433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Communicating cyber risk in dollars boards understand

In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics. He unpacks the gap between security teams and boards, pointing to weak risk communication and a reliance on qualitative heatmaps over hard evidence. He pushes back on root cause analysis as … More → The post Communicating cyber risk in dollars boards understand appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYP

CVE Lite CLI: Open-source dependency vulnerability scanner

Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized OWASP Incubator Project, moves that check to the developer’s terminal. The open-source tool, maintained by Sonu Kapoor, reads a project’s … More → The post CVE Lite CLI: Open-source dependency vulnerability scanner appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYL

When your AI assistant has the keys to production

Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure. A recent survey on agentic AI in network and IT operations gives it a more useful name: a confused-deputy problem waiting to happen. The confused-deputy problem in agentic AI security The classic confused-deputy attack tricks … More → The post When your AI assistant has the keys to production appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYH

7 hard truths security pros should know: 2026 DevOps Threats Report

In 2025, trusted Git hosting platforms became a playground for cyber criminals. This is the main conclusion from the latest “DevOps Threat Unwrapped Report 2026” by GitProtect. If you want to effectively counter attacks targeted at your code (and business), you need security measures, good practices, and knowledge. Strengthen your organization’s security posture. Learn about 7 hard truths from the report to discover the latest threats and ways to fight them off. #1 AI assistants … More → The post 7 hard truths security pros should know: 2026 DevOps Threats Report appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBY1

What happens when your identity provider becomes the kill chain

In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in behind you. Constable breaks down how passwords, session cookies, and OAuth grants all rely on shared secrets between browser and server. Even with TLS encryption, intermediaries like CDNs, load balancers, and WAFs can see these credentials in … More → The post What happens when your identity provider becomes the kill chain appeared first on Help Net Security.
http://news.poseidon-us.com/TSd7Nr

PureLogs infostealer is stealing credentials worldwide

A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure to pressure the victim into opening it quickly: The phishing email carrying the malicious TXZ archive (Source: Fortinet) The extracted JavaScript stores malicious commands in process environment variables (which are also filled … More → The post PureLogs infostealer is stealing credentials worldwide appeared first on Help Net Security.
http://news.poseidon-us.com/TScY2b