News

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

containers, Don't miss, exploit, Hot stuff, Linux, News, PoC, Red Hat, SUSE, Theori, Ubuntu, vulnerability /

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit […]

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Read More »

Hackers arrested for stealing and reselling 600,000 Roblox accounts

cybercrime, EU, law enforcement, News, Ukraine /

Hackers arrested for stealing and reselling 600,000 Roblox accounts 2026-04-30 at 15:31 By Sinisa Markovic Ukrainian police detained three suspects accused of hacking into Roblox accounts and reselling the data on Russian websites, with payments made in cryptocurrency. Police raid (Source: The Prosecutor General’s Office of Ukraine) “Prosecutors of the Lviv region, together with the

Hackers arrested for stealing and reselling 600,000 Roblox accounts Read More »

FIDO Alliance wants to keep AI agents from going rogue on online payments

agentic AI, authentication, FIDO Alliance, Google, Mastercard, News, Okta, OpenAI, Visa /

FIDO Alliance wants to keep AI agents from going rogue on online payments 2026-04-29 at 05:30 By Sinisa Markovic AI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf.

FIDO Alliance wants to keep AI agents from going rogue on online payments Read More »

ShinyHunters claims it stole 1.4 million records from Udemy

breach, cybercrime, data breach, News, social engineering /

ShinyHunters claims it stole 1.4 million records from Udemy 2026-04-28 at 22:35 By Sinisa Markovic The ShinyHunters group claims it has breached the Udemy, one of the world’s largest online learning platforms. According to Have I Been Pwned, the leaked dataset contained 1.4 million unique email addresses of customers and instructors, along with names, physical

ShinyHunters claims it stole 1.4 million records from Udemy Read More »

Police arrest 10 suspected members of Black Axe cybercrime gang

cybercrime, EU, Europol, law enforcement, News /

Police arrest 10 suspected members of Black Axe cybercrime gang 2026-04-28 at 22:35 By Sinisa Markovic A coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’

Police arrest 10 suspected members of Black Axe cybercrime gang Read More »

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research

China, cyber espionage, FBI, law enforcement, News, USA /

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research 2026-04-28 at 22:35 By Sinisa Markovic Chinese national Xu Zewei was extradited from Italy to the United States to face charges tied to an alleged cyber espionage campaign that breached thousands of computers worldwide. Xu is charged alongside Zhang Yu, who remains at large.

Alleged Chinese hacker extradited to US over cyberattacks targeting COVID-19 research Read More »

LevelBlue Recognized at Intelligent Insurer’s Cyber Insurance Awards US 2026

News, Spotlights /

LevelBlue Recognized at Intelligent Insurer’s Cyber Insurance Awards US 2026 2026-04-28 at 18:06 By LevelBlue is proud to be named at the Intelligent Insurer Cyber Insurance Awards US 2026, earning Cyber Security Consulting Services Provider of the Year and being recognized as Highly Commended for the Cyber Security Solution Provider of the Year. This article

LevelBlue Recognized at Intelligent Insurer’s Cyber Insurance Awards US 2026 Read More »

Your IAM was built for humans, AI agents don’t care

access management, AI, authentication, Curity, cybersecurity, Expert analysis, identity management, News, Non Human Identities, opinion /

Your IAM was built for humans, AI agents don’t care 2026-04-27 at 11:18 By Help Net Security Identity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well

Your IAM was built for humans, AI agents don’t care Read More »

The AI criminal mastermind is already hiring on gig platforms

agentic AI, AI, cybersecurity, Don't miss, Features, Hot stuff, News, research /

The AI criminal mastermind is already hiring on gig platforms 2026-04-27 at 10:30 By Mirko Zorz Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs

The AI criminal mastermind is already hiring on gig platforms Read More »

25 open-source cybersecurity tools that don’t care about your budget

AI, AWS, Compliance, GitHub, GitLab, Kubernetes, Linux, News, open source, OpenClaw, penetration testing, software, Trail of Bits /

25 open-source cybersecurity tools that don’t care about your budget 2026-04-27 at 10:30 By Anamarija Pogorelec Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond

25 open-source cybersecurity tools that don’t care about your budget Read More »

Product showcase: LuLu reveals unauthorized outbound connections from Mac apps

cybersecurity, firewall, macOS, network monitoring, News /

Product showcase: LuLu reveals unauthorized outbound connections from Mac apps 2026-04-27 at 07:03 By Anamarija Pogorelec LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing

Product showcase: LuLu reveals unauthorized outbound connections from Mac apps Read More »

Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach

News, Week in review /

Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach 2026-04-26 at 12:27 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines Boost Security has released SmokedMeat, an open-source framework that runs attack chains

Week in review: Claude Mythos finds 271 Firefox flaws, Vercel breach Read More »

Users advised to drop passwords and make room for passkeys

authentication, cybersecurity, Government, NCSC, News, passkeys, passwordless, Sophos /

Users advised to drop passwords and make room for passkeys 2026-04-24 at 23:26 By Sinisa Markovic In a decisive move that could reshape how users log in online, the National Cyber Security Centre (NCSC) is urging consumers to abandon passwords in favour of passkeys, positioning them as the future of authentication. “Passkeys should become consumers’

Users advised to drop passwords and make room for passkeys Read More »

Indirect prompt injection is taking hold in the wild

agentic AI, AI, data theft, Don't miss, DoS, Forcepoint, Google, Hot stuff, LLMs, News, prompt injection, research, SEO, threat /

Indirect prompt injection is taking hold in the wild 2026-04-24 at 23:26 By Zeljka Zorz The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for an AI agent

Indirect prompt injection is taking hold in the wild Read More »

Compromised everyday devices power Chinese cyber espionage operations

China, cyber espionage, cybersecurity, Government, NCSC, News, UK /

Compromised everyday devices power Chinese cyber espionage operations 2026-04-24 at 13:17 By Sinisa Markovic China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the Cyber

Compromised everyday devices power Chinese cyber espionage operations Read More »

New Cisco firewall malware can only be killed by pulling the plug

backdoor, CISA, Cisco, Don't miss, firewall, government-backed attacks, Hot stuff, NCSC, News /

New Cisco firewall malware can only be killed by pulling the plug 2026-04-24 at 13:17 By Zeljka Zorz Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco

New Cisco firewall malware can only be killed by pulling the plug Read More »

Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers

Linux, News, open source, operating system, Ubuntu /

Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers 2026-04-24 at 11:27 By Mirko Zorz Linux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release

Ubuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm servers Read More »

OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards

AI, ChatGPT, Don't miss, News, OpenAI /

OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards 2026-04-24 at 11:27 By Sinisa Markovic Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users in

OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards Read More »

AI is speeding up nation-state cyber programs

CISO, cyber risk, cybersecurity, Don't miss, Features, Government, Hot stuff, Microsoft, NATO, News, North Korea, opinion, strategy /

AI is speeding up nation-state cyber programs 2026-04-24 at 08:40 By Mirko Zorz Im this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and diplomatic tools.

AI is speeding up nation-state cyber programs Read More »

Scroll to Top