Hidden instructions in README files can make AI agents leak data
Developers rely on AI coding agents to set up projects, install dependencies, and run commands by following instructions in repository README files, which provide setup…
Category: HelpnetSecurity
Fingerprint’s MCP Server turns device intelligence into real-time AI-powered fraud insights
Fingerprint has announced the launch of its Model Context Protocol (MCP) Server, an open-source MCP implementation for the fraud prevention space. The new server enables…
NinjaOne Vulnerability Management enables real-time detection and autonomous patching
NinjaOne has unveiled NinjaOne Vulnerability Management, a new solution that helps IT teams identify, prioritize, and remediate vulnerabilities faster, without relying on periodic scans from…
Microsoft Edge 146 adds IP privacy and local network access controls
Microsoft Edge version 146 (Stable) became available on March 13, 2026, bringing updates to tracking protection, IP privacy, and enterprise network security policies. One change…
ENISA advisory examines package manager security risks
Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package…
€1 million online fraud scheme uncovered, three suspects arrested
A criminal group suspected of running an online fraud scheme in Germany, which defrauded victims of around €1 million, has been dismantled through judicial cooperation…
New infosec products of the week: March 13, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Binary Defense, Mend.io, OPSWAT, Singulr AI, SOC Prime, Terra Security,…
Passwords, MFA, and why neither is enough
Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through…
AI coding agents keep repeating decade-old security mistakes
Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities…
Authorities dismantle SocksEscort proxy network behind millions in fraud
SocksEscort, a residential proxy network used to exploit thousands of compromised home routers worldwide and facilitate large-scale fraud that cost victims millions of dollars, has…
ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites
Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. Attackers modified and abused benign…
Researchers uncover AI-powered vishing platform
A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage…