News

Don’t count on government guidance after a smart home breach

cybersecurity, Internet of Things, News, research, smart home /

Don’t count on government guidance after a smart home breach 2026-03-30 at 07:30 By Sinisa Markovic People are filling their homes with internet-connected cameras, speakers, locks, and routers. When one of those devices is compromised, the next steps are often unclear. Researchers reviewing government cybersecurity advice in 11 countries found that most guidance focuses on […]

Don’t count on government guidance after a smart home breach Read More »

Breaking out: Can AI agents escape their sandboxes?

Artificial Intelligence, cybersecurity, LLMs, News, research /

Breaking out: Can AI agents escape their sandboxes? 2026-03-30 at 07:30 By Anamarija Pogorelec Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to the host. The SandboxEscapeBench benchmark, developed by researchers at the University of Oxford

Breaking out: Can AI agents escape their sandboxes? Read More »

Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages

News, Week in review /

Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages 2026-03-29 at 18:17 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST updates its DNS security guidance for the first time in over a decade DNS infrastructure underpins nearly every network connection

Week in review: NIST updates DNS security guidance, compromised LiteLLM PyPI packages Read More »

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)

access management, CISA, CVE, Don't miss, enterprise, F5 Networks, financial industry, Government, Hot stuff, News, vulnerability /

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) 2026-03-28 at 11:30 By Zeljka Zorz A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US Cybersecurity and Infrastructure Security Agency warned on Friday. CISA added the flaw to its Known Exploited Vulnerabilities

Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521) Read More »

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure

Artificial Intelligence, code, credentials, cybersecurity, Data leak, GitGuardian, GitHub, News, report, software development /

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure 2026-03-27 at 20:33 By Anamarija Pogorelec Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded secrets in public GitHub commits in 2025, extending a multi-year rise

AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure Read More »

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware

Aikido Security, Don't miss, Endor Labs, Hot stuff, Linux, macOS, Malware, News, open source, PyPI, SafeDep, supply chain attacks, supply chain compromise, Windows /

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware 2026-03-27 at 15:46 By Zeljka Zorz TeamPCP continues is supply chain compromise rampage, with telnyx on PyPI being the latest maliciously modified package. What happened? Telnyx is a widely used software development kit (SDK) for the Telnyx AI Voice Agent service. According to Endor Labs researchers,

TeamPCP strikes again: Backdoored Telnyx PyPI package delivers malware Read More »

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation

Aqua Security, CISA, Don't miss, Hot stuff, Langflow, News, supply chain compromise, vulnerability /

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation 2026-03-27 at 12:43 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently disclosed code injection vulnerability in Langflow, an open-source framework for building AI agents and

CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation Read More »

Ajax data breach exposed season tickets, supporter bans open to tampering

breach, cybercrime, data breach, EU, News /

Ajax data breach exposed season tickets, supporter bans open to tampering 2026-03-27 at 12:15 By Sinisa Markovic AFC Ajax, the Dutch football club from Amsterdam, disclosed that an unknown hacker gained access to parts of its IT systems and obtained the email addresses of a few hundred people. The hack exploited vulnerabilities in Ajax’s app

Ajax data breach exposed season tickets, supporter bans open to tampering Read More »

Make OpenAI’s models misbehave and earn a reward

Artificial Intelligence, bug bounty, News, OpenAI /

Make OpenAI’s models misbehave and earn a reward 2026-03-27 at 03:57 By Anamarija Pogorelec OpenAI’s public Safety Bug Bounty program focuses on AI abuse and safety risks across its products. The goal is to support safe and secure systems and reduce the risk of misuse that could lead to harm. This program complements the Security

Make OpenAI’s models misbehave and earn a reward Read More »

Top product launches at RSAC 2026

Astrix Security, Black Duck, Bonfy.AI, Booz Allen Hamilton, Cisco, conferences, Dashlane, Don't miss, Mimecast, News, Novee, Palo Alto Networks, RSAC 2026, Stellar Cyber, Straiker, Teleport /

Top product launches at RSAC 2026 2026-03-27 at 03:57 By Mirko Zorz RSAC 2026 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity protection, this year’s conference delivered a glimpse into the future. Here are the most interesting products that caught our attention, and

Top product launches at RSAC 2026 Read More »

Tails 7.6 ships automatic Tor bridge retrieval and a new password manager

Encryption, News, open source, Privacy, software, Tails /

Tails 7.6 ships automatic Tor bridge retrieval and a new password manager 2026-03-27 at 01:05 By Anamarija Pogorelec Tails 7.6 is out, and for users operating on networks that block Tor, the most consequential addition is built-in bridge retrieval. The Tor Connection assistant can now detect when a direct connection to Tor is restricted and

