Fake AI songs streamed billions of times, netting fraudster $10 million
Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments …
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted …
Field workers don’t need more access, they need better security
In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access …
Cloud misconfiguration has evolved and your controls haven’t
In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the …
New infosec products of the week: March 20, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Intel 471, Kore.ai, NinjaOne, Pindrop, Secure Code Warrior, Token Security, and Xona …
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core
Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or …
DarkSword: Researchers uncover another iOS exploit kit
A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google …
4chan shrugs off UK regulator, refuses to pay £520,000 in fines over online safety violations
The U.K.’s media regulator Ofcom fined 4chan £450,000 under the Online Safety Act for failing to introduce age checks to stop children from accessing pornographic content on …
Secure endpoint management systems immediately, CISA urges
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber …
CISA warns of active exploitation of Microsoft SharePoint vulnerability (CVE-2026-20963)
CVE-2026-20963, a remote code execution (RCE) SharePoint vulnerability Microsoft fixed in January 2026, is being exploited by attackers. The confirmation comes from the US …
Google limits Android accessibility API to curb malware abuse
Google is restricting how Android apps can use accessibility features after years of abuse by banking Trojans and mobile malware. The changes, introduced in Android 17.2, …
900,000 contact records exposed in Aura data breach
Aura, the online safety service, confirmed that an unauthorized party accessed about 900,000 records, mostly names and email addresses from a marketing tool linked to a …
Featured news
Resources
Don't miss
- Researchers release tool to detect stealthy BPFDoor implants in critical infrastructure networks
- AI SOC vendors are selling a future that production deployments haven’t reached yet
- A nearly undetectable LLM attack needs only a handful of poisoned samples
- Your facilities run on fragile supply chains and nobody wants to admit it
- LiteLLM PyPI packages compromised in expanding TeamPCP supply chain attacks