The Latest

Stellar Cyber has announced he general availability of version 6.4.0 of its platform. With this release, Stellar Cyber delivers new Autonomous SOC capabilities designed to reduce alert noise, accelerate investigations, and transform the day-to-day experience of security analysts.

Ushering in the human-augmented Autonomous SOC

Security teams are overwhelmed by escalating alert volumes and increasingly complex attack techniques. Stellar Cyber 6.4.0 introduces coordinated agentic AI reasoning embedded directly into analyst workflows, enabling AI to work with analysts, not replace them.

“Security operations have reached a tipping point. The volume and complexity of alerts are beyond what humans alone can manage. With 6.4.0, we are delivering coordinated AI reasoning that works alongside analysts — not as a black box, but as a transparent, governed, human-augmented system. Our Autonomous SOC capabilities reduce noise, preserve analyst judgment, and dramatically accelerate response without compromising data security, ” said Aimei Wei, Chief Technology Officer, Stellar Cyber.

AI case analysis and summary

With the introduction of Agentic AI-based Case Summaries, Stellar Cyber elevates incident investigation from data review to intelligent reasoning. For high-severity cases, the platform automatically generates structured analysis and a detailed executive summary, ensuring that the most urgent and impactful incidents receive immediate, AI-driven attention.

High-severity incidents now can receive automatic AI-generated case summaries with structured analysis and executive-ready context. Each case explains:

  • What happened
  • Assets at risk or involved
  • Recommended response actions
  • Investigation priorities

The result: explainable AI delivering machine-speed analysis while maintaining analyst oversight, enabling faster, more confident decision-making.

Alert Auto Triage

Alert Auto Triage changes how security teams manage alert overload. Instead of forcing analysts to spend the majority of their day sorting through false positives and low-value signals, the platform automatically evaluates alerts, enriches them with contextual intelligence, and determines likely true or false positives. Customers can expect 60–80% analyst time savings and up to 70% noise reduction, enabling their teams to focus on meaningful investigations rather than manual triage.

By automatically delivering contextual enrichment and signal validation, Alert Auto Triage ensures analysts receive cleaner, higher-confidence alerts from the start. Stellar Cyber introduces the concept of agent AI-based Verdict Signal Check (VSC) with built-in human-in-the-loop oversight providing transparency and control, while closed-loop learning continuously improves accuracy over time. The result is a SOC that responds faster, reduces burnout, and scales without requiring additional headcount.

Phishing Email Auto Triage

Phishing email remains one of the most common and resource-draining attack vectors. Stellar Cyber’s Phishing Email Auto Triage automates the analysis of user-reported emails, reducing what once took hours to just minutes. Instead of overwhelming analysts with every reported message, the system filters out noise and escalates only high-confidence threats into actionable cases.

Case management reimagined: Custom Case Queues

Version 6.4.0 introduces Custom Case Queues, enabling SOC teams to align investigations with real-world workflows. Cases can be organized flexibly in many ways including :

  • Escalation status
  • Customer tier
  • Incident type
  • SLA priority

Shareable operational views improve collaboration across analysts and managers while enhancing SLA tracking and accountability.

For MSSPs and enterprise SOCs alike, this means improved workflow transparency, reduced friction, and more consistent service delivery.

Stronger detection capabilities

6.4.0 strengthens detection coverage in two high-risk areas:

  • Web application exploitation: New SQL injection over HTTP detection identifies suspicious query patterns across observation windows, detecting both reconnaissance and potential lateral movement.
  • Credential abuse with VPN: New VPN logon anomaly detection identifies patterns associated with password spraying and credential stuffing, reducing attacker dwell time and strengthening early breach detection.

Security operations demand speed and visibility. Stellar Cyber introduces a responsive dashboard system with:

  • Grid-based layout
  • Drag-and-drop resizing and reordering
  • Breakpoint-aware responsiveness
  • Faster dashboard creation and iteration

The enhanced UX significantly reduces dashboard creation time while improving reporting clarity and operational visibility.

