Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
Unknown attackers have compromised 30+ Red Hat Cloud Services npm packages with malware that goes after credentials stored in developers’ build environment. What the …
KDE Linux security audit cuts kernel modules and unused packages
KDE Linux, the in-progress operating system from the KDE community, removed several kernel modules and software packages after a security audit of the components shipped with …
OpenAI brings frontier AI to existing AWS environments
OpenAI frontier models and Codex are now available on AWS, giving customers access to OpenAI capabilities within AWS environments and the controls needed to move more quickly …
Sensitive government personnel data posted online, Spanish police arrest suspect
The Spanish National Police arrested a man in Granada for allegedly leaking personal data belonging to members of several sensitive state institutions. According to police, …
Zero trust physical security needs trust decisions at the edge
In this interview with Help Net Security, Chuck Davis, VP, Global Information Security at Hikvision, explains how zero trust applies to physical security systems like cameras …
Why you need BAS and autonomous pentesting together
Most security teams know the drill: A new autonomous penetration testing tool gets deployed, and the first run is genuinely impressive. The dashboard surfaces critical …
This AI model backdoor attack stays hidden until you customize the model
Most teams that deploy AI start with a backbone model. They download a large pre-trained system, adapt it to a specific task, and put it into production. The download step …
Cybersecurity jobs available right now: June 2, 2026
Agentic Safety and Ecosystem Architect, Trust and Safety Google | USA | On-site – No longer accepting applications As an Agentic Safety and Ecosystem Architect, Trust …
Meta tries to get ahead of scammers before the World Cup begins
Football fans are counting down the days until the FIFA World Cup begins, and scammers are doing the same. Last week, the FBI warned that cybercriminals are spoofing FIFA …
Windows Netlogon RCE exploited, domain controllers at risk (CVE-2026-41089)
CVE-2026-41089, a critical Windows Netlogon RCE flaw that allows remote code execution, is now actively exploited in the wild, the Centre for Cybersecurity Belgium (CCB) …
Brute-force attack triggers Dashlane account lockouts
Password manager Dashlane has confirmed that a brute-force attack targeting user accounts triggered temporary account suspensions and authentication issues. The company first …
Microsoft Defender Vulnerability Management gets a smarter exposure score
Microsoft Defender Vulnerability Management’s updated exposure score model adds vulnerability risk signals and asset context to help teams understand where risk is …
Featured news
Resources
Don't miss
- Attackers are exploiting FortiSandbox vulnerabilities
- SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad