Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)
Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain …
GopherWhisper APT group hides command and control traffic in Slack and Discord
Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group …
OpenAI tackles a bad habit people have when interacting with AI
Since people tend to paste personal data into AI tools such as ChatGPT, OpenAI has released Privacy Filter, an open-weight model designed to detect and redact personally …
A year in, Zoom’s CISO reflects on balancing security and business
In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business …
Scenario: Open-source framework for automated AI app red-teaming
Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems …
GDPR works, but only where someone enforces it
A new measurement study of web tracking across ten countries offers a reality check for anyone working on privacy compliance. Researchers crawled the same set of globally …
Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks
The 2026 InsurSec Report from At-Bay, covering more than 100,000 policy years of claims data, documents a 7% year-over-year rise in overall claim frequency and an all-time …
Google’s Workspace Intelligence promises privacy while running on your data
Security and data governance are among the key considerations in Google’s latest AI update, which introduces Workspace Intelligence within Google Workspace. Google describes …
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence …
Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders
The Mozilla Foundation tested Claude Mythos, an Anthropic AI model that has stirred debate in the cybersecurity community. Before granting access to Mythos, Mozilla scanned …
Prove Identity Platform connects verification, authentication, and fraud prevention
Prove has launched the Prove Identity Platform, turning identity verification into an ongoing, real-time process for users, businesses, and AI agents. AI agents are already …
New Mirai variants target routers and DVRs in parallel campaigns
Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, …
Featured news
Resources
Don't miss
- Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
- TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
- Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)
- Communicating cyber risk in dollars boards understand
- CVE Lite CLI: Open-source dependency vulnerability scanner