.png)
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Coinflow CISO on crypto payments security under AI pressure
Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered in the United States and operates across multiple jurisdictions. Portelli sat down for this interview at the Span Cyber Security Arena conference.
Frontier AI models collapse under multi-turn AI attacks, Cisco finds
Attackers who probe large language models rarely give up after one refusal. They reframe, build context across turns, adopt personas, and escalate gradually. New research from Cisco’s AI threat intelligence team finds that the safety benchmarks used across the industry miss almost all of this behavior, and the gap between published scores and observed resilience runs wide enough to misrank leading models.
The CISO selling confidence in a market full of breach headlines
Engineering teams across enterprise IT are writing their own software with AI coding assistants, spinning up agents that act on their behalf, and assigning those agents the same access privileges their human creators hold. The shift has pulled the role of the chief information security officer into territory that did not exist two years ago. Speaking at the Span Cyber Security Arena conference, Hrvoje Englman, CISO at Span, said it is changing what defenders worry about most.
Zapier exploit chain shows how known anti-patterns compose into critical risk
A five-stage exploit chain disclosed by Token Security researchers turned a free Zapier account into write access on Zapier’s public developer SDK packages and on internal packages that load in every authenticated zapier.com session. Each link in the chain was a known anti-pattern. The composition across five systems was the finding.
High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)
Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. It affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.
Actively exploited Trend Micro Apex One flaw gets CISA warning (CVE-2026-34926)
A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. Trend Micro Apex One is a security platform that protects all the devices in an organization from cyber threats.
LinkedIn-themed phishing abuses Adobe’s A/B testing platform
A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack starts with an email that looks, at first glance, like a routine business inquiry: someone wants to do business with you through LinkedIn and has attached a signed contract for your review.
New infostealer reaches enterprise devices through FortiClient EMS vulnerability
Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). CVE-2026-35616 is an improper access control vulnerability vulnerability in FortiClient EMS, a centralized management platform through which IT admins deploy, configure, and monitor FortiClient endpoint security software across all devices in an organization’s network.
Manage machine identities: The hidden privileged access layer you need to manage
Every automation, integration, and workload needs authentication and permissions, creating a large population of machine identities such as service accounts, service principals, workload roles, OAuth apps, AI agents, and IAM roles. These identities use credentials like access keys, secrets, and tokens. Many hold privileges equal to or greater than human admins. Because they grow quickly, persist for long periods, and often receive limited oversight, they create a hidden layer of privileged access.
Lessons for organizations from the Verizon 2026 Data Breach Investigations Report
The latest Verizon 2026 Data Breach Investigations Report (DBIR) offers valuable insight into the evolving cyber threat landscape. Based on more than 31,000 security incidents and 22,000 confirmed data breaches across 145 countries, the vendor-neutral report draws on data from police forces, cybersecurity companies, and CSIRTs, making it one of the most comprehensive cybersecurity studies published each year.
Building a risk-based vulnerability management program that scales
In this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilities are exploding by an order of magnitude in the age of AI-driven attacks, with one customer finding a thousand vulnerabilities for every one they knew about.
Boards want cyber risk in dollars, not CVE counts
In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon.
The alert economy is driving security analyst burnout
In this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing repetitive tickets while the institutional knowledge of senior staff walks out the door when they quit, taking organizational context with them and driving up false positives.
OpenHack: Open-source AI-powered vulnerability research
Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of those harnesses can run.
Authorities seize 800 servers used for cyberattacks and disinformation
Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems.
Cisco refines its risk-based vulnerability disclosure for the AI era
Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review.
Anthropic adds 28 security and compliance integrations for Claude
AI tools are becoming part of everyday work in organizations, creating new security and oversight requirements as usage grows. To address that, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same way they manage other applications in their environments.
What happens when security teams inherit identity
Eric Woodruff, Chief Identity Architect at Semperis, shared his perspective on where organizations struggle with identity, why identity platforms become difficult to manage, how phishing-resistant authentication works in practice, and what non-human identities and AI could mean for security.