Stellar Cyber continues to expand its Open XDR ecosystem with 7 new connectors, 23 new parsers, and 74 enhancements to existing integrations.

“This release is about transforming the daily life of the SOC analyst. We’re shifting effort away from manual sorting and repetitive triage toward high-value investigation and decision-making. Alert Auto Triage, Phishing Auto Triage, AI Case Summaries, and customizable queues & dynamic dashboards collectively reduce workload, improve consistency, and help security teams operate with greater confidence. This is a significant operational improvement — lower MTTR, cleaner signals, and more scalable SOC performance” said Subo Guha, SVP of Product, Stellar Cyber.


from Help Net Security https://ift.tt/DpFJzUy

NinjaOne has unveiled NinjaOne Vulnerability Management, a new solution that helps IT teams identify, prioritize, and remediate vulnerabilities faster, without relying on periodic scans from security teams that often lack context and connection to remediation workflows.

NinjaOne Vulnerability Management

Built natively into the NinjaOne platform, the new solution brings together AI-driven real-time vulnerability assessment, patch confidence scoring, and remediation, allowing organizations to proactively fix vulnerabilities, minimize mean time to remediate, and reduce time spent vulnerable.

The traditional approach to vulnerability management no longer works because it leaves organizations exposed to more risk longer than necessary. Periodic scans leveraging legacy technologies create unnecessary exposure and inefficient remediation processes. Minimizing time spent vulnerable is critical to prevent costly security incidents and operational downtime. In the model, organizations identify and remediate vulnerabilities in real time, ensuring accuracy and remediation efficacy by leveraging AI and autonomous patching workflows.

NinjaOne Vulnerability Management identifies, remediates, and patches faster

NinjaOne’s AI-native vulnerability product simplifies vulnerability management by delivering real-time visibility, integrated remediation, and reporting within a single platform. Built natively into the NinjaOne Unified IT Operations Platform, the solution helps organizations identify, remediate, and patch vulnerabilities faster and with less effort, ultimately reducing risk and allowing organizations to prioritize security bandwidth for high-severity investigations.

The solution leverages AI to identify vulnerabilities in real-time, using millions of data points in NinjaOne’s inventory, minimizing manual effort and freeing up time and resources. This brings security and IT closer together, making both teams more efficient and productive.

Key benefits customers saw in the 500K+ endpoint beta include:

  • Real-time AI-powered vulnerability visibility – NinjaOne continuously identifies software vulnerabilities without scheduled scans, providing always-current insights into risk exposures, even when a device is offline – to dramatically reduce time spent vulnerable.
  • Unified vulnerability detection and remediation – By connecting vulnerability detection directly to autonomous patching workflows (which use AI to automatically prioritize and deploy patches across Windows and Linux systems), teams can prioritize and remediate vulnerabilities proactively from the same platform. This connectivity streamlines handoffs between teams, exports, and tool switching to save IT and security time and resources.
  • Zero endpoint performance impact – Real-time vulnerability identification occurs server-side using existing device telemetry with no intrusive scanning, no agent spikes, and no impact to user productivity.
  • Continuous, audit-ready vulnerability evidence – NinjaOne automatically captures vulnerability and remediation data natively, while also incorporating vulnerability data from third-party scanner tools, to provide a unified system of record. This helps organizations meet regulatory requirements with confidence and without manual effort, allowing them to focus resources on additional projects.

“Implementing NinjaOne’s real-time vulnerability assessment has transformed how we manage endpoint risk. The single pane of glass approach gives us consolidated visibility into endpoint health, detected vulnerabilities, and remediation guidance all in one place. This centralized view allows us to prioritize patching based on real risk, accelerate remediation timelines, and reduce the operational friction that often comes with coordinating across multiple tools and teams,” said Spencer Stycos, Manager, Systems Engineering – IT Infrastructure at Great Minds.

“Prior to NinjaOne, vulnerability tracking required aggregating data from different systems, which increased reporting overhead and slowed response efforts. Today, vulnerability insights are directly integrated into our patching workflows, making next steps clear and actionable. The result is a more streamlined process, improved cross-team efficiency, and a stronger overall security posture without impacting endpoint performance or user experience,” Stycos continued.

“The traditional vulnerability management model – scan once or twice a week, export, hand off, wait – creates gaps, delays, and unnecessary risk,” said Rahul Hirani, Chief Product Officer at NinjaOne. “Our customers are looking for ways to reduce risk faster without slowing down their teams and organizations. By integrating real-time vulnerability assessment, which scans continuously, directly with patching and endpoint management, we help customers reduce risk faster in a way that fits their existing processes and simplifies their work.”


from Help Net Security https://ift.tt/FpKqrNA

Orca Security has announced major enhancements to the Orca Platform, introducing new AI-powered security agents, real-time detection of AI usage across cloud environments, remediation-focused workflows, and code reachability analysis. These innovations enable organizations to move beyond fragmented alerts toward faster investigation, clearer prioritization, and measurable risk reduction.

As enterprises accelerate AI adoption and scale across multi-cloud environments, security teams are inundated with alerts yet lack the context and prioritization needed to distinguish real, business-critical risk from background noise. Research shows that 84% of organizations now run AI workloads in the cloud, and 62% already have vulnerable AI packages in their environments. Orca’s latest innovations extend its unified platform to help teams understand threats faster, focus on truly exploitable vulnerabilities, and take action with confidence.

“Security teams don’t need more data. They need to know what actually matters and what to do about it,” said Gil Geron, CEO of Orca Security. “These new capabilities are designed to turn complex cloud risk into clear, actionable guidance so teams can make faster decisions and reduce exposure in a measurable way. That shift from information to action is what ultimately improves security outcomes.”

New platform capabilities include:

  • Threat Investigation Agent: Orca’s Threat Investigation Agent automatically analyzes risk, correlates signals across the cloud environment, and produces transparent investigation reports with recommended containment actions.
  • AppSec Triage Agent: The new AppSec Triage Agent analyzes SAST findings to identify false positives, reduce alert fatigue, and help teams focus on real vulnerabilities.
  • Runtime AI threat detection: Orca now identifies when workloads, identities, and processes interact with AI models, MCP servers, and third-party AI tools. This enables security teams to understand how AI is being used, detect potential exposure of sensitive data, and implement AI governance based on real runtime activity.
  • Orca Missions: Orca groups related findings into Missions—focused remediation initiatives with clear objectives and verification—allowing teams to resolve clusters of risk efficiently and track meaningful improvements in their security posture.
  • Code Reachability Analysis: Orca now analyzes whether vulnerable code paths are actually invoked in applications, in addition to identifying vulnerable packages. Combined with Orca’s existing Agentless and Dynamic Reachability Analysis, this provides comprehensive context to help teams prioritize vulnerabilities that are truly exploitable.

These enhancements build on Orca’s agentless-first architecture, which provides visibility and risk prioritization across cloud infrastructure, workloads, identities, applications, and now AI systems, without requiring agents.

“Cloud security tools generate an incredible amount of data, but what teams really need is help understanding what to do next,” said Erika Voss, SVP, Chief Security Officer at Blue Yonder. “What stands out about Orca is the way it connects the dots. Instead of spending hours piecing together alerts, our team can see what actually happened, what’s exposed, and where to focus first.”


from Help Net Security https://ift.tt/rEL3kpV

We may earn a commission from links on this page.

On Monday, Apple officially announced the AirPods Max 2. As the name implies, this is the first major update to the AirPods Max since Apple introduced the over-the-ear headphones in 2020. The company previously rolled out a minor refresh for the AirPods Max, but this only replaced the original pair's Lightning port with USB-C, and enabled Apple to add a couple neat perks via software update. AirPods Max 2, however, come with new features out of the gate—features that Apple's earbuds have actually had for years.

