Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal …

Google
Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, …

Mastodon
Mastodon 4.6 adds profile Collections and two-factor controls

People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature …

Android verification
Google sets timeline for Android developer verification enforcement

Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing …

laptop
Your browser tab could become encrypted storage for someone else’s files

Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine …

search
Companies are discarding the logs they need to catch a breach

Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large …

attack
Asia-Pacific scam networks generate nearly $40 billion a year

Cybercrime is taking a larger share of criminal activity in Asia and the Pacific. More than half of surveyed jurisdictions reported that cybercrime accounts for over 30% of …

Infosec products of the week
New infosec products of the week: June 19, 2026

Here’s a look at the most interesting products from the past week, featuring releases from ArmorCode, Barracuda Networks, Blue Planet, Flip, Fortinet, Legit Security, Tigera, …

Operation Endgame
Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind …

Roblox
Malware attacks strip Roblox developers of entire games

Hackers who once focused on stealing valuable Roblox items are now taking over entire games. Although Roblox operates the service, users can create and publish their own games …

Fortinet
74,000 Fortinet firewall credentials exposed in FortiBleed data leak

A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The …

danger
GentleKiller targets more than 400 security processes across 48 products

Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools