433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Android just got smarter at stopping snatch-and-run phone thefts

Google announced updates to the Android theft protection features that expand existing safeguards and make stolen devices harder to use. These updates are available on Android 16 and later. One update builds on Failed Authentication Lock, a feature introduced in Android 15 that locks the screen after repeated failed unlock attempts. Google is adding a dedicated on and off toggle in settings, giving users direct control over whether the feature is enabled. Android devices provide … More → The post Android just got smarter at stopping snatch-and-run phone thefts appeared first on Help Net Security.
http://news.poseidon-us.com/TQc8FK

CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities

CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that are often difficult to study. UEFI software The tool is published by the Software Engineering Institute (SEI) at Carnegie Mellon University and applies program analysis techniques to UEFI firmware code to extract architectural details that are typically … More → The post CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities appeared first on Help Net Security.
http://news.poseidon-us.com/TQc3MN

Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom

Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered this reality during their implementation: “Once a secret is pushed to GitLab or GitHub, you cannot remove it. You can modify it or remove it from a Git repository. However, the references will remain in the database, and you can always consult them afterwards.” Database references persist indefinitely. Anyone with … More → The post Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom appeared first on Help Net Security.
http://news.poseidon-us.com/TQc3MF

Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions

A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access. The research was conducted by Incogni, which analyzed 442 AI-powered Google Chrome extensions for its 2026 privacy risk report. The study reviewed extensions across eight categories and assessed their permissions, declared data collection practices, and security risk scores. High-impact access is common Every extension … More → The post Grammarly and QuillBot are among widely used Chrome extensions facing serious privacy questions appeared first on Help Net Security.
http://news.poseidon-us.com/TQc3LF

Audits for AI systems that keep changing

Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through recurring measurement and automated evidence collection tied to live system behavior. The specification addresses a common challenge in AI oversight. Models evolve through retraining, data pipelines change, and system configurations shift during operation. Oversight methods … More → The post Audits for AI systems that keep changing appeared first on Help Net Security.
http://news.poseidon-us.com/TQc0fV

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)

Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out on [January 22, 2026],” the company shared. About CVE-2026-24858 On January 20, several Fortinet customers revealed that attackers gained access to their FortiGate firewalls and created new local admin accounts despite the devices running … More → The post Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) appeared first on Help Net Security.
http://news.poseidon-us.com/TQbtWB

Attackers use Windows App-V scripts to slip infostealer past enterprise defenses

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on target Windows computers by using fake human verification pages – i.e., CAPTCHA pages – to trick users into manually pasting and executing a command via the Run dialog. And here is where things get interesting. … More → The post Attackers use Windows App-V scripts to slip infostealer past enterprise defenses appeared first on Help Net Security.
http://news.poseidon-us.com/TQbRph

Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS

Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded and interconnected throughout organizations, creating the “AI Exposure Gap,” a largely invisible form of exposure that emerges across applications, infrastructure, identities, agents and data, and that most security teams are not equipped to manage. Many … More → The post Tenable One AI Exposure delivers unified visibility and governance across AI, cloud and SaaS appeared first on Help Net Security.
http://news.poseidon-us.com/TQbRpg