Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)
Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of …
DigiCert breached via malicious screensaver file
A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing …
Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing …
Two cybersecurity pros get prison time for helping ransomware gang
Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to …
Claude Security enters public beta with Opus 4.7 vulnerability scanning and patching
Claude Security, previously called Claude Code Security, is in public beta for Claude Enterprise customers. Available in Claude.ai, the capability scans codebases for security …
15-year-old detained over massive data breach at French government agency
French authorities have detained a 15-year-old suspected of involvement in a data breach at France Titres, the government agency responsible for issuing official documents. …
Brush shell 0.4.0 tightens script safety, widens platform support
Rust-based alternatives to traditional Unix shells continue to attract users who want bash compatibility alongside built-in features like syntax highlighting and history-based …
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one …
Spotting third-party cyber risk before attackers do
In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures …
What researchers learned about building an LLM security workflow
Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any …
Your work apps are quietly handing 19 data points to someone
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most …
ChatGPT advanced account security adds passkeys and hardware keys
Journalists, elected officials, researchers, and political dissidents have spent years adapting their accounts to phishing-resistant authentication on consumer platforms. …
Featured news
Resources
Don't miss
- Attackers are exploiting FortiSandbox vulnerabilities
- SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)
- Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)
- Reachability makes AI threat modeling worth the trust
- EU Cybersecurity Act 2.0: When good regulation goes bad