Cyber Division

As AI agents, machine identities, and third-party applications multiply across enterprises, Offroad is betting autonomous security agents can restore control over an increasingly unmanageable identity landscape.
The post Offroad Emerges From Stealth With $7 Million to Tackle Enterprise Identity Risk appeared first on SecurityWeek.

From SIM swap protection to remote provisioning, eSIMs are quickly replacing physical SIM cards. Here’s why the shift matters for security and convenience.

Willow (formerly Webrix) emerged from stealth mode with an access platform designed to secure enterprise AI agents.
The post Willow Raises $7 Million for Securing Autonomous AI Agents appeared first on SecurityWeek.

Attackers could have triggered dangerous actions, including controlling smart home devices via Google Home and starting Zoom video calls.
The post Gemini Voice Assistant Hijacked via Messaging Notifications appeared first on SecurityWeek.

A flaw in the Full Page Cache Warmer extension can be exploited without authentication via serialized PHP object payloads.
The post Mirasvit Vulnerability Exploited to Execute Code on Magento Servers appeared first on SecurityWeek.

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk.

Law enforcement and tech companies disrupted infrastructure linked to scammers operating across Southeast Asia.
The post Over 1.4 Million Accounts Disrupted in Cybercrime Crackdown appeared first on SecurityWeek.

The high-severity flaw can be exploited remotely, without authentication, in server-side request forgery (SSRF) attacks.
The post Cisco Warns of Available PoC for Critical Unified CM Vulnerability appeared first on SecurityWeek.

A researcher has disclosed the full details of the vulnerability and released a PoC without notifying Microsoft in advance.
The post VS Code Vulnerability Allows One-Click GitHub Token Theft appeared first on SecurityWeek.

Installing an app from the Google Workspace Marketplace or GitHub Marketplace can grant a third party access to company email, files, calendars, code repositories, CI workflows, organization settings, and secrets. Marketplace presence gives these apps the appearance of approval. The OAuth grants behind them often reach into business systems beyond the listed function. An audit by OhAuth, the OAuth research project from identity security company Offroad, covered 2,890 public OAuth app listings, with 1,595 on … More →
The post OAuth marketplace apps keep access after publishers vanish appeared first on Help Net Security.

Five Eyes warns that Chinese spies are using fake job ads on LinkedIn, Indeed, and Upwork to target military staff and steal sensitive data.

In this interview with Help Net Security, Marc Rubbinaccio, Head of Cybersecurity and Compliance at Secureframe, explains where security teams go wrong when preparing for CMMC and FedRAMP 20x. The conversation covers how organizations check the 110 requirements but miss the 320 assessment objectives beneath them, why spotless SOC 2 evidence can hide a broken control, and how continuous monitoring is changing compliance work. It also includes advice for junior practitioners on AI and practical … More →
The post Spotless compliance evidence can still hide a broken control appeared first on Help Net Security.

Trend Micro Mobile Security for iOS protects devices from potentially harmful websites while browsing, blocks ads and personal information trackers, helps users avoid unsafe Wi-Fi networks, and monitors data usage. The app is available for both iOS and Android devices. Getting Started After installing the app from the App Store, I created an account to start using it. Account creation is handled through Trend Micro’s TrendLife platform. Once installed, the app automatically scanned the device … More →
The post Product showcase: Trend Micro Mobile Security detects scams in messages, QR codes, and websites appeared first on Help Net Security.

ETSI has published TS 104 033, a technical specification that defines security requirements for AI computing platforms. The specification establishes a security framework for platforms used to host AI applications in data center and edge computing environments, covering security functions, platform components, interfaces, and services designed to protect AI models, datasets, training processes, and inference workloads. “This work builds on the AI computing platform security framework we have previously developed and marks a significant step … More →
The post ETSI sets security requirements for AI data centers and cloud platforms appeared first on Help Net Security.

A website called "UK visa portal" has been quietly collecting passport scans, selfies, and personal data from thousands of travellers who thought they were applying through official channels. They weren't. And when a journalist tried to warn the company, it was lawyers who responded.

Meanwhile, a paper from Cornell suggests that prompt injection - the technique malicious actors use to trick AI agents into doing things they really shouldn't - may be fundamentally unsolvable. Which is err... awkward, because everyone is rushing to plug AI agents into their email, files, and corporate networks.

Plus don't miss our featured interview with Andrea Sivieri of CoreView, who tells us how hackers can lock your entire organisation out of its Microsoft 365 environment... without having to trick you into running a single piece of malicious code or handing over a password.

