Who owns AI agent access? At most companies, nobody knows 2026-03-26 at 07:12 By Anamarija Pogorelec AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A January 2026 survey of 228 IT and security professionals, conducted by the Cloud Security […]
Who owns AI agent access? At most companies, nobody knows Read More »
Botnet operator behind $14 million in ransomware extortion payments gets 24 months behind bars 2026-03-25 at 17:13 By Sinisa Markovic A Russian national has been sentenced to 24 months in prison after admitting he managed a botnet used to launch ransomware attacks against dozens of U.S. companies. The judge also imposed a $100,000 fine and
Gemini picks up criminal activity buried in dark web noise 2026-03-25 at 15:07 By Sinisa Markovic To help teams make faster and more accurate decisions on emerging threats, Google has introduced a dark web intelligence capability in Google Threat Intelligence. Powered by Gemini, the feature analyzes millions of dark web events each day and surfaces
Gemini picks up criminal activity buried in dark web noise Read More »
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks 2026-03-25 at 14:01 By Zeljka Zorz A slew of supply chain attacks against popular open source tools and packages appears to have been orchestrated by TeamPCP, a cybercriminal group that rose to prominence in late 2025. The latest victim of the group is BerryAI’s popular
LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks Read More »
Microsoft hands Entra ID users new option for MFA 2026-03-25 at 12:46 By Anamarija Pogorelec Organizations rely on MFA to enforce identity checks before granting access to systems and services. Microsoft has made external MFA generally available in Microsoft Entra ID, expanding support for third-party identity providers. Configure external MFA in Microsoft Entra ID (Source:
Microsoft hands Entra ID users new option for MFA Read More »
Anthropic cuts action approval loop, lets Claude Code make the call 2026-03-25 at 11:06 By Sinisa Markovic Auto mode is a new permissions feature in the Claude Code system that allows the AI to make approval decisions on a user’s behalf while safeguards review actions before execution. The feature is available on Team plans and
Anthropic cuts action approval loop, lets Claude Code make the call Read More »
Google’s TurboQuant cuts AI memory use without losing accuracy 2026-03-25 at 10:24 By Anamarija Pogorelec Large language models carry a persistent scaling problem. As context windows grow, the memory required to store key-value (KV) caches expands proportionally, consuming GPU memory and slowing inference. A team at Google Research has developed three compression algorithms: TurboQuant, PolarQuant,
Google’s TurboQuant cuts AI memory use without losing accuracy Read More »
You don’t have to choose between BAS or automated pentesting, you shouldn’t 2026-03-25 at 08:07 By Help Net Security There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack simulation (BAS) or automated penetration testing (APT)? Security vendors
You don’t have to choose between BAS or automated pentesting, you shouldn’t Read More »
Why your phishing simulations aren’t building a security culture 2026-03-25 at 08:07 By Help Net Security Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing
Why your phishing simulations aren’t building a security culture Read More »
Your security stack looks fine from the dashboard and that’s the problem 2026-03-25 at 08:07 By Anamarija Pogorelec One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of corporate PCs. That figure, drawn from Absolute Security’s 2026 Resilience
Your security stack looks fine from the dashboard and that’s the problem Read More »
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 2026-03-25 at 08:07 By Anamarija Pogorelec Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, eight tools added to the network repositories, a kernel
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18 Read More »
LevelBlue and SentinelOne: Advancing Integrated, Intelligence‑Driven Security Operations 2026-03-24 at 19:53 By Bob McCullen Today, I’m excited to share news that represents a major step forward in how LevelBlue helps organizations strengthen their resilience and modernize their security operations. LevelBlue and SentinelOne have entered into a strategic global partnership to deliver integrated, intelligence‑driven security operations
LevelBlue and SentinelOne: Advancing Integrated, Intelligence‑Driven Security Operations Read More »
Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months 2026-03-24 at 19:53 By Sinisa Markovic A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 million in intended losses, after being arrested
Uncle Sam closes the door on all new foreign-made routers 2026-03-24 at 17:04 By Sinisa Markovic The US Federal Communications Commission (FCC) has imposed a ban on all new routers manufactured overseas being imported into and sold within the United States. The post Uncle Sam closes the door on all new foreign-made routers appeared first
Uncle Sam closes the door on all new foreign-made routers Read More »
The AI safety conversation is focused on the wrong layer 2026-03-24 at 16:30 By Mirko Zorz Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that fragmentation was manageable. Humans log in, log out, and make decisions slowly enough that gaps
The AI safety conversation is focused on the wrong layer Read More »
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) 2026-03-24 at 16:13 By Zeljka Zorz Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active session tokens from the memory of affected devices. Anil Shetty, senior VP of Engineering with Cloud
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055) Read More »
Vulnerabilities from years ago still opening doors for attackers 2026-03-24 at 14:02 By Sinisa Markovic Exploitation timelines continued to compress in enterprise environments, with newly disclosed flaws reaching active use almost immediately and older weaknesses remaining active years after disclosure. (Source: Cisco Talos) Findings from Cisco Talos’ 2025 Year in Review show how attackers combined
Vulnerabilities from years ago still opening doors for attackers Read More »
NVIDIA puts GPU orchestration in community hands 2026-03-24 at 14:02 By Mirko Zorz GPU-accelerated AI workloads now run on Kubernetes in the large majority of enterprise environments. Managing those workloads at scale has required specialized tooling that, until now, remained under vendor control. NVIDIA moved to change that at KubeCon Europe in Amsterdam this week,
NVIDIA puts GPU orchestration in community hands Read More »
Microsoft details AI prompt abuse techniques targeting AI assistants 2026-03-24 at 14:02 By Anamarija Pogorelec Prompt abuse occurs when crafted inputs manipulate an AI system into producing unintended behavior, such as attempting to access sensitive information or overriding built-in safety instructions. Prompt injection is also recognized as one of the top risks in the 2025
Microsoft details AI prompt abuse techniques targeting AI assistants Read More »
GitHub-hosted malware campaign uses split payload to evade detection 2026-03-24 at 13:12 By Zeljka Zorz A large-scale malware delivery campaign has been targeting developers, gamers, and general users through fake tools hosted on GitHub, Netskope researchers have warned. These “lures” are highly polished and appear legitimate, occasionally mimicking real projects, thus making them difficult to
GitHub-hosted malware campaign uses split payload to evade detection Read More »