Tails 7.6 ships automatic Tor bridge retrieval and a new password manager Read More »

Second RedLine infostealer operator ends up in US custody

cybercrime, law enforcement, Malware, News, US DoJ, USA /

Second RedLine infostealer operator ends up in US custody 2026-03-26 at 16:23 By Sinisa Markovic Hambardzum Minasyan, an Armenian man extradited to the United States, is accused of conspiring with others to develop and operate the RedLine infostealer malware used to steal sensitive data, including login credentials, from victims’ computers. Minasyan is charged with conspiracy

Second RedLine infostealer operator ends up in US custody Read More »

GitHub jumps on the bandwagon and will use your data to train AI

Artificial Intelligence, GitHub, News, Privacy, training /

GitHub jumps on the bandwagon and will use your data to train AI 2026-03-26 at 15:52 By Anamarija Pogorelec GitHub updated how it uses data to improve AI-powered coding assistance. Starting April 24, interaction data from Copilot Free, Pro, and Pro+ users may be used to train and improve GitHub’s models unless users opt out.

GitHub jumps on the bandwagon and will use your data to train AI Read More »

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks

backdoor, critical infrastructure, Don't miss, Hot stuff, Linux, Malware, News, Rapid7, remote access, telecommunications /

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks 2026-03-26 at 15:52 By Zeljka Zorz Telecommunications providers around the world have been dealing with the burrowing efforts of the China-linked APTs for many years now. To help them identify hard-to-detect implants used by the China-based group dubbed Red Menshen, Rapid7 researchers have

Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks Read More »

Mission to smuggle $170 million worth of AI tech to China collapsed for three men

cyber espionage, cybercrime, FBI, law enforcement, News, USA /

Mission to smuggle $170 million worth of AI tech to China collapsed for three men 2026-03-26 at 15:52 By Sinisa Markovic Three individuals, Stanley Yi Zheng, Matthew Kelly, and Tommy Shad English, have been charged with conspiracy to commit smuggling and export control violations after allegedly attempting to procure millions of dollars’ worth of restricted

Mission to smuggle $170 million worth of AI tech to China collapsed for three men Read More »

Reddit declares war on bad bot activity

identity verification, News, Privacy, Reddit /

Reddit declares war on bad bot activity 2026-03-26 at 13:32 By Anamarija Pogorelec Reddit is introducing changes to support interactions between people. The company is taking a bottom-up approach to help users understand when they are engaging with another person unless an account is labeled otherwise. Reddit plans to verify that users are human without

Reddit declares war on bad bot activity Read More »

AI SOC vendors are selling a future that production deployments haven’t reached yet

agentic AI, Artificial Intelligence, Aunoo AI, automation, CISO, Claude Code, code analysis, Cybanetix, Don't miss, Features, Gartner, generative AI, Hot stuff, LLMs, News, opinion, Reddit, report, security operations, SOC, strategy, Threat Intelligence /

AI SOC vendors are selling a future that production deployments haven’t reached yet 2026-03-26 at 12:32 By Mirko Zorz Vendors selling AI-powered security operations platforms have built their pitches around a consistent set of promises: autonomous threat investigation, dramatic reductions in analyst workload, and an accelerating path toward humanless operations. Practitioners buying and deploying those

AI SOC vendors are selling a future that production deployments haven’t reached yet Read More »

A nearly undetectable LLM attack needs only a handful of poisoned samples

Artificial Intelligence, attacks, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research /

A nearly undetectable LLM attack needs only a handful of poisoned samples 2026-03-26 at 12:32 By Mirko Zorz Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet addressed. Researchers have developed and tested a prompt-based backdoor attack

A nearly undetectable LLM attack needs only a handful of poisoned samples Read More »

Your facilities run on fragile supply chains and nobody wants to admit it

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IFMA, News, resilience, Risk Management, supply chain /

Your facilities run on fragile supply chains and nobody wants to admit it 2026-03-26 at 12:32 By Mirko Zorz In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She explains how sourcing, localized redundancy, and flexible infrastructure design are

Your facilities run on fragile supply chains and nobody wants to admit it Read More »

Google races to secure encryption before quantum threats arrive

Android, cybersecurity, Google, News, public-key cryptography, quantum computing /

Google races to secure encryption before quantum threats arrive 2026-03-26 at 12:07 By Sinisa Markovic Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security professionals warn that current encryption could be broken by large-scale quantum computers in the coming years. This

Google races to secure encryption before quantum threats arrive Read More »

Scroll to Top