The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects
Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live …
Ukraine can now tap EU cyber support during major attacks
Ukraine can now call on emergency cyber support from the European Union during large-scale cybersecurity incidents. The move follows a decision by the Council of the European …
Apple is bringing Hide My Email and Sign in with Apple under one domain
Apple will unify the email domains used by Sign in with Apple and iCloud+ Hide My Email under a shared domain, private.icloud.com, later this summer. Hide My Email is a …
The SOC’s visibility gap comes down to staffing
AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools …
Microsoft AntiSSRF open-source library helps block server-side request forgery
AntiSSRF is an open-source code library from Microsoft that validates URLs and network connections to reduce server-side request forgery (SSRF) risks in web applications. It …
Product showcase: From phishing texts to risky Wi-Fi, Norton 360 Deluxe watches the gaps
Norton 360 Deluxe combines device security, scam detection, web protection, and VPN privacy in a single subscription that covers up to five devices. It is available for …
Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure
In this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident. He …
The checklist problem behind critical infrastructure cyber safety
An asset owner can meet major federal cyber compliance standards and still run equipment that lacks the engineering to withstand an attack or a failure. New research from …
Attackers are exploiting FortiSandbox vulnerabilities
Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products …
Cybercriminals mask malicious communications through Microsoft Teams relays
The DragonForce ransomware group used a custom malware called Backdoor.Turn to hide command-and-control traffic inside Microsoft Teams relay infrastructure during an intrusion …
SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to …
Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But …
Featured news
Resources
Don't miss
- SingGuard-NSFA: Open-source guardrails for agentic AI
- The MDR renewal question: What changes when AI can handle the alerts
- SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
- “Context bombs” can frustrate AI-driven attacks, researchers found
- No one knows how many old shims can still bypass UEFI Secure Boot