, OpenAI, Privacy, software /

Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an

Open-source privacy proxy masks PII before prompts reach external AI services Read More »

Scroll to Top