First, an answer to the question most likely on your mind: No, Apple did not change the price. These headphones are still $549, which is expensive, even for high-end over the ear headphones. Take a look at PCMag's list of the best headphones for 2026, and you'll see similar options from competitors like Sony and Bose reach up to $450 or $460, but none break $500—and you'll often find huge discounts on these headphones to boot. The AirPods Max's price tag has always made these headphones hard to recommend, even though I personally love them. That's still the case with the AirPods Max 2.

Still, Apple is offering a lot more functionality for the same price, and seeing as $549 in 2020 is worth nearly $700 in 2025, you are getting quite a bit more for your money with the AirPods Max 2. The new headphones get Apple's H2 chip, which Apple says improves noise cancellation by up to 1.5 times, and enables "even more natural" Transparency mode. The company says the new headphones have a new high dynamic range amplifier "for even cleaner audio," while maintaining the sound signature from the previous generation AirPods Max. Meanwhile, Spatial Audio sounds "better than ever" with "more accurate and consistent bass response, and more natural-sounding mids and highs." Like the USB-C AirPods Max, these headphones support 24-bit 48 kHz lossless audio when connected via a wired USB-C cable.

AirPods Max 2's "new" features

So, according to Apple, AirPods Max 2 sound better than AirPods Max. That's to be expected from a new generation of headphones. In my view, however, the real upgrade here are all the "intelligent" features that AirPods Max 2 now support. For the first time, AirPods Max supports Adaptive Audio, which automatically adjusts noise cancellation and Transparency levels to match your environment. That also includes Conversation Awareness, which automatically lowers the volume and reduces background sounds when you start speaking. That way, you can hear someone clearly while having a conversation with your AirPods Max on, and when you're done talking, your audio comes back at its previous volume.

The new AirPods also support Voice Isolation, which blocks out background noise and emphasizes your voice during calls, as well as Personalized volume, which adjusts the volume based on your past preferences. There's "Loud Sound Reduction," which caps the loudness of externals sounds while preserving the sounds themselves. (You could wear these to a concert and still hear everything, but protect yourself from sounds that are too loud.) You can also nod or shake your head to interact with Siri, rather than speak your commands. (If Siri asks you whether you'd like to respond to a message, you can nod to accept, or shake your head to dismiss.) You can also take advantage of Live Translation, Apple's feature that translates conversations on the fly.

The thing is, none of these features are actually new, and with exception to some (namely Live Translation), have been available on some AirPods models for years. It's great that Apple finally added them to the AirPods Max, but it is frustrating that the USB-C model didn't include them for that $549 price point.

Apple says that you can pre-order AirPods Max 2 starting March 25, in midnight, starlight, orange, purple, and blue, and that the headphones will be available starting early next month. Now that these headphones are official, however, keep an eye out for discounts on the previous generation AirPods Max. Amazon tends to have good deals on AirPods Max from time to time, and now that there's a new model, the previous ones should go down in price even more—as long as there's availability. As of this piece, the best deals appear to be on renewed models.


from Lifehacker https://ift.tt/d0Db9Be

Bitdefender researchers uncovered hundreds of scam campaigns promoted through Facebook ads that use fake news stories, celebrity impersonation, and redirect chains to funnel victims into investment fraud schemes.

Facebook investment fraud

The activity ran through 310 malvertising campaigns distributed on Meta platforms from February 9 to March 5, 2026. The campaigns generated more than 26,000 ad sightings with localized content in more than 15 languages.

The operation used three main scam sub-campaigns with a smaller fourth branch, and the infrastructure pointed to two or three separate operator groups using the same playbook.

Anatomy of an investment scam

The campaigns used a small set of recurring storylines to attract victims. Three themes appeared repeatedly in different countries and languages.

