News

Only 28% of financial workforce MFA is phishing-resistant

Only 28% of financial workforce MFA is phishing-resistant 2026-07-10 at 08:41 By Anamarija Pogorelec Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report. Key challenges preventing universal implementation of phishing-resistant MFA (Source: Secret Double Octopus) Workforce […]

Only 28% of financial workforce MFA is phishing-resistant Read More »

Turning software supply chain security into a daily habit

Turning software supply chain security into a daily habit 2026-07-10 at 08:30 By Help Net Security In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every

Turning software supply chain security into a daily habit Read More »

AWS gives its ERP agent deny-by-default rules and a separate identity

AWS gives its ERP agent deny-by-default rules and a separate identity 2026-07-10 at 08:00 By Sinisa Markovic Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across

AWS gives its ERP agent deny-by-default rules and a separate identity Read More »

New infosec products of the week: July 10, 2026

New infosec products of the week: July 10, 2026 2026-07-10 at 07:00 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Attestiv, Automox, Codenotary, and First Recon AI. Codenotary launches AI security platform that learns from AI agent behavior Codenotary has announced AgentMon 3, the latest

New infosec products of the week: July 10, 2026 Read More »

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) 2026-07-09 at 15:14 By Zeljka Zorz Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit. The vulnerability and the fix CVE-2026-50656 is due to improper link resolution before

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656) Read More »

5,811 arrests, $293 million seized over social engineering scams

5,811 arrests, $293 million seized over social engineering scams 2026-07-09 at 14:14 By Sinisa Markovic Criminals who pose as police officers, romantic partners, and business suppliers have built fraud operations that reach across continents. A four-month enforcement campaign against these schemes wrapped up, and police in 97 countries and territories took part. Thousands of arrests

5,811 arrests, $293 million seized over social engineering scams Read More »

Your coding agent says no in chat and yes in the code

Your coding agent says no in chat and yes in the code 2026-07-09 at 13:44 By Mirko Zorz Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own output across many turns. The safety testing that vets these

Your coding agent says no in chat and yes in the code Read More »

AWS centralizes access, spending, and governance for Claude

AWS centralizes access, spending, and governance for Claude 2026-07-09 at 11:37 By Anamarija Pogorelec Claude apps gateway for AWS is a self-hosted control plane that gives organizations a single point of control over access, costs, and policies for Claude Code and Claude Desktop. It replaces per-developer cloud credentials, manual distribution of managed settings to developer

AWS centralizes access, spending, and governance for Claude Read More »

Malicious AI agent skills can slip past the scanners built to stop them

Malicious AI agent skills can slip past the scanners built to stop them 2026-07-09 at 10:24 By Sinisa Markovic Developers who build with AI coding agents grab capabilities off public marketplaces the same way they grab packages from npm or PyPI. The add-ons are called agent skills. Each one is a little bundle of plain-English

Malicious AI agent skills can slip past the scanners built to stop them Read More »

The fake report message that ends with a stolen Reddit account

The fake report message that ends with a stolen Reddit account 2026-07-09 at 08:30 By Anamarija Pogorelec A direct message arrives on Reddit from a stranger, and it invites a reply. That reply is the point. This scheme runs on social engineering, with no malware and no malicious links, and it has spread across Reddit,

The fake report message that ends with a stolen Reddit account Read More »

Open-source collaboration is growing worldwide and putting pressure on maintainers

Open-source collaboration is growing worldwide and putting pressure on maintainers 2026-07-09 at 08:10 By Sinisa Markovic Developers are pushing code and opening pull requests across economy borders at a rate GitHub has rarely seen. Outbound collaboration, the sum of git pushes and pull requests sent from developers in one economy to public repositories in another,

Open-source collaboration is growing worldwide and putting pressure on maintainers Read More »

Product showcase: Protect your iPhone with McAfee Mobile Security

Product showcase: Protect your iPhone with McAfee Mobile Security 2026-07-09 at 08:00 By Anamarija Pogorelec McAfee Mobile Security for iOS combines scam protection, web protection, VPN, Wi-Fi security, and device security checks in a single app. It is also available for Android. After downloading the app from the App Store, I created an account and

Product showcase: Protect your iPhone with McAfee Mobile Security Read More »

Wireshark 4.6.7 patches a dozen security flaws

Wireshark 4.6.7 patches a dozen security flaws 2026-07-09 at 07:45 By Anamarija Pogorelec Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of those weak

Wireshark 4.6.7 patches a dozen security flaws Read More »

Messaging fraud trends point to smarter attacks, stronger blocking

Messaging fraud trends point to smarter attacks, stronger blocking 2026-07-09 at 07:30 By Sinisa Markovic Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global

Messaging fraud trends point to smarter attacks, stronger blocking Read More »

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) 2026-07-08 at 17:03 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255) Read More »

Accenture acknowledges security incident following 35GB data theft claim

Accenture acknowledges security incident following 35GB data theft claim 2026-07-08 at 14:28 By Zeljka Zorz Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting company and

Accenture acknowledges security incident following 35GB data theft claim Read More »

Automox MCP Server adds visual reviews and AI-driven patch policy creation

Automox MCP Server adds visual reviews and AI-driven patch policy creation 2026-07-08 at 12:55 By Industry News Automox has released Automox MCP Server 2.2, adding interactive review surfaces, first-class Patch by Severity policy creation, and live capability discovery to its governed agentic interface for endpoint operations. The release advances Automox MCP beyond natural-language access alone,

Automox MCP Server adds visual reviews and AI-driven patch policy creation Read More »

Thousands of malicious AI skills found capable of stealing data, running malware

Thousands of malicious AI skills found capable of stealing data, running malware 2026-07-08 at 12:00 By Anamarija Pogorelec AI agents can browse the web, use external tools, execute commands, and perform tasks on behalf of users. Many rely on skills that define how they interact with services and data. Malicious skills can abuse those capabilities

Thousands of malicious AI skills found capable of stealing data, running malware Read More »

Scroll to Top