Audits for AI systems that keep changing 2026-01-28 at 07:28 By Anamarija Pogorelec Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement […]
Audits for AI systems that keep changing Read More »
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out
Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses 2026-01-27 at 17:17 By Zeljka Zorz A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer
Attackers use Windows App-V scripts to slip infostealer past enterprise defenses Read More »
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints 2026-01-27 at 15:49 By Anamarija Pogorelec Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while continuing to support IPv4. The change applies to access portals, managed applications,
AWS adds IPv6 support to IAM Identity Center through dual-stack endpoints Read More »
Microsoft brings AI-powered investigations to security teams 2026-01-27 at 15:49 By Sinisa Markovic Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak investigations, credential exposure, internal fraud and bribery, sensitive data exposure in Teams, and inappropriate content investigations.
Microsoft brings AI-powered investigations to security teams Read More »
Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) 2026-01-27 at 11:22 By Zeljka Zorz Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated
Waiting for AI superintelligence? Don’t hold your breath 2026-01-27 at 09:44 By Sinisa Markovic AI’s impact on systems, security, and decision-making is already permanent. Superintelligence, often referred to as artificial superintelligence (ASI), describes a theoretical stage in which AI capability exceeds human cognitive performance across domains. Whether current systems are progressing toward cybersecurity superintelligence remains
Waiting for AI superintelligence? Don’t hold your breath Read More »
When open science meets real-world cybersecurity 2026-01-27 at 09:44 By Mirko Zorz Scientific research environments are built for openness and collaboration, often prioritizing long-term discovery over traditional enterprise security. In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where cybersecurity blind spots emerge, why availability can
When open science meets real-world cybersecurity Read More »
AI’s appetite for data is testing enterprise guardrails 2026-01-27 at 08:18 By Anamarija Pogorelec Privacy programs are taking on more operational responsibility across the enterprise. A new Cisco global benchmark study shows expanding mandates, rising investment, and sustained pressure around data quality, accountability, and cross-border data management tied to AI systems. Privacy programs grow with
AI’s appetite for data is testing enterprise guardrails Read More »
Cybersecurity jobs available right now: January 27, 2026 2026-01-27 at 08:18 By Anamarija Pogorelec CISO micro1 | USA | Remote – View job details As a CISO, you will define the enterprise security vision and implement a zero-trust architecture across systems and data pipelines. You will secure AI Labs environments, oversee identity and access management
Cybersecurity jobs available right now: January 27, 2026 Read More »
Claude expands tool connections using MCP 2026-01-27 at 01:46 By Sinisa Markovic Anthropic has added interactive tool support to its Claude AI platform, a change powered by the open Model Context Protocol (MCP). The update lets users work directly with external applications inside Claude’s interface rather than relying solely on text interactions with connected services.
Claude expands tool connections using MCP Read More »
EU opens new investigation into Grok on X 2026-01-26 at 17:42 By Sinisa Markovic The European Commission has opened a new formal investigation into X under the Digital Services Act over risks linked to the deployment of its AI tool Grok in the EU. Regulators are examining whether X properly assessed and mitigated risks tied
EU opens new investigation into Grok on X Read More »
Apple updates AirTag with expanded range and improved findability 2026-01-26 at 17:42 By Sinisa Markovic Apple has released a new version of its AirTag tracking accessory that extends its connectivity range and improves how items are located. The updated AirTag uses a second-generation Ultra Wideband chip, similar to the chip in the iPhone 17 lineup,
Apple updates AirTag with expanded range and improved findability Read More »
Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and
Poland repels data-wiping malware attack on energy systems Read More »
Inside Microsoft’s veteran-to-tech workforce pipeline 2026-01-26 at 12:12 By Zeljka Zorz The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help Net Security interview, Chris Cortez, Vice President of Military Affairs at Microsoft and longtime leader of the Microsoft
Inside Microsoft’s veteran-to-tech workforce pipeline Read More »
Google ties AI Search to Gmail and Photos, raising new privacy questions 2026-01-26 at 11:09 By Anamarija Pogorelec Google is expanding Personal Intelligence into AI Mode in Google Search to deliver more personalized search results. AI Mode can securely connect to your Gmail and Google Photos to provide tailored recommendations without requiring you to repeatedly
Google ties AI Search to Gmail and Photos, raising new privacy questions Read More »
Microsoft Entra ID will auto-enable passkey profiles, synced passkeys 2026-01-26 at 10:52 By Sinisa Markovic Starting March 2026, Microsoft Entra ID will automatically enable passkey profiles and introduce support for synced passkeys. Passkey profiles move into general availability The update brings passkey profiles and synced passkeys into general availability. Administrators gain access to a new
Microsoft Entra ID will auto-enable passkey profiles, synced passkeys Read More »
Brakeman: Open-source vulnerability scanner for Ruby on Rails applications 2026-01-26 at 08:00 By Anamarija Pogorelec Brakeman is an open-source security scanner used by teams that build applications with Ruby on Rails. The tool focuses on application code and configuration, giving developers and security teams a way to identify common classes of web application risk during
Brakeman: Open-source vulnerability scanner for Ruby on Rails applications Read More »
Incident response lessons learned the hard way 2026-01-26 at 07:36 By Help Net Security In this Help Net Security video, Ryan Seymour, VP, Consulting and Education at ConnectSecure, shares lessons from more than two decades in cybersecurity incident response. He explains why many response failures are set in motion long before an attack begins. The
Incident response lessons learned the hard way Read More »
AWS releases updated PCI PIN compliance report for payment cryptography 2026-01-26 at 07:05 By Anamarija Pogorelec Amazon Web Services has published an updated Payment Card Industry Personal Identification Number (PCI PIN) compliance package for its AWS Payment Cryptography service, confirming a recent third-party audit of the platform. The report package is now accessible through AWS’s
AWS releases updated PCI PIN compliance report for payment cryptography Read More »