News

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)

0-day, CISA, Don't miss, Endpoint Security, enterprise, Hot stuff, News, security update, Trend Micro /

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) 2026-05-26 at 17:32 By Zeljka Zorz A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. “TrendAI has observed at least one attempt to exploit this vulnerability in the wild,” Trend Micro […]

Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926) Read More »

Anthropic: Claude Mythos identified 10,000+ software flaws

AI, Anthropic, Don't miss, News, open source, vulnerability disclosure /

Anthropic: Claude Mythos identified 10,000+ software flaws 2026-05-26 at 17:30 By Anamarija Pogorelec Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities In April 2026, Anthropic introduced Claude Mythos

Anthropic: Claude Mythos identified 10,000+ software flaws Read More »

Chinese phishing gangs grow into a force to be reckoned with

China, cybercrime, Google, News, phishing /

Chinese phishing gangs grow into a force to be reckoned with 2026-05-26 at 17:09 By Sinisa Markovic Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several

Chinese phishing gangs grow into a force to be reckoned with Read More »

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Don't miss, Hot stuff, Microsoft, News, security update, SharePoint, vulnerability /

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) 2026-05-26 at 13:56 By Zeljka Zorz Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. About CVE-2026-45659 CVE-2026-45659 stems from

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659) Read More »

What happens when security teams inherit identity

CISO, cybersecurity, Don't miss, Features, Hot stuff, identity, identity management, News, opinion, Span /

What happens when security teams inherit identity 2026-05-26 at 13:38 By Sinisa Markovic At the Span Cyber Security Arena conference, I sat down with Eric Woodruff, Chief Identity Architect at Semperis, to talk about how organizations perceive identity and the challenges those perceptions create for security. He shared his perspective on where organizations struggle with

What happens when security teams inherit identity Read More »

Manage machine identities: The hidden privileged access layer you need to manage

access management, AI, Delinea, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, Non Human Identities, opinion /

Manage machine identities: The hidden privileged access layer you need to manage 2026-05-26 at 08:37 By Help Net Security Why are machine identities becoming the majority of “things with access”? Every automation, integration, and workload needs a way to authenticate and the right permissions to act. That quiet requirement has created a massive population of

Manage machine identities: The hidden privileged access layer you need to manage Read More »

Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams

Android, antivirus, cybersecurity, identity protection, mobile security, News, Product showcase, scams /

Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams 2026-05-26 at 08:37 By Anamarija Pogorelec F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform supports

Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams Read More »

Cybersecurity jobs available right now: May 26, 2026

cybersecurity jobs, News /

Cybersecurity jobs available right now: May 26, 2026 2026-05-26 at 07:31 By Anamarija Pogorelec Application Security Engineer IG Group | India | Hybrid – View job details As an Application Security Engineer, you will assess the security of web, mobile, and cloud applications through penetration testing, secure code reviews, threat modeling, and architecture reviews. Responsibilities

Cybersecurity jobs available right now: May 26, 2026 Read More »

Cisco refines its risk-based vulnerability disclosure for the AI era

AI, Cisco, cybersecurity, News, vulnerability assessment /

Cisco refines its risk-based vulnerability disclosure for the AI era 2026-05-25 at 21:27 By Sinisa Markovic Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company

Cisco refines its risk-based vulnerability disclosure for the AI era Read More »

Anthropic adds 28 security and compliance integrations for Claude

AI, Anthropic, Claude Code, Compliance, cybersecurity, News /

Anthropic adds 28 security and compliance integrations for Claude 2026-05-25 at 21:27 By Sinisa Markovic AI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude

Anthropic adds 28 security and compliance integrations for Claude Read More »

Authorities seize 800 servers used for cyberattacks and disinformation

disinformation, EU, News, Russian Federation /

Authorities seize 800 servers used for cyberattacks and disinformation 2026-05-25 at 16:59 By Sinisa Markovic Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems. Servers seized by Dutch

Authorities seize 800 servers used for cyberattacks and disinformation Read More »

US states step up cyber defenses to protect local communities

cyber resilience, cybersecurity, Government, Incident Response, News, strategy, USA /

US states step up cyber defenses to protect local communities 2026-05-25 at 14:35 By Anamarija Pogorelec U.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber corps

US states step up cyber defenses to protect local communities Read More »

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report

AI, BH Consulting, cybercrime, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Ransomware /

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report 2026-05-25 at 08:59 By Help Net Security This is my favourite time of the year, not just because spring is here and the promise of summer is on the way. But also, because one of my must reads each year gets published. There are

Lessons for organizations from the Verizon 2026 Data Breach Investigations Report Read More »

Boards want cyber risk in dollars, not CVE counts

boardroom, CISO, communication, CVE, cyber risk, CYE, Don't miss, News, strategy, tips, Video /

Boards want cyber risk in dollars, not CVE counts 2026-05-25 at 08:11 By Help Net Security In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business

Boards want cyber risk in dollars, not CVE counts Read More »

OpenHack: Open-source AI-powered vulnerability research

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source /

OpenHack: Open-source AI-powered vulnerability research 2026-05-25 at 08:11 By Sinisa Markovic Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of

OpenHack: Open-source AI-powered vulnerability research Read More »

Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited

News, Week in review /

Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited 2026-05-24 at 11:28 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension Following TeamPCP’s claim that they’ve breached GitHub’s own private

Week in review: GitHub breached via poisoned VS Code extension, critical NGINX flaw exploited Read More »

$20 per zero-day is already the WordPress plugin reality

0-day, AI, conferences, cybersecurity, Don't miss, Hot stuff, News, research, Trend Micro, WordPress /

$20 per zero-day is already the WordPress plugin reality 2026-05-22 at 17:05 By Mirko Zorz Vulnerability researchers have spent the past year arguing about whether AI agents can find real bugs at scale or whether they mostly generate noise. A pipeline built in three days by researchers from TrendAI and CHT Security supplies an answer,

$20 per zero-day is already the WordPress plugin reality Read More »

Deleted Google API keys keep working for up to 23 minutes, researchers warn

Aikido Security, API security, credentials, Don't miss, Google, Google Cloud, Hot stuff, News, research /

Deleted Google API keys keep working for up to 23 minutes, researchers warn 2026-05-22 at 15:08 By Zeljka Zorz Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if

Deleted Google API keys keep working for up to 23 minutes, researchers warn Read More »

Suspected KimWolf botnet admin arrested over DDoS-for-hire operation

botnet, cybercrime, Government, Internet of Things, law enforcement, News, US DoJ, USA /

Suspected KimWolf botnet admin arrested over DDoS-for-hire operation 2026-05-22 at 15:08 By Sinisa Markovic U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million devices worldwide. Jacob Butler, 23, of Ottawa, Canada, also known online as “Dort,”

Suspected KimWolf botnet admin arrested over DDoS-for-hire operation Read More »

Scroll to Top