News

Cybersecurity jobs available right now: May 5, 2026

Cybersecurity jobs available right now: May 5, 2026 2026-05-05 at 13:21 By Anamarija Pogorelec Armis Security Specialist HCLTech | Ireland | On-site – View job details As an Armis Security Specialist, you will manage and optimize the Armis deployment to strengthen security across lab, OT, and IoT environments. You will maintain device visibility, refine policies […]

Cybersecurity jobs available right now: May 5, 2026 Read More »

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) 2026-05-04 at 18:59 By Zeljka Zorz Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) Read More »

DigiCert breached via malicious screensaver file

DigiCert breached via malicious screensaver file 2026-05-04 at 18:59 By Sinisa Markovic A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and

DigiCert breached via malicious screensaver file Read More »

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching 2026-05-04 at 13:11 By Anamarija Pogorelec Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security vulnerabilities and suggests targeted patches for review, helping teams identify and fix issues

Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching Read More »

15-year-old detained over massive data breach at French government agency

15-year-old detained over massive data breach at French government agency 2026-05-04 at 13:11 By Sinisa Markovic French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. “Between 12 and 18 million data records were reportedly being offered for sale on cybercriminal

15-year-old detained over massive data breach at French government agency Read More »

Pipelock: Open-source AI agent firewall

Pipelock: Open-source AI agent firewall 2026-05-04 at 09:46 By Mirko Zorz AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipelock, an open-source security harness developed by Joshua Waldrep under

Pipelock: Open-source AI agent firewall Read More »

What researchers learned about building an LLM security workflow

What researchers learned about building an LLM security workflow 2026-05-04 at 09:46 By Sinisa Markovic Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any investigation involve pulling together logs from several sources to decide whether something is worth

What researchers learned about building an LLM security workflow Read More »

Spotting third-party cyber risk before attackers do

Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one

Spotting third-party cyber risk before attackers do Read More »

Your work apps are quietly handing 19 data points to someone

Your work apps are quietly handing 19 data points to someone 2026-05-04 at 09:46 By Mirko Zorz Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most common workplace apps in use across U.S.

Your work apps are quietly handing 19 data points to someone Read More »

Brush shell 0.4.0 tightens script safety, widens platform support

Brush shell 0.4.0 tightens script safety, widens platform support 2026-05-04 at 09:16 By Sinisa Markovic Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based suggestions. Brush, a bash- and POSIX-compatible shell written in Rust, sits in that group, and version 0.4.0 brings

Brush shell 0.4.0 tightens script safety, widens platform support Read More »

ChatGPT advanced account security adds passkeys and hardware keys

ChatGPT advanced account security adds passkeys and hardware keys 2026-05-04 at 02:31 By Anamarija Pogorelec Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. ChatGPT now joins that list. OpenAI has introduced Advanced Account Security, an opt-in setting that strips password-based sign-in from ChatGPT and

ChatGPT advanced account security adds passkeys and hardware keys Read More »

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months 2026-05-03 at 12:54 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The AI criminal mastermind is already hiring on gig platforms Labor-hire platforms let anyone with a credit card

Week in review: High-severity LPE vulnerability in the Linux kernel, cPanel 0-day exploited for months Read More »

Download: Automating Pentest Delivery Guide

Download: Automating Pentest Delivery Guide 2026-05-01 at 18:21 By Help Net Security Pentesting remains one of the most effective ways to identify real-world weaknesses, but the method for delivering results hasn’t evolved. Manual workflows involving static documents and email threads introduce delays, create inefficiencies, and diminish the value of the work. This guide on Automating

Download: Automating Pentest Delivery Guide Read More »

Shadow AI risks deepen as 31% of users get no employer training

Shadow AI risks deepen as 31% of users get no employer training 2026-05-01 at 11:49 By Anamarija Pogorelec Between one-fifth and one-third of workers use AI outside the influence and governance of the IT function, according to a global survey of 6,000 full-time employees at enterprise organizations. Researchers found a widening gap between employee AI

Shadow AI risks deepen as 31% of users get no employer training Read More »

Open-source privacy proxy masks PII before prompts reach external AI services

Open-source privacy proxy masks PII before prompts reach external AI services 2026-05-01 at 11:49 By Sinisa Markovic Enterprise developers routinely send prompts to external large language models that contain customer emails, support transcripts, and other identifying information, often without a sanitization layer between the application and the API. Dataiku has released Kiji Privacy Proxy, an

Open-source privacy proxy masks PII before prompts reach external AI services Read More »

AI traffic is getting bigger, louder, and less predictable

AI traffic is getting bigger, louder, and less predictable 2026-05-01 at 11:49 By Anamarija Pogorelec AI workflows need storage that supports repeated movement across the model lifecycle. Large datasets are ingested, transformed, exported for training, pulled back for evaluation, and refreshed as models evolve. Backblaze’s Q1 2026 Network Stats report says this creates a shift

AI traffic is getting bigger, louder, and less predictable Read More »

New infosec products of the month: April 2026

New infosec products of the month: April 2026 2026-05-01 at 07:03 By Anamarija Pogorelec Here’s a look at the most interesting products from the past month, featuring releases from Advenica, Aptori, Axonius, Broadcom, GlobalSign, Intruder, IP Fabric, Mallory, Secureframe, Siemens, Sitehop, and Virtue AI. Mallory brings contextual threat intelligence to security operations Mallory is launching

New infosec products of the month: April 2026 Read More »

Incident Response Retainers Are Now Foundational to Cyber Resilience

Incident Response Retainers Are Now Foundational to Cyber Resilience 2026-04-30 at 17:35 By LevelBlue has been named a Representative Service Provider in the Gartner® Market Guide for Cybersecurity Incident Response Retainer Services (CIRR), marking the fifth consecutive time the company has been included in the report. We believe this continued recognition reflects LevelBlue’s ongoing focus

Incident Response Retainers Are Now Foundational to Cyber Resilience Read More »

cPanel zero-day exploited for months before patch release (CVE-2026-41940)

cPanel zero-day exploited for months before patch release (CVE-2026-41940) 2026-04-30 at 16:45 By Zeljka Zorz A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watchTowr security researchers to release technical

cPanel zero-day exploited for months before patch release (CVE-2026-41940) Read More »

Cisco releases open-source toolkit for verifying AI model lineage

Cisco releases open-source toolkit for verifying AI model lineage 2026-04-30 at 16:02 By Mirko Zorz Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Security 2026

Cisco releases open-source toolkit for verifying AI model lineage Read More »

Scroll to Top