Monthly Archives: March 2026

Terminated contract led to $2.5 million cyber extortion scheme

A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to two years in prison on each of the six charges. Curry, who worked as a data analyst for about six months with the victim company and had access to its data files and internal personnel and corporate information, began the scheme after learning his contract would … More → The post Terminated contract led to $2.5 million cyber extortion scheme appeared first on Help Net Security.
http://news.poseidon-us.com/TRbwPM

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis

Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risks based on real-world attack paths and business impact. As organizations scale hybrid and multi-cloud environments, security programs must move beyond reactive models built on assessment alone. With runtime validation and DSPM, Rapid7 advances Exposure Command from continuous assessment to continuous validation, enabling proactive exposure reduction … More → The post Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis appeared first on Help Net Security.
http://news.poseidon-us.com/TRbnm7

Fake AI songs streamed billions of times, netting fraudster $10 million

Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire fraud, which carries a maximum sentence of five years in prison, and agreed to forfeit $8,091,843.64. According to U.S. Attorney for the Southern District of New York Jay Clayton, Smith used AI to generate hundreds of thousands … More → The post Fake AI songs streamed billions of times, netting fraudster $10 million appeared first on Help Net Security.
http://news.poseidon-us.com/TRbnlY

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution providers. They can opt for the cloud-hosted version or can deploy it on their own servers or in their private cloud. CVE-2026-3564 stems from improper verification of cryptographic signature, can be exploited remotely … More → The post Unpatched ScreenConnect servers open to attack (CVE-2026-3564) appeared first on Help Net Security.
http://news.poseidon-us.com/TRbnkK

Semgrep Multimodal brings AI reasoning and rule-based analysis to code security

Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cutting noise by 50% compared to foundation models alone, and has already discovered dozens of zero-days at customers. Multimodal is built on Semgrep Workflows, a framework for autonomous code security – using deterministic tools and AI so security teams can encode their processes once and scale them … More → The post Semgrep Multimodal brings AI reasoning and rule-based analysis to code security appeared first on Help Net Security.
http://news.poseidon-us.com/TRbh0R

ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption

ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility, policy enforcement, and compliance. As AI tools proliferate across the enterprise, organizations face a critical challenge: 75% of knowledge workers use AI tools today, and 78% bring their own, creating massive shadow AI risk. Meanwhile, only 18% … More → The post ConductorOne unveils AI Access Management to accelerate secure, compliant AI adoption appeared first on Help Net Security.
http://news.poseidon-us.com/TRbh0N

Bonfy ACS 2.0 helps organizations control data use in AI environments

Bonfy.AI announced Bonfy Adaptive Content Security (Bonfy ACS) 2.0, a platform built to secure enterprise content across all systems, applications, and AI agents – anywhere data moves, resides, or is processed. As organizations race to deploy copilots, custom AI apps, and increasingly autonomous AI agents, security leaders are struggling with blind spots around how these systems access, transform, and share sensitive data, gaps that legacy DLP and DSPM tools were never designed to handle. By … More → The post Bonfy ACS 2.0 helps organizations control data use in AI environments appeared first on Help Net Security.
http://news.poseidon-us.com/TRbgzv