More results...
The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ranso…
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one compromised tool call can leak credentials to an attacker-controlled domain. Pipeloc…
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What’s more, attackers didn’t have to wait for watc…
Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shippe…
Attackers are exploiting CVE-2026-32202, a zero-click Windows Shell spoofing vulnerability that causes victims’ systems to authenticate the attacker’s server, CISA and Microsoft have warned. About CVE-2026-32202 CVE-2026-32202 stems from an…
In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while organizations must protect their own data, identities, and configurations. The discussi…
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks inc…
The open web is slowly but surely filling up with “traps” designed for LLM-powered AI agents. The technique, known as indirect prompt injection (IPI), involves hiding (more or less) covert instructions inside ordinary web pages, waiting for…
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is releva…
In this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated w…