433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Onspring CISO on where automated GRC systems fall short

In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feeding their tools, and which risks resist measurement, such as insider behavior and vendor concentration. Continuous control monitoring tools tend to produce a green-yellow-red mosaic that flattens nuance. When a CISO walks into a board meeting with … More → The post Onspring CISO on where automated GRC systems fall short appeared first on Help Net Security.
http://news.poseidon-us.com/TT2kDy

Open-source CI/CD abuse detector guards against stolen credential attacks

CI/CD Abuse Detector is an open-source project that uses a large language model to flag suspicious changes to continuous integration and continuous deployment pipelines, workflows, and automation configurations. The repository contains drop-in templates for GitHub Actions, GitLab CI, and Azure DevOps. The project targets a common attack chain in software supply chain compromises. Stolen developer credentials are used to push modifications to workflow files, which then harvest secrets stored in the CI environment. The detector … More → The post Open-source CI/CD abuse detector guards against stolen credential attacks appeared first on Help Net Security.
http://news.poseidon-us.com/TT2kDt

A hardware neural network backdoor that hides in plain sight

Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips come from third-party design houses and foundries, which adds steps to the supply chain where an outside party can alter a device. Researchers at the University of Tennessee and the University of Florida built an attack … More → The post A hardware neural network backdoor that hides in plain sight appeared first on Help Net Security.
http://news.poseidon-us.com/TT2kD8

Proving what a military AI model will do is the real problem

Defense contractors build AI systems that task drones automatically and propose kill-chains to support soldiers. Several of these contractors have partnered with frontier AI companies to put advanced models into military tools. Anduril works with OpenAI, Palantir works with Microsoft, and Lockheed Martin works with Meta. The systems coming out of these partnerships carry a security problem that sits outside the methods of arms control diplomacy: confirming what an AI model will do. Verification built … More → The post Proving what a military AI model will do is the real problem appeared first on Help Net Security.
http://news.poseidon-us.com/TT2h6Z

Senior engineers are spending their week cleaning up AI-generated code

At most U.S. technology companies, machines now write the bulk of the code that ships each week. The engineer’s job has shifted toward reviewing what the AI produces, and that review gives the code high marks. Leaders rate AI-generated code as higher quality than the code their own people write, praising its clean structure, consistent style, and low count of obvious bugs at submission time. The same code behaves worse once it runs. Production incidents … More → The post Senior engineers are spending their week cleaning up AI-generated code appeared first on Help Net Security.
http://news.poseidon-us.com/TT2h61

Week in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attack

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: DockSec: Open-source AI-powered Docker security scanner DockSec is an OWASP Incubator Project that combines three container security scanners with a language-model layer for explanation and remediation. Created by Advait Patel, the Python tool runs Trivy, Hadolint, and Docker Scout against a developer’s Dockerfile and image, correlates the findings, returns a 0-100 security score, and proposes line-specific fixes. Treating AI agents … More → The post Week in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attack appeared first on Help Net Security.
http://news.poseidon-us.com/TT2Bps

Google sues China-based scammers over Gemini AI abuse

Google has filed a lawsuit against Outsider Enterprise, a China-based cybercrime network for using AI tools, including Gemini, to build phishing websites and scam infrastructure. The company said the operation has affected “hundreds of thousands of victims,” with losses estimated in the millions of dollars. It also links the group to more than 9,000 fake websites and 1 million fraudulent URLs. “Criminals increasingly use AI to make fraud like this more convincing and harder to … More → The post Google sues China-based scammers over Gemini AI abuse appeared first on Help Net Security.
http://news.poseidon-us.com/TT10zf

Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)

WatchTowr researchers have disclosed a technical analysis and a “Detection Artefact Generator” for CVE-2026-50751, an authentication bypass flaw in Check Point’s Remote Access VPN and Mobile Access, which the vendor confirmed to be actively exploited. The attacks were limited, but with this information now public, a larger wave of opportunistic attacks may be expected. From silent exploitation to public disclosure CVE-2026-50751 was patched by Check Point on June 8, 2026, and the company said that … More → The post Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751) appeared first on Help Net Security.
http://news.poseidon-us.com/TT10yM