Zapier exploit chain shows how known anti-patterns compose into critical risk
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on …
Amazon Quick authorization bypass let users reach blocked AI chat agents
Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use …
AWS open sources Trusted Remote Execution to control what AI agents touch
Production scripts that read a log file generally hold the same permissions as scripts that delete one. The execution context decides what gets touched, and that gap widens …
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in …
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, attempts …
Amazon sends AI agents into pen testing and DevOps
Amazon’s latest AI capabilities bring on-demand penetration testing through the AWS Security Agent, alongside the AWS DevOps Agent. “These agents are changing the way we …
Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a …
Cloud misconfiguration has evolved and your controls haven’t
In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the …
Big tech companies step in to support the open source security ecosystem
Backed by new funding commitments from major technology players, open source security efforts are moving beyond threat identification toward practical solutions for defenders. …
Cloud-audit: Fast, open-source AWS security scanner
Running AWS security audits without a dedicated security team typically means choosing between enterprise platforms with per-check billing and generic open-source scanners …
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog …
AWS Security Hub Extended brings enterprise security under one roof
AWS Security Hub Extended is a plan within Security Hub that simplifies how customers procure, deploy, and integrate a full-stack enterprise security solution across endpoint, …
Featured news
Resources
Don't miss
- LinkedIn-themed phishing abuses Adobe’s A/B testing platform
- The behavioral signals that sharpen Trojan malware detection
- Zapier exploit chain shows how known anti-patterns compose into critical risk
- The CISO selling confidence in a market full of breach headlines
- Frontier AI models collapse under multi-turn AI attacks, Cisco finds