Over 70% of organizations hit by identity breaches 2026-05-14 at 07:30 By Anamarija Pogorelec Attackers rely on stolen credentials, compromised service accounts, and social engineering attacks targeting employees, according to Sophos’ The State of Identity Security 2026 survey. What do you estimate to be the overall cost to your organization to rectify the identity breach? […]
Over 70% of organizations hit by identity breaches Read More »
Machine identities outnumber humans 109 to 1 2026-05-14 at 07:00 By Anamarija Pogorelec Organizations manage an average of 109 machine identities for every human identity. AI agents account for a growing share of those identities, with companies expecting AI agent growth of 85% over the next 12 months. Machine identities are projected to increase by
Machine identities outnumber humans 109 to 1 Read More »
WhatsApp adds Incognito Chat for private Meta AI conversations 2026-05-13 at 18:24 By Sinisa Markovic The company launched Incognito Chat with Meta AI, a feature that lets users hold AI conversations the platform itself cannot read. The rollout will reach WhatsApp and the standalone Meta AI app over the coming months. How Incognito Chat works
WhatsApp adds Incognito Chat for private Meta AI conversations Read More »
Signal responds to phishing attacks with new in-app security warnings 2026-05-13 at 16:08 By Sinisa Markovic Signal is adding new protections for users following recent phishing and social engineering attacks. In March, the FBI and CISA issued a warning stating that Signal had become a primary target of Russian intelligence-linked hackers. Dutch and German security
Signal responds to phishing attacks with new in-app security warnings Read More »
KDE gets over €1 million investment to strengthen security and core infrastructure 2026-05-13 at 14:00 By Mirko Zorz European governments and public institutions have been shifting away from proprietary software for years, and the financial infrastructure supporting open-source alternatives is growing to match. Germany’s Sovereign Tech Fund announced today that it is investing more than
KDE gets over €1 million investment to strengthen security and core infrastructure Read More »
Android pushes new scam, theft, and AI protections in 2026 update wave 2026-05-13 at 07:03 By Sinisa Markovic Phone scammers spoofing bank caller IDs have driven an estimated $980 million in annual losses worldwide, according to Europol. Android’s 2026 security roadmap takes direct aim at that pattern with a verified call system built in partnership
Android pushes new scam, theft, and AI protections in 2026 update wave Read More »
Fedora Hummingbird brings the container security model to a Linux host OS 2026-05-13 at 02:05 By Anamarija Pogorelec Container image security pipelines have spent the past several years pushing toward minimal footprints, hermetic builds, and continuous CVE remediation. The Fedora Project is now applying that same approach to the host operating system. At Red Hat
Fedora Hummingbird brings the container security model to a Linux host OS Read More »
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days 2026-05-13 at 00:31 By Zeljka Zorz Microsoft has marked May 2026 Patch Tuesday by releasing fixes for 120+ CVE-numbered vulnerabilities, none of which (for a change) are actively exploited or have been publicly disclosed. Still, some deserve more consideration and should be addressed sooner than
Microsoft May 2026 Patch Tuesday: Many fixes, but no zero-days Read More »
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) 2026-05-12 at 20:12 By Zeljka Zorz Security researchers at XLab have outlined an active attack campaign targeting CVE-2026-41940, the recently disclosed vulnerability in cPanel & WHM, and have linked it to a stealthy hacking group that has been operating largely undetected for years. The vulnerability
Stealthy hackers exploit cPanel flaw in active backdoor campaign (CVE-2026-41940) Read More »
Amazon Quick authorization bypass let users reach blocked AI chat agents 2026-05-12 at 20:12 By Mirko Zorz Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those
Amazon Quick authorization bypass let users reach blocked AI chat agents Read More »
Instructure took a risky approach to recover stolen Canvas data 2026-05-12 at 17:35 By Sinisa Markovic Instructure, the company behind the online learning platform Canvas, said it reached an agreement with the extortion group ShinyHunters to prevent data stolen in a recent breach from being leaked online. According to the company’s website, Canvas has more
Instructure took a risky approach to recover stolen Canvas data Read More »
General Motors to pay $12.75 million over driver data sales 2026-05-12 at 17:35 By Anamarija Pogorelec General Motors has agreed to a $12.75 million settlement with California over allegations that it unlawfully sold drivers’ location and behavioral data to brokers, marking the largest penalty in the history of the state’s Consumer Privacy Act. Prosecutors say
General Motors to pay $12.75 million over driver data sales Read More »
Download: The IT and security field guide to AI adoption 2026-05-12 at 17:35 By Help Net Security Security and IT teams are under pressure to adopt AI, but many are seeing the opposite of what was promised. Tools that demo well don’t hold up in real workflows. Complexity increases. Trust breaks down. And instead of
Download: The IT and security field guide to AI adoption Read More »
JetBrains TeamCity vulnerability allows privilege escalation, API exposure (CVE-2026-44413) 2026-05-12 at 17:35 By Zeljka Zorz JetBrains has patched a high-severity vulnerability (CVE-2026-44413) in TeamCity, its popular continuous integration and continuous delivery platform, and is urging organizations with on-premises and self-managed deployments to upgrade to the fixed version or implement a security patch. About CVE-2026-44413 CVE-2026-44413
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root 2026-05-12 at 14:18 By Sinisa Markovic Recent disclosures have revealed that open-source networking tool dnsmasq is grappling with a serious set of vulnerabilities. The problems span memory safety and input validation, with researchers identifying heap buffer overflows, heap corruption, and code execution
Six new dnsmasq vulnerabilities open the door to DNS cache poisoning, local root Read More »
Škoda confirms unauthorized access to its online shop 2026-05-12 at 13:49 By Anamarija Pogorelec Car manufacturer Škoda discovered that attackers had exploited a vulnerability in its online shop software and gained temporary unauthorized access to the system. What happened? After discovering the incident, the company took the shop offline as a precautionary measure, fixed the
Škoda confirms unauthorized access to its online shop Read More »
OpenAI’s Daybreak uses Codex Security to identify risky attack paths 2026-05-12 at 11:38 By Anamarija Pogorelec OpenAI Daybreak is the company’s cybersecurity initiative focused on building AI-assisted software defense into the development process from the start. It combines OpenAI models, Codex Security, and cyber-focused GPT-5.5 variants to help organizations identify, validate, and prioritize software vulnerabilities.
OpenAI’s Daybreak uses Codex Security to identify risky attack paths Read More »
HEIDI: Free IDE security plugin for open-source vulnerability checks 2026-05-12 at 09:28 By Mirko Zorz Open-source dependencies make up a large percentage of the code in production applications, and most vulnerability checks still run late in the pipeline, inside CI/CD systems or after a release ships. Meterian is moving those checks earlier with HEIDI, a
HEIDI: Free IDE security plugin for open-source vulnerability checks Read More »
The hidden smart fridge risks that emerge years after purchase 2026-05-12 at 09:28 By Mirko Zorz Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at Leipzig University maps what happens when those two timelines collide,
The hidden smart fridge risks that emerge years after purchase Read More »
Cybersecurity jobs available right now: May 12, 2026 2026-05-12 at 09:27 By Anamarija Pogorelec Application Security Engineer Total Quality Logistics | USA | On-site – View job details As an Application Security Engineer, you will design, implement, and maintain security controls across the software development lifecycle. You will work closely with engineering and product teams
Cybersecurity jobs available right now: May 12, 2026 Read More »