All this and more in episode 470 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Tanya Janca.

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way.

Coralogix offers a full-stack observability platform that unifies logs, metrics, traces, security, and AI observability.
The post Coralogix Raises $200M at $1.6B Valuation to Scale AI Observability Platform appeared first on SecurityWeek.

Microsoft has introduced a series of security tools and capabilities focused on AI-driven vulnerability discovery, AI agents, and AI models. The updates include a multi-agent vulnerability discovery system, new controls for managing and securing AI agents, data protection capabilities, and tools designed to identify potentially vulnerable or compromised AI models before deployment. MDASH targets exploitable vulnerabilities Microsoft expanded the preview of MDASH, a multi-model agentic vulnerability discovery system that now integrates with Microsoft Defender. The … More →
The post Microsoft responds to security challenges facing code, AI agents, and models appeared first on Help Net Security.

Threat actors are exploiting vulnerable Kirki and Burst Statistics deployments to elevate privileges and take over websites.
The post Kirki, Burst Statistics WordPress Plugin Flaws in Attackers’ Crosshairs appeared first on SecurityWeek.

The AI Risk Quadrant evaluates AI agents based on three factors: how vulnerable they are to compromise, the potential impact of a breach, and the strength of their security defenses.
The post Security of 100 AI Agents Tested and Ranked – What You Need to Know appeared first on SecurityWeek.

The affected individuals’ personal information was stolen from a legacy server managed by a third party.
The post IMA Diligence Services Data Breach Impacts 525,000 People appeared first on SecurityWeek.

An improper authentication bug allows attackers to escalate their privileges and escape containers.
The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared first on SecurityWeek.

The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold.
The post ‘HTTP/2 Bomb’ Exploit Knocks Web Servers Offline in Seconds appeared first on SecurityWeek.

Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities.
The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.

Proofpoint says TA4922, a suspected China aligned cybercrime group, is targeting UK and European organisations with tax, payroll and benefits themed malware campaigns.

Researchers at the University of Toronto, the Vector Institute, and the University of Cambridge have built and tested a proof-of-concept AI-driven worm that does not operate on a fixed list of exploits. Instead, it analyzes each target it encounters, reasons about how to attack it, and creates a strategy on the fly, all with the help of a small, free large language model (LLM) running directly on machines it has already compromised. A worm that … More →
The post Autonomous AI-driven worm can reason its way through corporate networks appeared first on Help Net Security.

A Malware-as-a-Service (MaaS) operation named WeedHack is targeting Minecraft users and allows threat actors to gain remote access to victims’ screens, webcams, and files through a web-based dashboard, McAfee researchers found. Minecraft, developed by Mojang Studios and released in 2011, is one of the best-selling video games of all time, with more than 350 million copies sold worldwide. Since January 2026, the campaign has infected more than 116,000 systems and continues to add between 2,000 … More →
The post Malware campaign targeting Minecraft users infects over 116,000 systems appeared first on Help Net Security.

Alcasec, the "Robin Hood of Spanish Hackers," is jailed for 31 months after admitting to stealing and selling Spanish citizens' banking data.

Enterprise teams are running AI agents that write code, drive browsers, answer customer calls, manage cloud infrastructure, and query data warehouses with standing credentials. A new independent assessment of 100 production agents finds that nearly all of them carry the conditions for a single hostile document to take them over. The AI Risk Quadrant (AIRQ) report, a 2026 Q2 edition produced by independent researchers, scores 100 commercial and publicly available AI agents across three dimensions: … More →
The post Only 11% of production agents pass the AI agent security bar appeared first on Help Net Security.

Android is introducing fake call detection to help protect users from impersonation scams. The feature can detect and flag suspected spoofed calls when both parties use Phone by Google on Android 12 or later. It will roll out globally this month, starting with Pixel devices. Story of two calls from “Mom” (Source: Google) “Fake call detection helps protect you, your family and friends by identifying when a caller isn’t who they claim to be, giving … More →
The post Google adds a silent check to catch scammers posing as your contacts appeared first on Help Net Security.

Workplace AI assistants have mostly waited for a prompt before doing anything. A user asks, the tool answers, and the exchange ends there. Microsoft is putting a different kind of agent inside its Office applications, one designed to keep operating in the background once a person stops paying attention. The company introduced Microsoft Scout, calling it the first entry in a category it labels Autopilots. What an Autopilot does Autopilots are always-on agents that run … More →
The post Microsoft Scout agent opens a new category of always-on Autopilots appeared first on Help Net Security.

Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government agencies. Organizations joining the program must meet security requirements before gaining access, Anthropic noted. The expansion brings the program to organizations in more than 15 countries and includes sectors such as healthcare, energy, communications, technology, and other infrastructure … More →
The post Anthropic expands Project Glasswing to 150 organizations in more than 15 countries appeared first on Help Net Security.

The order establishes a framework for the federal government to vet the national security risks of the most advanced AI systems for up to a month before their public release.
The post Trump Signs Executive Order That Invites Vetting of Top AI Models for National Security Risks appeared first on SecurityWeek.

Fake ChatGPT desktop app ads pushed password-stealing malware by abusing trusted AI links, hiding from scanners, and tricking users into downloads.

As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control.
The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.

A simple development setting bypassed protections designed to prevent unauthorized Android apps from accessing Microsoft account tokens, exposing billions of installations.
The post Exclusive: How One Line of Code Put Billions of Microsoft Android App Downloads at Risk appeared first on SecurityWeek.

Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks.
The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.

Only approximately 50 companies have had access to Mythos until now and they have found thousands of vulnerabilities in their products.
The post Anthropic Expanding Mythos Access to 150 New Organizations appeared first on SecurityWeek.

Hackers abused Meta’s AI support bot to hijack major Instagram accounts, bypassing security checks as videos showed the flaw before Meta fixed the issue.

Meta has expanded its Teen Accounts 13+ content settings globally on Instagram, Facebook, and Messenger. The safeguards are designed to help young users see age-appropriate content by default. The company also introduced Limited Content on Instagram for parents seeking stricter restrictions. Meta plans to roll out the feature on Facebook and Messenger later this year. Content settings (Source: Meta) What the 13+ setting includes Facebook’s 13+ content setting hides content in Feed and Reels that … More →
The post Meta adds stricter guardrails for teen feeds appeared first on Help Net Security.

Atlas Menu, a cheat service for Grand Theft Auto V and Counter-Strike 2, has been added to the Have I Been Pwned database following a data breach that exposed tens of thousands of user records. The incident exposed approximately 64,000 accounts, including email addresses, usernames, IP addresses, support tickets, and passwords hashed with bcrypt. The attacker claimed to have compromised all Atlas systems before leaking the service’s database through a public GitHub repository. In a … More →
The post 64,000 accounts exposed in breach of GTA V cheat service Atlas Menu appeared first on Help Net Security.

Office workers in the United States lose hours each week to email triage and to searching for files spread across disconnected systems. Roughly 40 percent of US labor, about 72 million people, works primarily with information such as analysis, documents, designs, and communication. Research from the McKinsey Global Institute puts the average knowledge worker at 28 percent of the workweek on email and close to 20 percent on hunts for internal information or for colleagues … More →
The post Codex knowledge work expands into research, reports, and spreadsheets appeared first on Help Net Security.

Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android Framework, a set of APIs and system services that apps interact with directly. The flaw allows attackers to escalate privileges on a vulnerable device, and they may gain complete access to the device … More →
The post Google fixes actively exploited Android vulnerability (CVE-2025-48595) appeared first on Help Net Security.

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected.

A stack-based buffer overflow bug can be exploited for remote code execution on a vulnerable device.
The post Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches appeared first on SecurityWeek.

The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers.
The post Oracle WebLogic Vulnerability Exploited in the Wild appeared first on SecurityWeek.

Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address.
The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek.

Microsoft has released multiple identity and network access capabilities for Entra, its family of identity and network access products that help organizations implement a zero trust security strategy, over the last 30 days. Features reaching general availability Identity and authentication updates Phishing-resistant MFA is now available on Linux desktops through the Microsoft identity broker. The feature supports Ubuntu 24.04 and 26.04, as well as RHEL 8, 9, and 10, bringing Linux support in line with … More →
The post Microsoft Entra pushes passkeys, tightens identity security appeared first on Help Net Security.

A threat actor used AI technologies to build a malware-testing framework for developing and refining endpoint detection and response (EDR) evasion techniques, according to Sophos. The investigation began after an anomalous endpoint in a customer environment triggered alerts tied to malicious payloads originating from a testing directory. The files pointed to a broader framework focused on evading detection. The environment contained Cobalt Strike profiles designed to disguise beacon traffic as legitimate web requests, a Telegram-based … More →
The post Sophos uncovers AI-powered malware lab built for EDR evasion appeared first on Help Net Security.

Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster.
The post Oracle’s First Monthly Patches Resolve 77 Vulnerabilities appeared first on SecurityWeek.