Personal information of 185,000 people exposed after cyberattack on 7-Eleven
Data belonging to about 185,000 people was exposed following a cyberattack on convenience store chain 7-Eleven that was later claimed by the ShinyHunters extortion gang, according to Have I Been Pwned. The exposed information includes email addresses, names, physical addresses, dates of birth, and phone numbers, while a small number of records also contained additional data fields.
Chinese phishing gangs grow into a force to be reckoned with
Chinese-language phishing-as-a-service (PhaaS) communities are expanding in an area historically dominated by Russian-speaking cybercriminal groups. The Google Threat Intelligence Group (GTIG) analyzed a dozen active PhaaS offerings operating in Chinese-language underground communities and found mature services, with several likely linked to broader criminal activity in the region.
European AI adoption hits 99% with regulated data driving most policy violations
Generative AI tools operate inside nearly every European workplace, embedded in meeting transcription services, writing assistants, coding copilots, and search features. Workers in the region pull these tools into daily routines that involve customer records, financial information, and proprietary code, and that volume of activity has produced a measurable pattern in where data exposure occurs. The Netskope Threat Labs Report: Europe 2026 documents this pattern across organizations in Europe over the past year.
Claude now reviews and fixes vulnerabilities as you write code
Anthropic introduced a security-guidance plugin for Claude Code that reviews code changes for common vulnerabilities and helps Claude identify and fix issues during the same development session.
Hackers are knocking on office doors pretending to be IT staff
The Silent Ransom Group (SRG) is targeting law firms using social engineering techniques and an unusual tactic for cybercriminals: showing up at victims’ offices in person while posing as IT staff, the FBI warns.
AI chatbot recommendations lure users to cryptojacking malware sites
Cybercriminals are using AI chatbot interactions alongside poisoned search results to direct users to malicious download sites in an active cryptojacking campaign, Microsoft has warned.
Canonical releases Workshop for one-command sandboxed dev environments on Ubuntu
Canonical released Workshop, a tool that launches sandboxed development environments on Ubuntu with a single command. Environments are configured once and reproduced on different machines, giving teams consistent setups across development workstations and deployment pipelines.
Police arrest suspect in Ajax football club hack that exposed 300,000 fan records
The Dutch National Police arrested a man suspected of hacking into the computer systems of AFC Ajax, a football club from Amsterdam. The investigation began after AFC Ajax discovered unauthorized access to its computer systems earlier this year. Dutch police traced the intrusion to a suspect from the municipality of Buren and arrested him following the investigation.
Oil shipments, drone makers, and a poisoned code library targeted in recent APT campaigns
Geopolitical pressure drove much of the state-sponsored cyber activity recorded between October 2025 and March 2026, according to ESET’s latest APT Activity Report. Espionage groups aligned with China, North Korea, Russia, and Iran adjusted their targets to match the economic and security concerns of their governments.
A single typo could derail your World Cup plans
Cybercriminals are spoofing Fédération Internationale de Football Association (FIFA) websites ahead of the 2026 FIFA World Cup, the FBI warns. The attackers are registering lookalike domains with small spelling changes or different domain endings to impersonate FIFA websites and services. The tactic, known as typosquatting, relies on users making small typing mistakes when entering website addresses.
OpenAI prepares ChatGPT for the election misinformation wave
AI-generated election misinformation could shape public opinion and influence the lives of millions of people. To address those risks, OpenAI outlined a series of safeguards ahead of the 2026 election cycle. The company said its efforts will focus on helping users access voting information, supporting cybersecurity defenders, and improving transparency around AI-generated content.
Cybercriminals sail away with data from 6 million Carnival customers
Carnival Corporation, one of the world’s largest cruise operators, confirmed a data breach weeks after the ShinyHunters hacking group claimed it had stolen millions of customer records. Carnival acknowledged a phishing incident involving a single employee account and stated that it was investigating the scope of the unauthorized activity.
The behavioral signals that sharpen Trojan malware detection
Malware analysts spend a lot of time deciding which signals from a sandbox run are worth keeping. A sample executed in a controlled environment can generate hundreds of measurable attributes covering file structure, registry edits, process behavior, and network traffic. Most of those attributes add noise. A recent study works through this problem in detail, and the part that earns attention from working defenders is the feature selection, not the deep learning model attached to it.
