Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
deepfakes
9 out of 10 people can no longer distinguish real from AI-generated content

Online fraud is becoming harder to distinguish from legitimate activity as AI-generated messages, voices, photos, reviews, and identities become more convincing. Nearly nine …

insider threat
Threat actors are recruiting the people who hold cloud logins

Companies keep most of their data and applications in cloud platforms that anyone can reach with the right login. That setup turns each employee holding those credentials into …

GDPR-compliant cloud storage
Making the cloud prove it followed your privacy wishes

Companies that store personal data in cloud key-value databases should handle deletion requests by running the operation and confirming the job is complete. The people making …

brain
Prompt injection still drives most agentic AI security failures in production

A backdoor sat on PyPI for three hours in March 2026. Nearly 47,000 downloads occurred during the window. The compromised package, LiteLLM, serves as the language-model …

Robot
X Square Robot open sources its robot-free data collection framework

Companies building robots for physical work spend large amounts of time and money operating machines by hand to gather training examples. Each session with a physical robot …

smartphone
Organizations can’t see much of their mobile AI activity

Organizations have limited visibility into AI activity on mobile devices despite security leaders expressing confidence in their AI governance, according to Lookout’s …

identity
Identity theft is turning into a chain reaction for victims

For a growing number of victims, identity theft no longer ends with a fraudulent charge or a compromised account. More than one in four people who contacted the Identity Theft …

Ivanti
Critical Ivanti Sentry flaw allows root-level remote code execution (CVE-2026-10520)

Ivanti has patched two critical vulnerabilities (CVE-2026-10520 and CVE-2026-10523) in Ivanti Sentry and has urged customers to implement the fix right away. Though the …

phishing
New Browser-in-the-Browser phishing uses fake login popups to steal Microsoft 365 credentials

A new Browser-in-the-Browser (BitB) phishing campaign is targeting Microsoft 365 users with fake login popups designed to closely mimic legitimate browser authentication …

GitHub
Building reusable workflows with custom agents in Copilot CLI

Developers spend much of their working time in the terminal, generating commands, debugging issues, and running scripts close to their systems. Repeated terminal work tends to …

patch tuesday
Record Microsoft Patch Tuesday, fresh zero-day

Microsoft marked its largest-ever Patch Tuesday this month, by shipping fixes for nearly 200 vulnerabilities. Within hours, “Nightmare Eclipse”, the researcher …

cloud
Apple extends Private Cloud Compute to third-party data centers

Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data centers. Introduced in …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools