433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670)

Progress Software has fixed a critical authentication bypass (CVE-2026-4670) and a privilege escalation (CVE-2026-5174) vulnerability in MOVEit Automation, exploitation of which “may lead to unauthorized access, administrative control, and data exposure.” The vulnerabilities were reported privately by Airbus researchers and there’s no mention of them being leveraged by attackers in the wild. Still, performing an upgrade to a fixed version is “strongly” advised. CVE-2026-4670 and CVE-2026-5174 Progress Software’s MOVEit Transfer, an enterprise managed file transfer … More → The post Critical MOVEit Automation auth bypass vulnerability fixed (CVE-2026-4670) appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKT

Penske Logistics launches platform for real-time supply chain visibility

Penske Logistics has announced the launch of Supply Chain Insight, a secure technology platform and mobile application that provides customers with a real-time view of their supply chain operations across transportation and warehousing. Supply chain leaders are under increased pressure to drive greater operational efficiency in the face of rising fuel costs, evolving regulations and economic challenges. Organizations are looking for a competitive edge to navigate uncertain times and achieve measurable cost savings and efficiencies. … More → The post Penske Logistics launches platform for real-time supply chain visibility appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKS

DigiCert breached via malicious screensaver file

A targeted social engineering attack against DigiCert’s support channel led to the compromise of internal systems and the unauthorized issuance of EV Code Signing certificates. DigiCert is a global Certificate Authority (CA) providing digital trust services, specializing in TLS/SSL certificates, PKI management, and IoT security. According to DigiCert’s incident report, a threat actor contacted the support team via a customer chat channel and delivered a malicious ZIP file disguised as a customer screenshot, which contained … More → The post DigiCert breached via malicious screensaver file appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKP

Operant AI Endpoint Protector secures AI agents and MCP tools

Operant AI has launched Operant Endpoint Protector, a new addition to its AI Defense Platform that enables enterprise IT and security teams to discover, detect, and defend against threats across every AI tool, coding agent, and Model Context Protocol (MCP)-connected workflow used by employees, directly at the endpoint where most consequential AI activity takes place. Securing the endpoint Across every enterprise, employees in HR, finance, legal, customer service, engineering, and operations are interacting with AI … More → The post Operant AI Endpoint Protector secures AI agents and MCP tools appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKN

Owl IRD enables one-way forensic data transfer for incident response teams

Owl Cyber Defense has announced the launch of its Incident Response Diode (IRD), a pocket-sized protocol filtering diode (PFD) designed for incident response and forensics teams. The Owl IRD was developed to help users securely move evidence from compromised endpoints into trusted analysis environments without adding risk. The Owl IRD will be made available to select customers for field testing. When an endpoint is compromised, responders must race against the clock to pull critical data … More → The post Owl IRD enables one-way forensic data transfer for incident response teams appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKL

Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940)

The situation around the critical cPanel authentication bypass vulnerability (CVE-2026-41940) has deteriorated significantly since our initial coverage. Exploratory probing has evolved into multi-actor exploitation, leading to disrupted websites, ransomware and malware deployment, and targeted attacks. “Sorry” ransomware Attackers have taken advantage of CVE-2026-41940 to mass-exploit vulnerable internet-facing cPanel instances to breach servers, deface websites and encrypt data. The ransomware used in some of the attacks is a Go(Lang)-based Linux encryptor that encrypts files and appends … More → The post Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940) appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZKB

Blend Autopilot MCP brings AI agent orchestration to lending platforms

Blend Labs has announced the launch of Autopilot MCP, a server built on the Model Context Protocol, an emerging open standard for AI agent connectivity, that gives authorized agents secure, programmatic access to the Blend platform. For lenders and partners, Autopilot MCP introduces a new category of capability: the ability to build and deploy AI agents tailored to their workflows, guidelines, and borrower experiences without rebuilding underlying infrastructure. Solving the orchestration problem in lending Before … More → The post Blend Autopilot MCP brings AI agent orchestration to lending platforms appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZK8

Two cybersecurity pros get prison time for helping ransomware gang

Two American cybersecurity professionals were sentenced to four years in prison for facilitating BlackCat ransomware attacks in 2023. They pleaded guilty in December 2025 to one count of conspiracy to obstruct, delay, or affect commerce, or the movement of any article or commodity in commerce, by extortion. According to court documents, Ryan Goldberg, Kevin Martin, and their co-conspirator Angelo Martino deployed ALPHV/BlackCat ransomware between April and December 2023 against multiple victims across the United States. … More → The post Two cybersecurity pros get prison time for helping ransomware gang appeared first on Help Net Security.
http://news.poseidon-us.com/TSMZJw