News

CVE Lite CLI: Open-source dependency vulnerability scanner

Don't miss, GitHub, News, open source, OWASP, scanner, software, software development, vulnerability assessment /

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours […]

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

When your AI assistant has the keys to production

agentic AI, AI, cybersecurity, Don't miss, LLMs, News, research, security operations /

When your AI assistant has the keys to production 2026-05-20 at 09:34 By Sinisa Markovic Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure.

When your AI assistant has the keys to production Read More »

7 hard truths security pros should know: 2026 DevOps Threats Report

authentication, Cloud, DevOps, DevSecOps, Don't miss, Expert analysis, Expert corner, GitProtect.io, News, threats /

7 hard truths security pros should know: 2026 DevOps Threats Report 2026-05-20 at 09:34 By Help Net Security In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your

7 hard truths security pros should know: 2026 DevOps Threats Report Read More »

What happens when your identity provider becomes the kill chain

Atsign, authentication, cybersecurity, Don't miss, identity protection, News, OAuth, strategy, tips, Video /

What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in

What happens when your identity provider becomes the kill chain Read More »

PureLogs infostealer is stealing credentials worldwide

data theft, Don't miss, Fortinet, Hot stuff, Malware, News, phishing /

PureLogs infostealer is stealing credentials worldwide 2026-05-19 at 16:58 By Zeljka Zorz A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure

PureLogs infostealer is stealing credentials worldwide Read More »

Canonical ships Ubuntu Core 26 with 15 years of security maintenance

Linux, News, Ubuntu /

Canonical ships Ubuntu Core 26 with 15 years of security maintenance 2026-05-19 at 15:47 By Anamarija Pogorelec Operators of industrial sensors, edge AI controllers, and connected medical equipment now have a refreshed long-term Linux option for fleets that must stay patched for more than a decade. Canonical released Ubuntu Core 26, the latest long-term supported

Canonical ships Ubuntu Core 26 with 15 years of security maintenance Read More »

The end of unencrypted Discord calls is here

Encryption, News, Privacy /

The end of unencrypted Discord calls is here 2026-05-19 at 15:35 By Anamarija Pogorelec Discord has protected voice and video calls in DMs, group DMs, voice channels, and Go Live streams with end-to-end encryption (E2EE) by default. The company began experimenting with E2EE for voice and video in 2023, starting a long-term effort. End-to-end encryption

The end of unencrypted Discord calls is here Read More »

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain

apple, cybercrime, Google, macOS, Malware, Microsoft, News, social engineering /

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain 2026-05-19 at 15:35 By Sinisa Markovic A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password managers, and cryptocurrency wallets while establishing persistence for continued access, SentinelOne found.

New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain Read More »

Earbud sensors can authenticate users by their heartbeat, study finds

authentication, biometrics, cybersecurity, Don't miss, Features, hardware, Hot stuff, News, research, sensors /

Earbud sensors can authenticate users by their heartbeat, study finds 2026-05-19 at 09:17 By Mirko Zorz Researchers built a continuous authentication system called AccLock that identifies a wearer by the tiny vibrations a heartbeat makes inside the ear canal. The signal comes from an accelerometer of the kind already sitting inside many wireless earbuds, so

Earbud sensors can authenticate users by their heartbeat, study finds Read More »

Public Instagram posts provide raw material for AI phishing campaigns

AI, cybercrime, Instagram, News, phishing, research, social media /

Public Instagram posts provide raw material for AI phishing campaigns 2026-05-19 at 09:17 By Sinisa Markovic A handful of public Instagram posts can give attackers enough material to generate convincing phishing emails with GenAI. Research from the University of Texas at Arlington and Louisiana State University showed how public social media activity can be turned

Public Instagram posts provide raw material for AI phishing campaigns Read More »

AI infrastructure is cracking under sovereignty demands

AI, Compliance, News, NTT, regulation, report /

AI infrastructure is cracking under sovereignty demands 2026-05-19 at 09:17 By Anamarija Pogorelec AI deployments are moving into environments with tighter controls around data, infrastructure, and system operations. Organizations are building AI systems across multiple providers, platforms, and computing environments while managing governance, security, and compliance obligations within defined boundaries. NTT DATA’s 2026 Global AI

