433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

74,000 Fortinet firewall credentials exposed in FortiBleed data leak

A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artifacts and tools, and the exposure was noticed by security researcher Volodymyr “Bob” Diachenko. He raised the alarm last weekend, and other researchers have since analyzed the exposed dataset. “I have worked with several orgs listed, and can … More → The post 74,000 Fortinet firewall credentials exposed in FortiBleed data leak appeared first on Help Net Security.
http://news.poseidon-us.com/TT5v7f

NCCoE Two-Pager Now Available: Effective OT Backup Management

The NIST National Cybersecurity Center of Excellence (NCCoE) has published NIST Special Publication (SP) 1339, Operational Technology Backup Quick Start Guide. This two-page resource provides an overview of cybersecurity considerations to help
http://news.poseidon-us.com/TT5mH4

GentleKiller targets more than 400 security processes across 48 products

Most ransomware operations leave the work of disabling endpoint security software to their affiliates. The ransomware-as-a-service gang Gentlemen runs a different model. Its operators develop and maintain a set of tools for shutting down endpoint detection and response (EDR) products, then provide these tools directly to the affiliates who rent the gang’s encryptors. An internal data leak from the group in May 2026 confirmed the arrangement and exposed the gang’s leader discussing the supply of … More → The post GentleKiller targets more than 400 security processes across 48 products appeared first on Help Net Security.
http://news.poseidon-us.com/TT5jnq

Barracuda introduces AI-powered email security with automated threat response

Barracuda Networks has unveiled Barracuda Integrated Email Protection, an Integrated Cloud Email Security (ICES) solution delivering protection against evolving AI-driven threats. Powered by AI, the solution continuously and autonomously detects and remediates threats across the attack lifecycle, explains Microsoft 365 and Google Workspace verdicts and enables rapid post-delivery message clawback. Built on BarracudaONE platform telemetry across domains, including email, identity, network, data, and applications, and designed for single and multitenant environments, it also enables MSPs … More → The post Barracuda introduces AI-powered email security with automated threat response appeared first on Help Net Security.
http://news.poseidon-us.com/TT5jnp

New 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot

42Crunch has announced the availability of the 42Crunch API Security Testing Plugin for GitHub Copilot. This latest advance enables developers to continuously audit, test, remediate and validate API security vulnerabilities directly within AI-assisted development workflows. Organizations are struggling to secure their growing API landscape in the face of increasing attacks, with AI’s heavy reliance on APIs compounding this problem. Consequently, one of the key areas of attention for security and engineering teams is the security … More → The post New 42Crunch plugin helps developers find and fix API vulnerabilities in GitHub Copilot appeared first on Help Net Security.
http://news.poseidon-us.com/TT5jnm

Blue Planet helps service providers reduce risk with unified network change governance

Blue Planet is closing the governance gap in network operations by unveiling Blue Planet Configuration and Change Management (CCM), unifying device configuration, change, and lifecycle management across multi-vendor networks. Backed by Blue Planet’s deep Operations Support System (OSS) expertise, CCM replaces fragmented tools and manual processes with AI-driven workflows to reduce risk, prevent outages, and strengthen the foundation for autonomous networking. As networks grow more complex, configuration errors and unmanaged changes remain a leading cause … More → The post Blue Planet helps service providers reduce risk with unified network change governance appeared first on Help Net Security.
http://news.poseidon-us.com/TT5jmj

Securing digital keys when your phone unlocks the car

In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers. She talks through what changed with Version 4, why the team focused on interoperability and testing instead of one new threat, and how NFC fallback access stays protected. She also covers fast credential revocation when a … More → The post Securing digital keys when your phone unlocks the car appeared first on Help Net Security.
http://news.poseidon-us.com/TT5ZQd

Google’s open standard for AI agents to discover and verify tools

AI agents depend on tools, skills, and other agents spread across many teams, organizations, and platforms. These capabilities live in separate systems with their own registries, and an agent working in one environment has limited means to locate and connect to a resource hosted somewhere else. Google addressed this gap with Agentic Resource Discovery, an open specification for publishing, discovering, and verifying AI capabilities across the web. It allows tools and services to be shared … More → The post Google’s open standard for AI agents to discover and verify tools appeared first on Help Net Security.
http://news.poseidon-us.com/TT5ZQX

How security teams are getting credential visibility into developer endpoints

As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub repositories in six hours. TrapDoor spread across npm, PyPI, and Crates.io simultaneously, planting persistence inside AI coding assistant config files. Miasma compromised 32 official Red Hat packages by abusing GitHub’s trusted publishing. Each campaign shared the same … More → The post How security teams are getting credential visibility into developer endpoints appeared first on Help Net Security.
http://news.poseidon-us.com/TT5ZNP