One of the most common narratives, “Celebrity Will / Testament,” focused on inheritance claims or alleged final revelations linked to well-known public figures. The ads suggested that a celebrity had secretly invested in a trading platform or left behind financial advice that could make ordinary people wealthy.

Another frequent theme, “Banking / Financial Scandal,” staged dramatic television-style confrontations involving bank executives, central bankers, or financial regulators. In these stories, a public figure appears to reveal a new investment opportunity during a heated interview before the broadcast is supposedly censored or taken down.

A third category, “Political Figure Exposure,” relied on sensational claims about politicians. These ads suggested that a political leader had been arrested, exposed in a scandal, or caught revealing a secret investment platform that could generate large profits.

“Each narrative is localizable, reusable, and emotionally compelling, which makes them effective on social platforms,” researchers noted.

After encountering one of these narratives, victims are directed to a sponsored post that appears to link to a trusted website. Some use legitimate domains. Others imitate well-known media brands through cloned layouts and similar web addresses.

The preview page rarely hosts the scam itself. A redirect chain moves the visitor to another destination with little visible change. The next page usually presents a dramatic news article or breaking story connected to the original ad. The narrative introduces an investment platform and urges readers to register to gain access or start earning.

Registration forms request basic personal information such as name, phone number, and email address. Submitting the form transfers the data to the operators running the scheme. Contact usually follows quickly.

Victims begin receiving calls from individuals posing as account managers or investment advisors. These callers guide targets through initial deposits and encourage additional transfers.

Conversations include promises of high returns and limited-time opportunities. The platform interface shows account dashboards with rising balances meant to suggest successful trades. The figures are fabricated and serve to persuade victims to send more money.

Evasion built into the ad pipeline

The scam infrastructure treated moderation evasion as a routine part of its operations. Observed tactics included whitelisted domain preview abuse involving legitimate news sites and google.com, networks of fake media domains, and Cyrillic homoglyph substitution designed to bypass automated filters.

Bitdefender also observed creative churn, domain rotation, and the migration of techniques between regions, allowing the campaigns to remain active in multiple markets during the study period.

Operational indicators pointed to a shared management layer within parts of the ecosystem. Russian-language metadata appeared in several European scam campaigns. Internal campaign metadata and shared buyer identifiers suggested a Russian-speaking affiliate or management group coordinating elements of the infrastructure.

Researchers found no evidence in the dataset of state sponsorship, intelligence agency involvement, or political direction, suggesting the activity is financially motivated.

The structure described in the research resembled a modular franchise. Shared tooling and a common playbook appeared to support region-specific operators who could deploy localized scams without altering the monetization model.

Reuse appeared in overlapping infrastructure, shared UTM and pixel signatures, coordinated launch timing, and recurring narrative templates adapted to local personalities and media brands.

Meta steps up fight against scam ads

Meta has been under growing pressure in recent years to do more to protect users on its social media platforms.

Recently, the company filed multiple lawsuits targeting companies and individuals in Brazil, China, and Vietnam who used deceptive tactics to run scam ads.

It has also introduced new tools on Facebook, Messenger, and WhatsApp designed to protect users from scams.


from Help Net Security https://ift.tt/xNnQ4BZ

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Turning expertise into opportunity for women in cybersecurity
Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field. SheSpeaksCyber, a free and open directory launched by the Women4Cyber Foundation, aims to close that gap by making female experts discoverable to event organizers worldwide. We spoke with founder Erlend Andreas Gjære about how it works and why now.

Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity
Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize his calendar around the cognitive load of processing sound. It was manageable. Then, in July 2025, it wasn’t.

Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming
Pascal Andrei, CSO at Airbus, knows that the aerospace and defense sector is facing a threat environment that is evolving faster than most organizations can track. From sub-tier suppliers quietly becoming entry points for state-backed attackers, to satellites emerging as targets in an increasingly contested space domain, the risks are real and growing.

