Samsung tackles shoulder surfing on Galaxy devices 2026-01-29 at 12:13 By Sinisa Markovic Our phones hold our most personal details, and we use them everywhere. On the bus, in elevators, and while waiting in line, screens are often visible to people nearby. The closer phones align with daily habits, the more persistent privacy concerns become. […]
Samsung tackles shoulder surfing on Galaxy devices Read More »
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! 2026-01-29 at 11:34 By Zeljka Zorz SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible. The vulnerabilities The WHD vulnerabilities fixed
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! Read More »
Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to
Open-source malware zeroes in on developer environments Read More »
Hottest cybersecurity open-source tools of the month: January 2026 2026-01-29 at 08:06 By Anamarija Pogorelec This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. OpenAEV: Open-source adversarial exposure validation platform OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns
Hottest cybersecurity open-source tools of the month: January 2026 Read More »
A practical take on cyber resilience for CISOs 2026-01-29 at 08:06 By Help Net Security In this Help Net Security video, Shebani Baweja, CISO for Consumer, Private, Wealth & Business Banking at Standard Chartered, explains how security leaders should think about cyber resilience. She outlines why preparation for extreme events matters as much as day
A practical take on cyber resilience for CISOs Read More »
What motivates hackers and what makes them walk away 2026-01-29 at 07:02 By Anamarija Pogorelec Most hackers spend more time learning, testing, and comparing notes than breaking into systems. The work often happens alone or in small groups, shaped by curiosity, persistence, and a habit of examining how systems behave. Bugcrowd examined who these security
What motivates hackers and what makes them walk away Read More »
A fake romance turns into an Android spyware infection 2026-01-29 at 02:20 By Anamarija Pogorelec ESET researchers have identified an Android spyware campaign that uses romance scam tactics to target individuals in Pakistan. The operation relies on a malicious app disguised as a chat service that routes conversations through WhatsApp. Behind the romance lure, the
A fake romance turns into an Android spyware infection Read More »
OPNsense 26.1 brings updates to open-source firewall management 2026-01-29 at 01:17 By Anamarija Pogorelec OPNsense, the open-source firewall and network security platform, reached version 26.1, adding a range of updates affecting management, traffic visibility, automation interfaces, and core services. Changes in firewall management and APIs Version 26.1, code-named Witty Woodpecker, introduces revisions to the firewall
OPNsense 26.1 brings updates to open-source firewall management Read More »
LevelBlue Named a Major Player in the IDC MarketScape: Worldwide Managed SSE Services 2025 2026-01-28 at 17:02 By LevelBlue has been recognized as a Major Player in the IDC MarketScape: Worldwide Managed Security Service Edge Services 2025 Vendor Assessment (IDC #US52992425 September 2025). This article is an excerpt from LevelBlue Blog View Original Source
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns 2026-01-28 at 17:02 By Zeljka Zorz State-sponsored hackers and financially motivated attackers continue leveraging a critical WinRAR vulnerability (CVE-2025-8088) that’s been fixed over half a year ago. CVE-2025-8088 is a path traversal vulnerability that can be exploited via maliciously crafted RAR archives. “The exploit chain
WinRAR vulnerability still a go-to tool for hackers, Mandiant warns Read More »
n8n adds Chat Hub to centralize AI access inside automation workflows 2026-01-28 at 12:32 By Anamarija Pogorelec Teams using automation platforms are starting to treat conversational AI as another operational interface. That change is reflected in a new feature from n8n, which has introduced a built-in Chat Hub designed to let users interact with AI
n8n adds Chat Hub to centralize AI access inside automation workflows Read More »
French government abandons Zoom and Microsoft Teams over security concerns 2026-01-28 at 12:28 By Sinisa Markovic France intends to phase out non-European videoconferencing platforms such as Zoom and Microsoft Teams from its public administration, opting instead for a nationally developed solution due to security considerations. Ending the use of paid software licenses is expected to
French government abandons Zoom and Microsoft Teams over security concerns Read More »
Android just got smarter at stopping snatch-and-run phone thefts 2026-01-28 at 09:48 By Sinisa Markovic Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android 16 and later. One update builds on Failed Authentication Lock, a feature introduced in
Android just got smarter at stopping snatch-and-run phone thefts Read More »
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities 2026-01-28 at 09:10 By Sinisa Markovic CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that
CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities Read More »
Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions 2026-01-28 at 08:15 By Anamarija Pogorelec A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access. The research was conducted by
Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom 2026-01-28 at 08:15 By Help Net Security Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered this reality during their implementation: “Once a secret is pushed
Audits for AI systems that keep changing 2026-01-28 at 07:28 By Anamarija Pogorelec Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement
Audits for AI systems that keep changing Read More »
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints 2026-01-27 at 15:49 By Anamarija Pogorelec Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while continuing to support IPv4. The change applies to access portals, managed applications,
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints Read More »