News

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root 2026-05-12 at 14:18 By Sinisa Markovic Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution […]

Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root Read More »

Škoda confirms unauthorized access to its online shop

Škoda confirms unauthorized access to its online shop 2026-05-12 at 13:49 By Anamarija Pogorelec Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the

Škoda confirms unauthorized access to its online shop Read More »

OpenAI’s Daybreak uses Codex Security to identify risky attack paths

OpenAI’s Daybreak uses Codex Security to identify risky attack paths 2026-05-12 at 11:38 By Anamarija Pogorelec OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities.

OpenAI’s Daybreak uses Codex Security to identify risky attack paths Read More »

HEIDI: Free IDE security plugin for open-source vulnerability checks

HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a

HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »

The hidden smart fridge risks that emerge years after purchase

The hidden smart fridge risks that emerge years after purchase 2026-05-12 at 09:28 By Mirko Zorz Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide,

The hidden smart fridge risks that emerge years after purchase Read More »

Cybersecurity jobs available right now: May 12, 2026

Cybersecurity jobs available right now: May 12, 2026 2026-05-12 at 09:27 By Anamarija Pogorelec Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineering and product teams

Cybersecurity jobs available right now: May 12, 2026 Read More »

iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users

iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users 2026-05-11 at 23:59 By Sinisa Markovic Apple is bringing long-awaited end-to-end encryption to Rich Communication Services (RCS) messaging between iPhone and Android users in iOS 26.5. The feature is launching in beta for iPhone users running iOS 26.5 on supported carriers and

iOS 26.5 is out, bringing encrypted RCS messaging to iPhone and Android users Read More »

Poor security left hackers inside water company network for nearly two years

Poor security left hackers inside water company network for nearly two years 2026-05-11 at 18:29 By Sinisa Markovic The UK’s data protection regulator, the Information Commissioner’s Office (ICO), fined South Staffordshire Water’s parent company £963,900 over security failures linked to a cyberattack that exposed the personal data of 633,887 people. According to the ICO, the

Poor security left hackers inside water company network for nearly two years Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue 2026-05-11 at 16:48 By Sinisa Markovic German authorities shut down a relaunched version of the criminal marketplace Crimenetwork and arrested its suspected operator. The domain seizure notice (Source: BKA) A special unit of the Spanish National Police arrested the suspected 35-year-old German

Police take down relaunched criminal marketplace with 22,000 users, €3.6 million in revenue Read More »

Instagram messaging encryption removed, and privacy advocates are pushing back

Instagram messaging encryption removed, and privacy advocates are pushing back 2026-05-11 at 13:57 By Anamarija Pogorelec After introducing optional end-to-end encrypted messaging in 2023, Instagram announced in March 2026 that encryption for direct messages would be discontinued, and the feature was removed on May 8. The change allows Instagram to access direct message content, including

Instagram messaging encryption removed, and privacy advocates are pushing back Read More »

The scam economy has found its AI upgrade

The scam economy has found its AI upgrade 2026-05-11 at 12:32 By Anamarija Pogorelec Scam attempts continue to reach consumers via email, text messages, social media, online advertising, and phone calls. The volume of exposure has remained stable over the past year, with more than half of consumers encountering scam attempts at least monthly, according

The scam economy has found its AI upgrade Read More »

Rustinel: Open-source endpoint detection for Windows and Linux

Rustinel: Open-source endpoint detection for Windows and Linux 2026-05-11 at 08:51 By Mirko Zorz Open-source endpoint detection has long been split between Windows-focused tools built around Sysmon and Linux tools built around eBPF or auditd. Defenders running mixed environments have had to stitch together separate pipelines, separate rule sets, and separate maintenance burdens. Rustinel, a

Rustinel: Open-source endpoint detection for Windows and Linux Read More »

Security teams are turning to AI to survive alert overload

Security teams are turning to AI to survive alert overload 2026-05-11 at 08:18 By Anamarija Pogorelec The World Economic Forum white paper “Empowering Defenders: AI for Cybersecurity” identified AI as the biggest driver of change in cybersecurity for 94% of survey respondents. The paper found that 77% of organizations already use AI in cybersecurity, with

Security teams are turning to AI to survive alert overload Read More »

Review: Foundations of Cybersecurity, 2nd edition

Review: Foundations of Cybersecurity, 2nd edition 2026-05-11 at 08:18 By Mirko Zorz Jason Andress has refreshed his introductory security text for No Starch Press. He writes in the introduction that the term security now extends past data center servers to cloud resources, mobile devices, the Internet of Things, and AI. About the author Jason Andress

Review: Foundations of Cybersecurity, 2nd edition Read More »

Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams

Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams 2026-05-10 at 12:32 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Your work apps are quietly handing 19 data points to someone Office work in 2026 relies on mobile apps used alongside

Week in review: cPanel vulnerability actively exploited, DigiCert breach, LinkedIn job scams Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973)

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) 2026-05-08 at 13:30 By Zeljka Zorz Ivanti has released fixes for 5 high-severity vulnerabilities in its Endpoint Manager Mobile (EPMM) solution, one of which (CVE-2026-6973) has being exploited as a zero-day by attackers. “We are aware of a very limited number of customers exploited with CVE-2026-6973,” the

Ivanti EPMM vulnerability exploited in zero-day attacks (CVE-2026-6973) Read More »

Google is turning Android Studio into a policy watchdog

Google is turning Android Studio into a policy watchdog 2026-05-08 at 13:09 By Anamarija Pogorelec Google has expanded Play Policy Insights in Android Studio to help developers catch policy issues while coding, including warnings for common problems such as missing login credentials. Later this year, developers who connect their Play developer account directly to Android

Google is turning Android Studio into a policy watchdog Read More »

Scroll to Top