AI infrastructure is cracking under sovereignty demands Read More »

Cybersecurity jobs available right now: May 19, 2026

cybersecurity jobs, News /

Cybersecurity jobs available right now: May 19, 2026 2026-05-19 at 07:04 By Anamarija Pogorelec CISO DataFence | Israel | Hybrid – View job details As a CISO, you will develop security roadmaps, compliance plans, risk registers, policies, and control implementation plans while leading audit and regulatory compliance activities. You will manage client projects from planning

Cybersecurity jobs available right now: May 19, 2026 Read More »

AI is drowning software maintainers in junk security reports

AI, bug bounty, Don't miss, GitHub, Hot stuff, Linux, News, open source, vulnerability assessment, vulnerability disclosure /

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s

AI is drowning software maintainers in junk security reports Read More »

Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards

cybercrime, EU, fraud, law enforcement, News /

Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards 2026-05-18 at 20:34 By Sinisa Markovic The Dutch police’s Game Over?! campaign, which publicly displays images of suspected fraudsters to encourage self-surrenders and gather public tips, is proving successful, with the identities of 74 of the 100 suspects shown already identified.

Game over for 74 suspected scammers after Dutch cops plastered their faces on billboards Read More »

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Don't miss, exploit, Hot stuff, News, Nginx, PoC, VulnCheck, vulnerability /

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

Attackers accessed, downloaded code from Grafana Labs’ GitHub

data theft, DevOps, Don't miss, extortion, Grafana, Hot stuff, News, open source /

Attackers accessed, downloaded code from Grafana Labs’ GitHub 2026-05-18 at 12:57 By Zeljka Zorz A threat actor has managed to access Grafana Labs’ GitHub environment and download the company’s codebase, the open-source observability and data visualization firm announced on Sunday. The breach is significant given Grafana Labs’ widespread use across enterprise engineering and DevOps teams

Attackers accessed, downloaded code from Grafana Labs’ GitHub Read More »

201 arrested in INTERPOL disruption of phishing and fraud networks

arrest, cybercrime, Interpol, Malware, News, phishing /

201 arrested in INTERPOL disruption of phishing and fraud networks 2026-05-18 at 12:08 By Anamarija Pogorelec Operation Ramz, a cybercrime initiative coordinated by INTERPOL across the MENA region, focused on disrupting phishing campaigns, malware activity, and cyber scams that caused substantial financial losses across the region. The operation resulted in the arrest of 201 individuals

201 arrested in INTERPOL disruption of phishing and fraud networks Read More »

The AI backdoor your security stack is not built to see

AI, backdoor, cybersecurity, Don't miss, enterprise, Features, LLMs, Microsoft, News, research /

The AI backdoor your security stack is not built to see 2026-05-18 at 09:42 By Sinisa Markovic Enterprises deploying LLMs have spent the past two years building defenses around a reasonable assumption: malicious behavior leaves a trace in the input. Scan for suspicious tokens, filter unusual characters, watch for prompt injection patterns. New research from

The AI backdoor your security stack is not built to see Read More »

AI shrinks vulnerability exploitation window to hours

agentic AI, AI, cybersecurity, News, report, security testing, Synack, threats, vulnerability management /

AI shrinks vulnerability exploitation window to hours 2026-05-18 at 09:42 By Anamarija Pogorelec Time has become organizations’ biggest vulnerability because the gap between vulnerability discovery and exploitation has narrowed to hours, according to Synack’s 2026 State of Vulnerabilities Report. Total vulnerabilities by severity (2022-2025) (Source: Synack) AI expands the attack surface Agentic AI systems that

AI shrinks vulnerability exploitation window to hours Read More »

Lyrie: Open-source autonomous pentesting agent

agentic AI, AI, Don't miss, GitHub, News, open source, penetration testing, software /

Lyrie: Open-source autonomous pentesting agent 2026-05-18 at 09:42 By Sinisa Markovic Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase. The project reached version

Lyrie: Open-source autonomous pentesting agent Read More »

Scroll to Top