Anthropic launches Claude Opus 4.8, prepares Mythos-class models for all customers
Anthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 is available to all users, with pricing unchanged from Opus 4.7.
Websites can spy on user activity by analyzing SSD behavior
Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never expect a website to observe: activity on their SSD (Solid-State Drive), the storage device where applications and files are stored.
Turns out the C-suite loves shadow AI
Senior decision-makers are the heaviest users of unapproved AI tools, and they continue using them despite being aware of the security and privacy risks linked to shadow AI, according to TrustedTech’s Shadow AI in the Workplace report. The study found that 65% of decision-makers use shadow AI, compared with 31% of employees below decision-maker level.
US states step up cyber defenses to protect local communities
U.S. state governments are taking on a larger role in cybersecurity to help protect local communities and essential services. Many states are building state-led cyber defense programs, including cybersecurity clinics, regional security operations centers (RSOCs), and state cyber corps programs to reduce costs, strengthen the local workforce, and improve cyber resilience.
Product showcase: F-Secure Internet Security blocks phishing sites, fake stores, and SMS scams
F-Secure Internet Security protects against viruses, ransomware, spyware, infected email attachments, and other cyber threats. It focuses on securing devices and online activity through malware protection, scam prevention, safe browsing, and banking safeguards. The platform supports Windows, macOS, Android, and iOS devices under a single subscription.
Anthropic: Claude Mythos identified 10,000+ software flaws
Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress.
Vigolium: Open-source vulnerability scanner
Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage.
Apple makes its quantum-resistant encryption open source
Apple has published its post-quantum cryptography implementations in corecrypto, together with mathematical proofs and verification tools for independent expert evaluation, allowing external researchers to review the work and reproduce the company’s analysis.
Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan built on the Deno JavaScript runtime, according to Malwarebytes.
Google AI Threat Defense targets attackers using AI to find flaws faster
Google Cloud introduced AI Threat Defense, an automated cybersecurity platform that combines several of the company’s security assets to find, prioritize, and patch software vulnerabilities at machine speed. The product is aimed at enterprises contending with attackers who use AI to discover and exploit flaws in hours or days, compressing windows that once stretched into weeks.
Companies built AI into core systems before figuring out how to govern it
70% of organizations use GenAI in live environments, and 64% have AI agents in pilot or production deployments. Some of those agents have privileged access to core systems, according to Check Point’s 2026 Cloud Security Report.
Hottest cybersecurity open-source tools of the month: May 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings.
Microsoft’s new cloud PCs place AI agents under enterprise controls
Microsoft’s Windows 365 for Agents, a cloud PC platform for agentic workloads, runs AI agents in secure environments. Organizations can direct agents with natural language to interact with applications, browsers, files, and enterprise systems. The platform is available in public preview.
Microsoft’s Copilot trust test: Zero findings, more models, wider oversight
Microsoft 365 Copilot and Copilot Chat (Copilot) have been recertified under ISO/IEC 42001:2023 by an independent auditor for the second consecutive year. Copilot first received ISO 42001 certification in March 2025. This year’s recertification recorded zero non-conformities and zero improvement observations, resulting in a second audit in a row.
Product showcase: TotalAV helps iOS users clean up their digital mess
TotalAV Mobile Security helps protect devices from malicious websites, SMS scams, unsafe public Wi-Fi networks, and exposed credentials. The app is available for Windows, Android, macOS, and iOS devices.
Microsoft 365 Copilot redesign brings context and actions into one workspace
Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions based on the user’s work.
Cybersecurity jobs available right now: May 26, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the month: May 2026
Here’s a look at the most interesting products from the past month, featuring releases from Alation, AppOmni, Apricorn, ASAPP, Babel Street, Checksum, Cogent, CTERA, Forward, LastPass, Operant AI, Riverbed, Sysdig, Trust3 AI, TrustCloud, VIAVI, Versa Networks, and XM Cyber.
from Help Net Security https://ift.tt/NAJErQm
0 comments:
Post a Comment