Cloud-audit: Fast, open-source AWS security scanner
Running AWS security audits without a dedicated security team typically means choosing between enterprise platforms with per-check billing and generic open-source scanners that produce findings with no remediation guidance. Cloud-audit, a Python CLI tool published on GitHub by Mariusz Gebala, takes a narrower scope and attaches a fix to every finding it generates.

Agentic attack chains advance as infostealers flood criminal markets
Cybercriminals spent much of 2025 automating their operations, shifting from one-off attacks to systems that can run entire intrusion cycles with minimal human input. Data collected from criminal forums, illicit marketplaces, and underground chat services shows a threat environment where stolen identity data, unpatched vulnerabilities, and ransomware operations are interdependent. The findings come from Flashpoint’s 2026 Global Threat Intelligence Report, pulling data directly from sources across open and restricted online spaces.

Stop fixing OT security with IT thinking
In this Help Net Security interview, Ejona Preçi, Group CISO at Lindal Group, discusses the specific cybersecurity challenges in manufacturing environments. The conversation covers why standard IT security practices break down on shop floors, where PLCs and decade-old firmware were never designed to be networked.

This spy tool has been quietly stealing data for years
ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024.

Fake Claude Code install pages highlight rise of “InstallFix” attacks
Users looking for Anthropic’s Claude Code agentic AI coding tool are being tricked via fake Claude Code install pages into running malware, Push Security researchers have warned. The attackers behind this scheme are faithfully cloning Anthropic’s installation page, hosting it on a lookalike domain, and paying Google to surface those fake pages on the top of its results when users ask how to “install Claude Code”, “Claude Code CLI”, or simply “Claude Code”.

Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog researchers have warned. The campaign has been running since the end of February and possibly earlier. “In one observed case, the operator authenticated to a compromised AWS account within 20 minutes of credential submission,” the researchers noted.

HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have managed to keep their activity largely under the radar.

Microsoft patches 80+ vulnerabilities, six flagged as “more likely” to be exploited
On March 2026 Patch Tuesday, Microsoft addressed 80+ vulnerabilities affecting its software and cloud services. Of these, two were publicly disclosed, but not actively exploited. The two publicly disclosed flaws are CVE-2026-21262, a vulnerability in SQL Server that may allow attackers to gain SQLAdmin privileges, and CVE-2026-26127, a .NET flaw that can be triggered for a denial of service attack.

Researchers uncover AI-powered vishing platform
A vishing-as-a-service platform that helps scammers carry out so-called “press 1” scams is misusing text-to-speech (TTS) capabilities provided by AI voice technology company ElevenLabs, Mirage Security researchers claim. For “press 1” scams, fraudsters spoof phone numbers of trusted institutions (e.g., bank), call up potential victims and try to scare them with pre-recorded messages into sharing sensitive information.

ShinyHunters claims new campaign targeting Salesforce Experience Cloud sites
Salesforce customers have, once again, been targeted by the ShinyHunters group – or, at least, it’s what the group claims. On Saturday, Saleforce confirmed that its security team has identified an attack campaign by unnamed malicious actors looking to access customers’ data.

Does Anthropic deserve the trust of the cybersecurity community?
The cybersecurity industry runs on trust. The belief that when a vendor says they will behave a certain way, they will, that critical CVEs are in fact critical, or when companies say they’re GDPR compliant, they really are. But earning trust is not a one-and-done thing.

Zero trust, zero buzzwords: Here’s what it means
In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach and the growing number of remote workers accessing private resources.

Passwords, MFA, and why neither is enough
Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next.

OpenAI joins the race in AI-assisted code security
OpenAI introduced Codex Security⁠, an AI agent that reviews codebases to find, verify, and help fix software vulnerabilities. The launch comes a few weeks after rival Anthropic unveiled its Claude Code Security tool. The feature is available in research preview via Codex Web for ChatGPT Pro, Enterprise, Business, and Edu customers, with free access for the next month.

