News

Where NSA zero trust guidance aligns with enterprise reality

AppOmni, CISO, cybersecurity, Government, how-to, News, NSA, strategy, tips, zero trust /

Where NSA zero trust guidance aligns with enterprise reality 2026-02-02 at 09:10 By Sinisa Markovic The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust cybersecurity practices. The documents are part of a larger series designed to support adoption of […]

Where NSA zero trust guidance aligns with enterprise reality Read More »

Open-source AI pentesting tools are getting uncomfortably good

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, GitHub, Hot stuff, IBS Software, News, open source, opinion, penetration testing, software /

Open-source AI pentesting tools are getting uncomfortably good 2026-02-02 at 09:10 By Help Net Security AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI,

Open-source AI pentesting tools are getting uncomfortably good Read More »

What boards need to hear about cyber risk, and what they don’t

access controls, automation, boardroom, CIO, cyber risk, cybersecurity, Don't miss, Entrust, News, Risk Management, Video /

What boards need to hear about cyber risk, and what they don’t 2026-02-02 at 09:10 By Help Net Security In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board members and what does not. He

What boards need to hear about cyber risk, and what they don’t Read More »

Pompelmi: Open-source secure file upload scanning for Node.js

GitHub, News, Node.js, open source, scanner, scanning, software /

Pompelmi: Open-source secure file upload scanning for Node.js 2026-02-02 at 09:10 By Sinisa Markovic Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business logic.

Pompelmi: Open-source secure file upload scanning for Node.js Read More »

AI is flooding IAM systems with new identities

Artificial Intelligence, Cloud Security Alliance, credentials, cybersecurity, identity management, News, Non Human Identities, report /

AI is flooding IAM systems with new identities 2026-02-02 at 07:20 By Anamarija Pogorelec Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of Non-Human Identity and AI Security report by the Cloud Security Alliance. AI identities inherit

AI is flooding IAM systems with new identities Read More »

Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw

News, Week in review /

Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw 2026-02-01 at 11:37 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics

Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw Read More »

Microsoft sets new timeline for Sentinel transition to Defender portal

Microsoft, News, update /

Microsoft sets new timeline for Sentinel transition to Defender portal 2026-01-30 at 14:37 By Sinisa Markovic Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, 2027. The updated schedule extends access by nearly nine months. Microsoft said

Microsoft sets new timeline for Sentinel transition to Defender portal Read More »

Ex-Google engineer found guilty of stealing AI secrets

China, cyber espionage, cybercrime, FBI, Google, Government, News, US DoJ, USA /

Ex-Google engineer found guilty of stealing AI secrets 2026-01-30 at 12:40 By Sinisa Markovic A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of trade secrets tied to AI technology. Ding faces a maximum sentence of

Ex-Google engineer found guilty of stealing AI secrets Read More »

Apple’s new privacy feature limits how precisely carriers track your location

apple, iOS, iPad, iPhone, location tracking, News, Privacy /

Apple’s new privacy feature limits how precisely carriers track your location 2026-01-30 at 10:33 By Anamarija Pogorelec Apple users are already accustomed to managing app-level location permissions, and a new privacy feature in iOS 26.3 extends that control to cellular networks. Called Limit Precise Location, it reduces the amount of fine-grained location data that iPhones

Apple’s new privacy feature limits how precisely carriers track your location Read More »

EFF calls out major tech companies on encryption promises

EFF, Encryption, News, Privacy /

EFF calls out major tech companies on encryption promises 2026-01-30 at 10:33 By Sinisa Markovic The Electronic Frontier Foundation (EFF) has introduced a new campaign called Encrypt It Already, focused on expanding the use of end-to-end encryption in consumer technology products and services. The effort examines public security commitments and the current availability of encryption

EFF calls out major tech companies on encryption promises Read More »

Security work keeps expanding, even with AI in the mix

Artificial Intelligence, cybersecurity, Don't miss, News, report, survey, Tines /

