News

Trivy supply chain attack enabled European Commission cloud breach

Trivy supply chain attack enabled European Commission cloud breach 2026-04-03 at 09:35 By Zeljka Zorz CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed […]

Trivy supply chain attack enabled European Commission cloud breach Read More »

Which messaging app takes the most limited approach to permissions on Android?

Which messaging app takes the most limited approach to permissions on Android? 2026-04-03 at 08:39 By Sinisa Markovic Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that differences in permissions, background activity,

Which messaging app takes the most limited approach to permissions on Android? Read More »

Microsoft releases open-source toolkit to govern autonomous AI agents

Microsoft releases open-source toolkit to govern autonomous AI agents 2026-04-03 at 08:39 By Anamarija Pogorelec AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to

Microsoft releases open-source toolkit to govern autonomous AI agents Read More »

Click, wait, repeat: Digital trust erodes one login at a time

Click, wait, repeat: Digital trust erodes one login at a time 2026-04-03 at 07:58 By Anamarija Pogorelec Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time they

Click, wait, repeat: Digital trust erodes one login at a time Read More »

New infosec products of the month: March 2026

New infosec products of the month: March 2026 2026-04-03 at 07:02 By Anamarija Pogorelec Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI, Stellar Cyber, Teleport, and Vicarius. Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk

New infosec products of the month: March 2026 Read More »

AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test

AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test 2026-04-03 at 01:25 By Anamarija Pogorelec Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, attempts to do exactly that, sharing benchmark results for Backblaze B2, AWS S3, Cloudflare R2, and

AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test Read More »

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support 2026-04-02 at 18:58 By Anamarija Pogorelec OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH implementations that do not support rekeying. Rekeying compatibility removed SSH clients and servers that lack

OpenSSH 10.3 patches five security bugs and drops legacy rekeying support Read More »

Software supply chain hacks trigger wave of intrusions, data theft

Software supply chain hacks trigger wave of intrusions, data theft 2026-04-02 at 18:58 By Zeljka Zorz After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potentially be circulating” as a result of this and the Trivy, KICS, LiteLLM, and Telnyx supply

Software supply chain hacks trigger wave of intrusions, data theft Read More »

DarkSword exploit forces Apple to loosen its patching policy

DarkSword exploit forces Apple to loosen its patching policy 2026-04-02 at 14:46 By Sinisa Markovic Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the first time Apple has backported fixes for older devices based on vulnerability

DarkSword exploit forces Apple to loosen its patching policy Read More »

TrueConf zero-day vulnerability exploited to target government networks

TrueConf zero-day vulnerability exploited to target government networks 2026-04-02 at 12:02 By Sinisa Markovic Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in Southeast Asia, Check Point researchers discovered. Malicious client update attack chain (Source: Check Point) Trusted update mechanism turned into attack

TrueConf zero-day vulnerability exploited to target government networks Read More »

Tracking drones with the 5G tower down the street

Tracking drones with the 5G tower down the street 2026-04-02 at 08:42 By Anamarija Pogorelec Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at night, and LiDAR systems have the same cost problem as radar. A group of researchers at the University

Tracking drones with the 5G tower down the street Read More »

Trust, friction, and ROI: A CISO’s take on making security work for the business

Trust, friction, and ROI: A CISO’s take on making security work for the business 2026-04-02 at 08:42 By Mirko Zorz In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature security programs reduce friction in sales cycles and M&A

Trust, friction, and ROI: A CISO’s take on making security work for the business Read More »

Microsoft adds high-volume email sending to Exchange Online

Microsoft adds high-volume email sending to Exchange Online 2026-04-02 at 07:58 By Anamarija Pogorelec Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll notifications, IT alerts, and security advisories, without running into the sending limits designed for person-to-person email. Microsoft

Microsoft adds high-volume email sending to Exchange Online Read More »

Your customer passed authentication. So why are they sending money to a scammer?

Your customer passed authentication. So why are they sending money to a scammer? 2026-04-02 at 07:12 By Help Net Security In this Help Net Security video, Lenny Gusel, Head of Fraud Solutions in North America at Feedzai, explains how customer identity and access management has converged with digital fraud detection, and why treating them as

Your customer passed authentication. So why are they sending money to a scammer? Read More »

Cybercriminals take aim at Hasbro, weeks of recovery ahead

Cybercriminals take aim at Hasbro, weeks of recovery ahead 2026-04-01 at 20:32 By Sinisa Markovic Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detected on March 28, and the company promptly activated its incident response protocols. The company said the investigation

Cybercriminals take aim at Hasbro, weeks of recovery ahead Read More »

North Korean hackers linked to Axios npm supply chain compromise

North Korean hackers linked to Axios npm supply chain compromise 2026-04-01 at 18:56 By Zeljka Zorz The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. Links to UNC1069 On March 31, 2026,

North Korean hackers linked to Axios npm supply chain compromise Read More »

CIS Benchmarks March 2026 Update

CIS Benchmarks March 2026 Update 2026-04-01 at 16:08 By Anamarija Pogorelec The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates below. Each Benchmark and Build Kit includes a changelog that references all changes. Updated CIS Benchmarks overview CIS Microsoft Windows

CIS Benchmarks March 2026 Update Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) 2026-04-01 at 14:31 By Zeljka Zorz Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281) Read More »

Mimecast makes enterprise email security deployable in minutes

Mimecast makes enterprise email security deployable in minutes 2026-04-01 at 10:34 By Mirko Zorz Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend exclusively on those native controls for collaboration security, and 64% say those controls are insufficient against the

Mimecast makes enterprise email security deployable in minutes Read More »

Financial groups lay out a plan to fight AI identity attacks

Financial groups lay out a plan to fight AI identity attacks 2026-04-01 at 10:34 By Mirko Zorz Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A joint paper from the American Bankers Association, the Better Identity Coalition, and the

Financial groups lay out a plan to fight AI identity attacks Read More »

Scroll to Top