433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Why AI changed the threat model for travel technology

In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s interconnected ecosystem of identity, payments, loyalty programs, and third-party integrations creates compounding risk, and how AI has expanded threat modeling beyond traditional infrastructure to include prompt injection, model access, and shadow AI adoption. Bryan also … More → The post Why AI changed the threat model for travel technology appeared first on Help Net Security.
http://news.poseidon-us.com/TSf8Rg

Most dark web activity revolves around a handful of topics

Dark web activity often becomes visible during marketplace seizures, major data leaks, or sudden spikes in criminal activity. Those events can create an impression of an ecosystem where attention shifts quickly and new trends regularly replace old ones. A six-year dataset covering more than 25,000 dark web sites tracked what people discussed in underground forums and marketplaces and how those discussions changed over time. The work drew from more than 11 million archived snapshots collected … More → The post Most dark web activity revolves around a handful of topics appeared first on Help Net Security.
http://news.poseidon-us.com/TSf8Rf

AI red teaming agents change how LLMs get tested

Adversarial probing of LLMs has piled up a sprawling toolkit over the past three years. Attack techniques with names like Tree of Attacks with Pruning, Crescendo, and Skeleton Key sit alongside hundreds of prompt transforms and scoring methods across open-source frameworks including Microsoft’s PyRIT, NVIDIA’s Garak, and Promptfoo. The catalog has grown faster than any operator can fluently navigate it, and that mismatch is changing how AI red teaming gets done. A wave of recent … More → The post AI red teaming agents change how LLMs get tested appeared first on Help Net Security.
http://news.poseidon-us.com/TSf8Rb

Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin

Bitdefender Mobile Security for iOS is a security and privacy application for iPhone and iPad that helps protect against phishing attempts, online scams, unsafe websites, and account exposure. I have used Bitdefender Mobile Security for iOS for the last two years. It was easy to install, easy to use, and I have not noticed any impact on device performance. The app combines web protection, scam detection, privacy tools, account monitoring, and VPN capabilities. Dashboard and … More → The post Product showcase: Bitdefender Mobile Security for iOS protects privacy where scams begin appeared first on Help Net Security.
http://news.poseidon-us.com/TSf8RB

Cyber threats push SMBs to spend more on security

Cybersecurity has become a key priority for small and medium-sized businesses due to growing threats and wider AI adoption. An IDC survey of 2,200 SMBs in eight markets examined how organizations manage cyber risks, prepare for AI-related threats, and handle third-party vendor security. Top business priorities for the year (Source: IDC) 60% of SMBs expect to increase cybersecurity spending over the next 12 months. The findings show that businesses continue to rely on reactive approaches … More → The post Cyber threats push SMBs to spend more on security appeared first on Help Net Security.
http://news.poseidon-us.com/TSf4KX

Cisco Nexus 3000 and 9000 Series Switches Border Gateway Protocol Denial of Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to trigger BGP peer flaps, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect parsing of a transitive BGP attribute. An attacker could exploit this vulnerability by sending a crafted BGP update through an established BGP peer session. If the update propagates to an affected device, it could cause the device to drop the BGP session and flap with the BGP peer that is forwarding this update, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bgp-iefab-3hb2pwtx Security Impact Rating: Medium CVE: CVE-2026-20171
http://news.poseidon-us.com/TSdhyP

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.  This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy Security Impact Rating: Critical CVE: CVE-2026-20223
http://news.poseidon-us.com/TSdhyF

Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability

A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An authenticated attacker could exploit this vulnerability by uploading a crafted certificate to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. To exploit this vulnerability, the attacker must have valid administrative credentials. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tevacert-rce-RMJVEym5 Security Impact Rating: Medium CVE: CVE-2026-20199
http://news.poseidon-us.com/TSdhxr