When security decisions come too late, and attackers know it
In this Help Net Security, Chris O’Ferrell, CEO at CodeHunter, talks about why malware keeps succeeding, where attackers insert malicious code in the SDLC, and…
Category: HelpnetSecurity
OpenClaw Scanner: Open-source tool detects autonomous AI agents
A new free, open source tool is available to help organizations detect where autonomous AI agents are operating across corporate environments. The OpenClaw Scanner identifies…
Picking an AI red teaming vendor is getting harder
Vendor noise is already a problem in traditional security testing. AI red teaming has added another layer of confusion, with providers offering everything from consulting…
Java security work is becoming a daily operational burden
Security teams in large enterprises already spend significant time tracking vulnerabilities across software supply chains, third-party libraries, and internal codebases. Java environments add another layer…
CodeHunter expands behavioral intent analysis to secure the software supply chain
CodeHunter is expanding its behavioral intent technology beyond traditional malware analysis to address supply chain risk and security decision-making across the software development lifecycle (SDLC).…
Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells
A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of…
Microsoft begins Secure Boot certificate update for Windows devices
Microsoft has begun updating Secure Boot certificates originally issued in 2011 to ensure that Windows devices continue to verify boot software as older certificates reach…
Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026
Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass”…
That “summarize with AI” button might be manipulating you
Microsoft security researchers discovered a growing trend of AI memory poisoning attacks used for promotional purposes, referred to as AI Recommendation Poisoning. The MITRE ATLAS…
Google Search introduces new ways to remove sensitive personal information and explicit images
Google expanded its “Results about you” tool to give users more control over sensitive personal information and added a way to request removal of non-consensual…
Yubico previews passkey-enabled digital signatures in upcoming YubiKey 5.8 firmware
Yubico’s upcoming YubiKey 5.8 firmware introduces standardized APIs that integrate hardware-backed signatures with passkey authentication. To enable privacy-capable digital signatures using passkeys, expanded enterprise IdP…
Zen-AI-Pentest: Open-source AI-powered penetration testing framework
Zen-AI-Pentest provides an open-source framework for scanning and exercising systems using a combination of autonomous agents and standard security utilities. The project aims to let…