433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Deleted Google API keys keep working for up to 23 minutes, researchers warn

Google API keys are credentials that let applications access Google services, from Maps to the Gemini AI. If a key is leaked, an attacker can use it to make API calls, rack up charges, and, if Gemini is enabled, access uploaded files and cached conversations. The assumed fix is simple: delete the key. But Aikido Security has found that deletion doesn’t actually work right away. The testing The researcherd found successful authentications up to 23 … More → The post Deleted Google API keys keep working for up to 23 minutes, researchers warn appeared first on Help Net Security.
http://news.poseidon-us.com/TSgRsW

Kore.ai unveils AI-native platform for enterprise multiagent systems

Kore.ai has launched the new-generation Kore.ai Agent Platform Artemis edition, the AI-programmable, AI-native foundation that builds, governs, and optimizes the agents, systems, and workflows running across the enterprise. The platform launches initially on Microsoft Azure, with broader cloud availability to follow. The new-generation Kore.ai Agent Platform enables enterprises to deploy production-ready multiagent AI systems in days instead of months, with governance, observability, and operational control enforced before any agent goes live. Three core innovations make … More → The post Kore.ai unveils AI-native platform for enterprise multiagent systems appeared first on Help Net Security.
http://news.poseidon-us.com/TSgL8N

Suspected KimWolf botnet admin arrested over DDoS-for-hire operation

U.S. and Canadian authorities arrested and charged a Canadian man accused of operating the KimWolf DDoS botnet, a service linked to attacks that infected more than one million devices worldwide. Jacob Butler, 23, of Ottawa, Canada, also known online as “Dort,” was arrested in Canada under an extradition warrant after U.S. prosecutors charged him with offenses related to the alleged development and operation of the KimWolf botnet. According to court documents, KimWolf targeted internet-connected devices … More → The post Suspected KimWolf botnet admin arrested over DDoS-for-hire operation appeared first on Help Net Security.
http://news.poseidon-us.com/TSgL8F

Versa extends zero trust principles to AI agents and MCP workflows

Versa has introduced a patent-pending zero trust architecture for the Model Context Protocol (MCP), applying zero trust principles to AI execution. The company said every AI-generated action is validated against user identity, role-based access controls, and system policies before execution, with human approval required when defined by administrators. The launch addresses a growing challenge as enterprises deploy agentic AI systems. A single prompt can trigger multiple actions across network and security environments, reducing visibility into … More → The post Versa extends zero trust principles to AI agents and MCP workflows appeared first on Help Net Security.
http://news.poseidon-us.com/TSgL7X

GitLab 19.0 adds AI workflows, secrets management, and self-hosted model support

GitLab released GitLab 19.0 with expanded secrets management, agentic merge request workflows, improved CI pipeline visibility, support for self-hosted open-source models, and supply chain visibility enhancements. Engineering organizations shipping more code than ever are confronting the AI Paradox firsthand, as the surrounding workflows for securing credentials, reviewing and merging changes, enforcing pipeline standards, and running AI in regulated environments have not kept pace. GitLab 19.0 advances the platform’s agentic core by embedding those capabilities where … More → The post GitLab 19.0 adds AI workflows, secrets management, and self-hosted model support appeared first on Help Net Security.
http://news.poseidon-us.com/TSgJB2

Proton Pass adds monitored credential sharing for AI agents

Proton Pass, a secure, end-to-end encrypted password manager, added credential sharing through AI access tokens, allowing users to give AI agents access to selected items and monitor activity. To gain access, an agent must provide a reason for the request so users can see what actions are being performed. Access tokens are available with Pass Plus (included in Proton Unlimited), Pass Family, Pass Professional, and Proton Workspace plans. “AI access tokens are easy to set … More → The post Proton Pass adds monitored credential sharing for AI agents appeared first on Help Net Security.
http://news.poseidon-us.com/TSgJB0

Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR

Keepnet, an Extended Human Risk Management (xHRM) platform, today announced that its voice and SMS phishing simulation data contributed to the 2026 Verizon Data Breach Investigations Report (DBIR). The 2026 edition is the first to include voice and SMS phishing simulation data at this scale. The DBIR records this as “an increase of 40% in the median click rate” between phone-centric and email-based simulations (Verizon 2026 DBIR, p. 50). According to the report, phone-centric phishing … More → The post Keepnet contributes voice and SMS phishing data to the 2026 Verizon DBIR appeared first on Help Net Security.
http://news.poseidon-us.com/TSgJ9w

CISA’s new KEV nomination form opens reporting to vendors and researchers

The Cybersecurity and Infrastructure Security Agency launched a new nomination form that lets researchers, vendors, and industry partners report known exploited vulnerabilities for possible inclusion in its KEV catalog. The form gives outside contributors a direct way to submit vulnerabilities to CISA. Email submissions remain available at vulnerability@cisa.dhs.gov for organizations and individuals who prefer that route. “Every day, CISA collaborates with security researchers and industry partners that identify and report exploited vulnerabilities. This new reporting … More → The post CISA’s new KEV nomination form opens reporting to vendors and researchers appeared first on Help Net Security.
http://news.poseidon-us.com/TSgJ9h

Microsoft 365 users targeted by new phishing threat that bypasses MFA

Microsoft 365 access tokens are being targeted by an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, the FBI is warning. First observed in April 2026, Kali365 has been distributed through Telegram, allowing cybercriminals to obtain Microsoft 365 access tokens and bypass MFA without stealing user credentials. “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI said. … More → The post Microsoft 365 users targeted by new phishing threat that bypasses MFA appeared first on Help Net Security.
http://news.poseidon-us.com/TSgJ9T