News

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR

Compliance, cybersecurity, Data Protection, Don't miss, Drata, GDPR, HIPAA, ISO 27001, News, open source, regulation, Vanta /

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR 2026-04-07 at 12:01 By Anamarija Pogorelec Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate […]

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR Read More »

OpenAI opens applications for an external AI safety research fellowship

News, OpenAI /

OpenAI opens applications for an external AI safety research fellowship 2026-04-07 at 12:01 By Sinisa Markovic OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through

OpenAI opens applications for an external AI safety research fellowship Read More »

The case for fixing CWE weakness patterns instead of patching one bug at a time

CISO, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

The case for fixing CWE weakness patterns instead of patching one bug at a time 2026-04-07 at 09:24 By Mirko Zorz In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings

The case for fixing CWE weakness patterns instead of patching one bug at a time Read More »

How Mimecast brings enterprise-grade email protection to API deployment

email security, Mimecast, News, RSAC 2026, Video /

How Mimecast brings enterprise-grade email protection to API deployment 2026-04-07 at 09:24 By Help Net Security In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Microsoft 365 and Google Workspace environments. The video covers a core problem: AI-generated phishing and business email

How Mimecast brings enterprise-grade email protection to API deployment Read More »

Google study finds LLMs are embedded at every stage of abuse detection

Artificial Intelligence, Don't miss, Google, LLMs, News, research /

Google study finds LLMs are embedded at every stage of abuse detection 2026-04-07 at 09:24 By Anamarija Pogorelec Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for bias. Researchers at Google mapped how this is happening across what the authors

Google study finds LLMs are embedded at every stage of abuse detection Read More »

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app

2FA, authentication, identity protection, iOS, News, open source, Product showcase, Proton, software /

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app 2026-04-06 at 09:16 By Anamarija Pogorelec Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available on Windows, macOS, Linux, iOS, and Android, allowing users to access their

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app Read More »

Residential proxies make a mockery of IP-based defenses

cybersecurity, network, News, Proxy, report, survey /

Residential proxies make a mockery of IP-based defenses 2026-04-06 at 09:16 By Sinisa Markovic Attack traffic moved through ordinary home and mobile connections in ways that limited the usefulness of IP reputation on its own. GreyNoise observed 4 billion malicious sessions during a 90-day period and described activity that appeared indistinguishable from normal user traffic

Residential proxies make a mockery of IP-based defenses Read More »

IT talent looks the other way as wireless security incidents pile up

Artificial Intelligence, Cisco, cybersecurity, News, report, survey, wireless /

IT talent looks the other way as wireless security incidents pile up 2026-04-06 at 09:16 By Sinisa Markovic Enterprise wireless networks are supporting a growing mix of devices and applications, increasing operational demand and security exposure. The 2026 Cisco State of Wireless report reflects these conditions through rising incident rates, higher costs, and ongoing staffing

IT talent looks the other way as wireless security incidents pile up Read More »

CISOs grapple with AI demands within flat budgets

Artificial Intelligence, CISO, cybersecurity, News, report, RH-ISAC, skill development, supply chain /

CISOs grapple with AI demands within flat budgets 2026-04-06 at 09:16 By Anamarija Pogorelec Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security

CISOs grapple with AI demands within flat budgets Read More »

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited

News, Week in review /

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited 2026-04-05 at 11:17 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Financial groups lay out a plan to fight AI identity attacks Generative AI tools have brought the cost of deepfake

Week in review: Axios npm supply chain compromise, critical FortiClient EMS bugs exploited Read More »

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)

0-day, Defused Cyber, Don't miss, enterprise, Fortinet, Hot stuff, News /

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) 2026-04-04 at 17:39 By Zeljka Zorz Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be

FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Read More »

Major Supply Chain Compromise in the Popular axios npm Package

Emerging Threats, News, Vulnerabilities /

Major Supply Chain Compromise in the Popular axios npm Package 2026-04-03 at 17:52 By Karl Sigler On March 30, 2026, two malicious versions of the widely used axios HTTP client library were published to npm; [email protected] and [email protected]. The malicious versions inject a new dependency, [email protected], which, in turn, downloads a Remote Access Toolkit (RAT).

Major Supply Chain Compromise in the Popular axios npm Package Read More »

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)

Cisco, Cisco servers, Don't miss, hardware management, News, security update, vulnerability /

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) 2026-04-03 at 17:52 By Zeljka Zorz Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) Read More »

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

certificates, Microsoft, News, tips, Windows /

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches Read More »

Claude Code source leak exploited to spread malware

Anthropic, Claude Code, Data leak, Don't miss, Hot stuff, Malware, News, Zscaler /

Claude Code source leak exploited to spread malware 2026-04-03 at 14:30 By Sinisa Markovic A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used

Claude Code source leak exploited to spread malware Read More »

Trivy supply chain attack enabled European Commission cloud breach

CERT-EU, data breach, Don't miss, EU, European Commission, Hot stuff, News, supply chain compromise /

Trivy supply chain attack enabled European Commission cloud breach 2026-04-03 at 09:35 By Zeljka Zorz CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed

Trivy supply chain attack enabled European Commission cloud breach Read More »

Which messaging app takes the most limited approach to permissions on Android?

Android, Facebook Messenger, mobile apps, News, Privacy, research, Signal, Telegram /

Which messaging app takes the most limited approach to permissions on Android? 2026-04-03 at 08:39 By Sinisa Markovic Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that differences in permissions, background activity,

Which messaging app takes the most limited approach to permissions on Android? Read More »

Microsoft releases open-source toolkit to govern autonomous AI agents

agentic AI, cybersecurity, Don't miss, GitHub, Microsoft, News, open source, software /

Microsoft releases open-source toolkit to govern autonomous AI agents 2026-04-03 at 08:39 By Anamarija Pogorelec AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to

Microsoft releases open-source toolkit to govern autonomous AI agents Read More »

Click, wait, repeat: Digital trust erodes one login at a time

Artificial Intelligence, authentication, cybersecurity, News, report, Thales /

Click, wait, repeat: Digital trust erodes one login at a time 2026-04-03 at 07:58 By Anamarija Pogorelec Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time they

Click, wait, repeat: Digital trust erodes one login at a time Read More »

New infosec products of the month: March 2026

Beazley, Bonfy.AI, cybersecurity, Intel 471, Mend, Mimecast, News, NinjaOne, Novee, Singulr AI, Stellar Cyber, Teleport, Vicarius /

New infosec products of the month: March 2026 2026-04-03 at 07:02 By Anamarija Pogorelec Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI, Stellar Cyber, Teleport, and Vicarius. Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk

New infosec products of the month: March 2026 Read More »

Scroll to Top