Security work keeps expanding, even with AI in the mix 2026-01-30 at 08:07 By Sinisa Markovic Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 report by Tines. Within that environment, large numbers of teams already rely

Security work keeps expanding, even with AI in the mix Read More »

Security teams are carrying more tools with less confidence

cybersecurity, News, report, security operations, SIEM, Sumo Logic, survey /

Security teams are carrying more tools with less confidence 2026-01-30 at 07:31 By Anamarija Pogorelec Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large organizations, and they bring a constant stream of logs, alerts, and operational data. That environment already exists

Security teams are carrying more tools with less confidence Read More »

Wearable tech adoption continues as privacy worries grow

Clutch, data collection, data security, mobile devices, News, Privacy, survey, wearable tech /

Wearable tech adoption continues as privacy worries grow 2026-01-30 at 07:09 By Sinisa Markovic Over 1 billion users wear devices for tracking steps, sleep, heart rate, and other personal metrics. These devices collect a continuous stream of sensitive data, often tied to detailed user profiles and companion apps. New Clutch survey data show that as

Wearable tech adoption continues as privacy worries grow Read More »

New infosec products of the month: January 2026

Acronis, Booz Allen Hamilton, cside, cybersecurity, Descope, JumpCloud, MIND, News, Noction, Obsidian Security, Rubrik, SEON, SpyCloud, Tenable, Tosi, Vectra AI /

New infosec products of the month: January 2026 2026-01-30 at 06:33 By Anamarija Pogorelec Here’s a look at the most interesting products from the past month, featuring releases from Acronis, Booz Allen Hamilton, cside, Descope, JumpCloud, MIND, Noction, Obsidian Security, Rubrik, SEON, SpyCloud, Tenable, Tosi and Vectra AI. Acronis Archival Storage brings compliance-ready, S3-compatible cold

New infosec products of the month: January 2026 Read More »

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)

0-day, CISA, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, patch /

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) 2026-01-30 at 05:32 By Zeljka Zorz Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog. Investigating potential

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) Read More »

Google disrupts proxy network used by 550+ threat groups

Android, attack tools, Don't miss, Google, Hot stuff, News, Proxy, Windows /

Google disrupts proxy network used by 550+ threat groups 2026-01-29 at 18:27 By Zeljka Zorz Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat groups

Google disrupts proxy network used by 550+ threat groups Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

antivirus, consumer, Don't miss, enterprise, Hot stuff, Malware, MicroWorld Technologies, Morphisec, News, supply chain compromise /

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

France Travail fined €5 million for failing to protect job seeker data

data breach, data security, data theft, EU, Europe, France, Government, News, Privacy /

France Travail fined €5 million for failing to protect job seeker data 2026-01-29 at 17:29 By Sinisa Markovic France data protection authority CNIL has fined public employment agency France Travail €5 million for failing to ensure the security of personal data of job seekers. Attackers gained access to the organization’s systems through social engineering techniques

France Travail fined €5 million for failing to protect job seeker data Read More »

Conditional Access enforcement change coming to Microsoft Entra

Microsoft, Microsoft Entra ID, News, policy /

Conditional Access enforcement change coming to Microsoft Entra 2026-01-29 at 14:05 By Sinisa Markovic Microsoft will change how Conditional Access policies are enforced in Microsoft Entra starting March 27, 2026, with a phased rollout continuing through June 2026. The change affects sign-ins through client applications that request only OIDC scopes or a limited set of

Conditional Access enforcement change coming to Microsoft Entra Read More »

Google agrees to pay $135 million over Android data harvesting claims

Android, Don't miss, Google, lawsuit, mobile devices, News, Privacy, smartphones /

Google agrees to pay $135 million over Android data harvesting claims 2026-01-29 at 12:13 By Sinisa Markovic Google agrees to pay $135 million to settle a proposed class action lawsuit brought by Android smartphone users over alleged unauthorized cellular data transmissions. After fees and administrative costs are deducted, the remaining settlement funds would be divided

Google agrees to pay $135 million over Android data harvesting claims Read More »

Scroll to Top