No more soft play, President Trump warns in new cyber strategy
The White House released “President Trump’s Cyber Strategy for America,” a policy framework outlining the administration’s priorities for maintaining U.S. leadership in cyberspace. The seven-page cyber strategy commits to a coordinated, government-wide response to cyber threats that extends beyond cyberspace and relies on close cooperation with allies, industry, and academia.

Russian hackers crack into officials’ Signal and WhatsApp accounts
Russian state hackers are trying to break into Signal and WhatsApp accounts used by diplomats, military staff, and government officials worldwide, Dutch intelligence agencies warned. They believe journalists and other people who attract attention from Moscow may also be affected.

Phishing campaign spoofs local officials to steal permit fees
The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits. Criminals mine publicly available permit data to find likely targets and make their outreach appear legitimate.

Teen crew caught selling DDoS attack tools
Seven minors who distributed online programs designed to facilitate DDoS attacks have been identified by Poland’s Central Bureau for Combating Cybercrime (CBZC). They were between 12 and 16 at the time of the crime. According to investigators, using the tools they administered, the minors attacked popular websites, including auction and sales portals, IT domains, hosting services and accommodation booking sites. The activity was profit-driven, with the suspects earning money from the operation.

Microsoft flips Windows Autopatch to default hotpatch security updates
Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft Intune or the Microsoft Graph API starting with the May 2026 Windows security update.

Software vulnerabilities push credential abuse aside in cloud intrusions
Cloud intrusions are unfolding on shorter timelines, with attackers leaning more on unpatched software and compromised identities. Google Cloud’s Cloud Threat Horizons Report H1 2026 reflects incident response and intelligence findings from the second half of 2025 and shows how access methods and objectives are changing in cloud and SaaS environments.

YouTube draws a line on deepfakes involving politicians and journalists
With deepfakes becoming more common, YouTube has expanded access to its AI-driven likeness detection system to a pilot group of government officials, journalists and political candidates. The step follows an earlier rollout of the tool to creators in the company’s Partner Program.

Anthropic forms institute to study long-term AI risks facing society
Anthropic has established the Anthropic Institute, a research unit focused on studying the societal effects of AI and informing policy responses to risks from more advanced systems. The company believes rapid advances in AI will force governments and industries to confront difficult questions about jobs, economic disruption and system governance. It also raises concerns about how AI systems express values, how those standards are set and how future self-improving systems should be monitored and regulated.

Wireless vulnerabilities are doubling every few years
Wireless vulnerabilities are being disclosed at a rate that has no precedent in the fifteen-year history of systematic tracking. In 2025, researchers published 937 new wireless-related CVEs, an average of 2.5 per day, according to a threat report from Bastille Networks based on data from the NIST National Vulnerability Database.

WhatsApp is giving parents peace of mind over their kids’ privacy
WhatsApp has introduced parent-managed accounts designed for pre-teens, giving parents and guardians new controls over contacts, group participation, and how the app is used.

War spreads into cyberspace after Iran-linked hackers hit medtech giant Stryker
An Iran-linked hacking group has claimed responsibility for a cyberattack on U.S. medical device giant Stryker, marking a potential escalation of cyber activity tied to the ongoing conflict in the Middle East.

Authorities dismantle SocksEscort proxy network behind millions in fraud
SocksEscort, a residential proxy network used to exploit thousands of compromised home routers worldwide and facilitate large-scale fraud that cost victims millions of dollars, has been disrupted in an international law enforcement operation led by the U.S. Department of Justice.

Submarine cables move to the center of critical infrastructure security debate
The cables running along the ocean floor carry the overwhelming majority of the world’s cross-border data traffic, and for most of their operational history they have attracted little strategic attention. That is changing. A new sector report from Capacity Insights draws on interviews with senior executives across the subsea industry to examine how demand growth, hyperscaler investment, and geopolitical pressure are converging on infrastructure that governments and operators are only beginning to treat as a security priority.

