Asqav: Open-source SDK for AI agent governance
AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the …
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. “Because the …
Prompt injection tags along as GenAI enters daily government use
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for …
BlueHammer: Windows zero-day exploit leaked
A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by …
Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that …
Iranian cyber activity hits US energy, water, and government networks
U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell …
Chaos malware expands from routers to Linux cloud servers
Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the …
Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete …
What managing partners should ask AI vendors before signing any contract
In this Help Net Security interview, Kumar Ravi, Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more …
6G network design puts AI at the center of spectrum, routing, and fault management
Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks, expected to …
OpenSSL 3.6.2 lands with eight CVE fixes
OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate. What got fixed The release fixes incorrect …
Cybercriminals move deeper into networks, hiding in edge infrastructure
Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, …
Featured news
Resources
Don't miss
- Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
- Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
- Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian
- Testing reveals Claude Mythos’s offensive capabilities and limits
- Booking.com data breach: Customer reservation data exposed