Help Net Security

Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)

Zeljka Zorz — Fri, 03 Apr 2026 12:59:22 +0000

Cisco has fixed ten vulnerabilities affecting its Integrated Management Controller (IMC), the most critical of which (CVE-2026-20093) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system as Admin. Cisco ICM riddled with vulnerabilities Cisco Integrated Management Controller is a built-in hardware management system used in Cisco servers. It allows administrators to remotely control, monitor, and troubleshoot a server, even if the operating system isn’t running. (That’s because Cisco IMC … More →

The post Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093) appeared first on Help Net Security.

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Anamarija Pogorelec — Fri, 03 Apr 2026 11:43:26 +0000

Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device security > Secure Boot. Updated 2023 certificates are being delivered automatically through Windows Update to consumer devices and some business devices. The new app indicators show whether a given device has received those updates, what its current certificate state … More →

The post Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches appeared first on Help Net Security.

Claude Code source leak exploited to spread malware

Sinisa Markovic — Fri, 03 Apr 2026 10:54:38 +0000

A source code leak involving Anthropic’s Claude Code tool quickly escalated into a cybersecurity threat, as attackers seized on the exposed files to lure developers into downloading malware disguised as “unlocked” versions of the software. Leaked Claude Code source code used as lure On March 31, 2026, Anthropic accidentally exposed online the source code of its Claude Code tool. The leak was detected by security researcher Chaofan Shou, whose post on X drew widespread attention. … More →

The post Claude Code source leak exploited to spread malware appeared first on Help Net Security.

APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance

Industry News — Fri, 03 Apr 2026 07:06:01 +0000

APERION launched SmartFlow SDK, providing a secure, on-premises path for enterprises migrating away from compromised cloud-based AI gateways. The launch coincides with a 200% increase in web traffic since the March 24 LiteLLM supply chain attack that compromised an estimated 36% of all cloud environments. LiteLLM was the victim of a supply chain attack in which the threat actor group TeamPCP compromised the most widely used open-source LLM proxy in the Python ecosystem through a … More →

The post APERION releases SmartFlow SDK for secure, on-prem AI governance without cloud reliance appeared first on Help Net Security.

Trivy supply chain attack enabled European Commission cloud breach

Zeljka Zorz — Fri, 03 Apr 2026 06:34:00 +0000

CERT-EU confirmed that ShinyHunters are behind the recent breach of the cloud infrastructure underpinning websites of the European Commission, and that they stole and subsequently leaked approximately 340 GB of data. “Analysis of the published dataset has so far confirmed the presence of personal data, including lists of names, last names, usernames, and email addresses, predominantly from the European Commission’s websites but potentially pertaining to users across multiple Union entities,” European Union’s CERT said. “The … More →

The post Trivy supply chain attack enabled European Commission cloud breach appeared first on Help Net Security.

Microsoft releases open-source toolkit to govern autonomous AI agents

Anamarija Pogorelec — Fri, 03 Apr 2026 05:30:38 +0000

AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks like LangChain, AutoGen, CrewAI, and Azure AI Foundry Agent Service have made this kind of autonomy straightforward to deploy. The governance infrastructure to match that autonomy has lagged behind. Microsoft released the Agent Governance Toolkit to address that gap. What the toolkit contains The Agent Governance Toolkit is a seven-package system available in … More →

The post Microsoft releases open-source toolkit to govern autonomous AI agents appeared first on Help Net Security.

Which messaging app takes the most limited approach to permissions on Android?

Sinisa Markovic — Fri, 03 Apr 2026 05:00:19 +0000

Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android versions of Messenger, Signal, and Telegram shows that differences in permissions, background activity, and system exposure shape how much data each app can access and how often it communicates. Permissions define access to device and user data The three apps take different approaches. Telegram has the lowest total number of permissions … More →

The post Which messaging app takes the most limited approach to permissions on Android? appeared first on Help Net Security.

Click, wait, repeat: Digital trust erodes one login at a time

Anamarija Pogorelec — Fri, 03 Apr 2026 04:30:22 +0000

Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. These moments rarely stand out on their own, and over time they influence how people judge the systems they rely on. The 2026 Thales Digital Trust Index reflects that environment, where trust is built or lost through everyday interactions. Most consumers have encountered problems when using websites or apps, … More →

The post Click, wait, repeat: Digital trust erodes one login at a time appeared first on Help Net Security.

New infosec products of the month: March 2026

Anamarija Pogorelec — Fri, 03 Apr 2026 04:00:58 +0000

Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.io, Mimecast, NinjaOne, Novee, Intel 471, Singulr AI, Stellar Cyber, Teleport, and Vicarius. Beazley Exposure Management platform identifies external exposures and prioritizes cyber risk Beazley Security has announced its Exposure Management product, which delivers continuous, automated discovery and intelligence-driven exposure notifications to help security teams accelerate risk mitigation in an era where AI-assisted attackers have compressed the time … More →

The post New infosec products of the month: March 2026 appeared first on Help Net Security.

AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test

Anamarija Pogorelec — Thu, 02 Apr 2026 22:15:02 +0000

Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, attempts to do exactly that, sharing benchmark results for Backblaze B2, AWS S3, Cloudflare R2, and Wasabi Object Storage across US-East and EU-Central regions, and including results where Backblaze’s own rate limits affected the numbers. The report is the second in a quarterly series. Backblaze publishes its full methodology and states that tests run … More →

The post AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test appeared first on Help Net Security.