Product showcase: Fing Desktop puts network visibility on your screen
Phones, laptops, smart TVs, cameras, and smart home equipment all use the same network. Knowing what’s connected helps users manage performance and security. Fing Desktop provides tools that identify devices, test connectivity, and analyze network activity.

Open-source tool Sage puts a security layer between AI agents and the OS
Autonomous AI agents running on developer workstations execute shell commands, fetch URLs, and write files with little or no inspection of what they are doing. Open-source project Sage inserts an interception layer between an AI agent and those operations, checking each action before it proceeds.

More AI tools, more burnout! New research explains why
Workflows built around multiple AI agents and constant tool switching are adding cognitive strain across large enterprises. A recent Harvard Business Review analysis describes this pattern as “AI brain fry,” a form of mental fatigue tied to intensive use and oversight of AI systems.

OpenWrt 25.12.0 ships with new package manager, built-in upgrade tool, support for 2200+ devices
OpenWrt 25.12.0 is now available for download. The release incorporates over 4,700 commits since branching from OpenWrt 24.10. One of the most significant structural changes in 25.12.0 is the replacement of the opkg package manager with apk, the Alpine Package Keeper. The OpenWrt fork of opkg is no longer maintained, and the project moved to apk as an actively maintained alternative.

Bug bounties are broken, and the best security pros are moving on
Penetration testing engagements are organized as scheduled contracts with defined scope, set testing windows, and direct communication channels with client teams. Cobalt’s 2026 Pentester Profile Report describes growing preference for penetration testing as a service (PTaaS) and contract-based testing models.

The people behind cyber extortion are often in their forties
Many cybercrime investigations end with arrests or indictments that reveal little about the people behind the operations. When authorities do disclose demographic details, the pattern that emerges does not match the common assumption that cyber offenders are mostly very young. Analysis in the Security Navigator 2026 report from Orange Cyberdefense points to a different age profile, with a strong concentration of offenders in mid-career adulthood.

New Claude tool uses AI agents to find bugs in pull requests
Anthropic’s Claude Code Review is a new tool, available as a research preview beta for Team and Enterprise plans, that sends a team of AI agents to examine every pull request. The system dispatches multiple agents that look for bugs in parallel. Findings go through a verification step to filter out false positives, and confirmed issues are ranked by severity.

Messenger can warn you about sketchy links without knowing what you clicked
Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal passwords, collect personal information, or install malware.

Meta turns to AI to sniff out scams on Facebook, Messenger and WhatsApp
Meta’s new tools on Facebook, Messenger, and WhatsApp protect users from scams. They use advanced AI systems to analyze text, images, and surrounding context and identify sophisticated scam patterns. The systems detect impersonation of celebrities, public figures, and brands. They also identify deceptive links and domain impersonation and take action against content that redirects people to sites that mimic legitimate ones.

ENISA advisory examines package manager security risks
Developers install external libraries with a single command, and that step can introduce more code than expected into a project environment. Dependency resolution inside package managers extends software supply chains across large collections of external components. ENISA’s Technical Advisory for Secure Use of Package Managers, released in March 2026, examines how this development practice expands exposure across software ecosystems.

AI coding agents keep repeating decade-old security mistakes
Coding agents are now writing production features on real development teams, and a new report from DryRun Security shows that those agents introduce security vulnerabilities at a high rate across nearly every type of application they build.

EU Parliament backs extension of CSAM detection rules until 2027
The European Parliament has voted to extend a temporary exemption to EU privacy legislation that allows online platforms to voluntarily detect child sexual abuse material (CSAM).

Cybersecurity jobs available right now: March 10, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: March 13, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Binary Defense, Mend.io, OPSWAT, Singulr AI, SOC Prime, Terra Security, and Vicarius.


from Help Net Security https://ift.tt/fhO78HQ

This is a current list of where and when I am scheduled to speak:

The list is maintained on this page.


from Schneier on Security https://ift.tt/FkMEOuz