Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Apple
Thieves unlock stolen iPhones using cheap tools sold on Telegram

Helping a friend recover a stolen phone, Infoblox researchers uncovered a thriving Telegram-based underground marketplace selling unlocking tools and phishing infrastructure …

Microsoft Exchange
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)

A critical cross-site scripting (XSS) vulnerability (CVE-2026-42897) in Microsoft Exchange Server is being exploited by attackers, Microsoft warned on Thursday. A permanent …

Rocky Linux
Rocky Linux launches opt-in security repository for urgent fixes

Rocky Linux has introduced a Security Repository that allows the distribution to ship urgent security fixes ahead of upstream Enterprise Linux when public exploit code exists …

face
Deepfake detection is losing ground to generative models

Deepfake detection has been built around a single question for close to a decade. Given a video or audio clip, is it real or synthetic? Commercial detectors analyze pixels, …

domain security
Zombie linkages are keeping expired domains trusted for years

Domains expire, get transferred, and return to the market every day. The systems connected to those domains can continue trusting the original owner long after control has …

question
The AI oversight paradox: Is the investment worth the cost of watching it?

Unlike in 2025, when AI adoption and testing drove business strategies, organizations in 2026 want proven ROI before committing budgets, according to a report by Globalization …

Infosec products of the week
New infosec products of the week: May 15, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Alation, Apricorn, Versa Networks, and TrustCloud. The questionnaire-based TPRM …

Linux
Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is …

WinUI agent plugin
Microsoft’s WinUI agent plugin trims token use by over 70% during development

Microsoft published a plugin on May 13 that lets GitHub Copilot CLI and Claude Code drive the full WinUI 3 development cycle, from project scaffolding through signed MSIX …

Microsoft Copilot Studio
Microsoft turns Copilot Studio into an AI agent control center

The Microsoft Copilot Studio April 2026 updates improve visibility and governance for admins and expand workflow capabilities for managing agents. Copilot surfaces agent …

AI
AI cyber capability is speeding past earlier projections

AI cyber capability is improving faster than expected, with newer models surpassing earlier projections, according to the UK government’s AI Security Institute (AISI). AISI …

KiCad
CERN’s open source KiCad library gives the world 17,000 circuit board components

CERN has released its complete KiCad component library under an open source license, making it available to hardware designers anywhere in the world. The library, maintained …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools