Collaborate Disseminate
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipeloc… Continue reading Pipelock: Open-source AI agent firewall
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most common workplace apps in use across U.S. companies, including Gmail, Microsoft Te… Continue reading Your work apps are quietly handing 19 data points to someone
Enterprises pulling models from Hugging Face and other open repositories rarely keep records of how those models are altered after download, leaving organizations with little ability to confirm what they are running in production. The State of AI Secur… Continue reading Cisco releases open-source toolkit for verifying AI model lineage
In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and customers during her ear… Continue reading A year in, Zoom’s CISO reflects on balancing security and business
Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that run… Continue reading Scenario: Open-source framework for automated AI app red-teaming
The 2026 InsurSec Report from At-Bay, covering more than 100,000 policy years of claims data, documents a 7% year-over-year rise in overall claim frequency and an all-time high average severity of $221,000. Ransomware severity reached $508,000, up 16% … Continue reading Ransomware, fraud, and lawsuits drive cyber insurance claims to new peaks
Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries. An investigation by infrastructure intelligence firm Infrawatch traced a large … Continue reading A single platform powers SIM farm proxy networks across 17 countries
NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the NGate malware family, this time embedded in a trojanized version of HandyPay, a… Continue reading NGate NFC malware targets Android users through trojanized payment app
Boost Security has released SmokedMeat, an open-source framework that runs attack chains against CI/CD infrastructure so engineering and security teams can see what an attacker would do in their specific environment. What the tool does SmokedMeat takes… Continue reading SmokedMeat: Open-source tool shows what attackers do inside CI/CD pipelines
Roughly 40% of employees worldwide said they experienced a lot of stress during the previous day, according to Gallup’s State of the Global Workplace 2026 report, a figure that has remained above pre-pandemic levels for several years. Daily anger… Continue reading Workplace stress in 2026 is still worse than before the pandemic