433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions

A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access. The research was conducted by Incogni, which analyzed 442 AI-powered Google Chrome extensions for its 2026 privacy risk report. The study reviewed extensions across eight categories and assessed their permissions, declared data collection practices, and security risk scores. High-impact access is common Every extension … More → The post Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions appeared first on Help Net Security.
http://news.poseidon-us.com/TQc3LF

Audits for AI systems that keep changing

Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement and automated evidence collection tied to live system behavior. The specification addresses a common challenge in AI oversight. Models evolve through retraining, data pipelines change, and system configurations shift during operation. Oversight methods … More → The post Audits for AI systems that keep changing appeared first on Help Net Security.
http://news.poseidon-us.com/TQc0fV

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)

Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out on [January 22, 2026],” the company shared. About CVE-2026-24858 On January 20, several Fortinet customers revealed that attackers gained access to their FortiGate firewalls and created new local admin accounts despite the devices running … More → The post Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) appeared first on Help Net Security.
http://news.poseidon-us.com/TQbtWB

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on target Windows computers by using fake human verification pages – i.e., CAPTCHA pages – to trick users into manually pasting and executing a command via the Run dialog. And here is where things get interesting. … More → The post Attackers use Windows App-V scripts to slip infostealer past enterprise defenses appeared first on Help Net Security.
http://news.poseidon-us.com/TQbRph

Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS

Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded and interconnected throughout organizations, creating the “AI Exposure Gap,” a largely invisible form of exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. Many … More → The post Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS appeared first on Help Net Security.
http://news.poseidon-us.com/TQbRpg

NICE Actimize Insights Network combats fraudulent transfers

NICE Actimize launched Actimize Insights Network, an intelligence network designed to give financial institutions real-time visibility into counterparty risk. Leveraging insights from its Fraud and Financial Crime network, the Actimize Insights Network delivers the scale and precision needed to prevent fraud before money moves while supporting governance. Financial institutions continue to face growth in authorized push payment (APP) scams, business email compromise (BEC), and other schemes in which legitimate customers are manipulated into sending money … More → The post NICE Actimize Insights Network combats fraudulent transfers appeared first on Help Net Security.
http://news.poseidon-us.com/TQbRpJ

HackerOne brings Agentic PTaaS to continuous, expert-validated pentesting

HackerOne announced Agentic Pentest as a Service (Agentic PTaaS), delivering continuous security validation by combining autonomous agent execution with human expertise to ensure every finding reflects exploitable risk that security teams can trust and act on at scale. Enterprise security teams face a growing gap between development velocity and security validation. Traditional pentests deliver depth and trust, but they struggle to keep pace with continuous change. At the other extreme, fully autonomous testing promises speed … More → The post HackerOne brings Agentic PTaaS to continuous, expert-validated pentesting appeared first on Help Net Security.
http://news.poseidon-us.com/TQbHJ8

Microsoft brings AI-powered investigations to security teams

Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak investigations, credential exposure, internal fraud and bribery, sensitive data exposure in Teams, and inappropriate content investigations. Microsoft Purview Data Security Investigations (Source: Microsoft) “Investigations that once took weeks, or weren’t possible at all, can now be completed in hours. By eliminating manual effort and surfacing hidden risks across sprawling … More → The post Microsoft brings AI-powered investigations to security teams appeared first on Help Net Security.
http://news.poseidon-us.com/TQbHHv