Category Archives: Uncategorized

Mend.io eliminates AI prompt weaknesses before production

Mend.io has launched System Prompt Hardening within Mend AI to detect, score, and automatically remediate weaknesses in AI system prompts. Hidden instructions in system prompts have emerged as a growing security concern that traditional AppSec tools do not fully address. System Prompt Hardening provides instant visibility into these behind-the-scenes instructions, identifies weaknesses, and automatically strengthens prompt logic to reduce risk before applications reach production. Powered by Mend.io’s proprietary AI Weakness Enumeration (AIWE), a framework modeled … More → The post Mend.io eliminates AI prompt weaknesses before production appeared first on Help Net Security.
http://news.poseidon-us.com/TRPlqr

Messenger can warn you about sketchy links without knowing what you clicked

Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to steal passwords, collect personal information, or install malware. Advanced browsing protection (Source: Meta) “In its standard setting, Safe Browsing uses on-device models to analyze malicious links shared in chats. But we’ve extended this further with an advanced setting called Advanced Browsing Protection (ABP) that leverages a continually updated watchlist of … More → The post Messenger can warn you about sketchy links without knowing what you clicked appeared first on Help Net Security.
http://news.poseidon-us.com/TRPlqV

HR, recruiters targeted in year-long malware campaign

An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint detection software, the Russian-speaking attacker(s) behind this campaign have managed to keep their activity largely under the radar. “We currently lack telemetry to determine how widespread the campaign is,” Aditya K. Sood, Aryaka’s VP of Security Engineering & AI Strategy, told Help … More → The post HR, recruiters targeted in year-long malware campaign appeared first on Help Net Security.
http://news.poseidon-us.com/TRPg18

Microsoft flips Windows Autopatch to default hotpatch security updates

Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft Intune or the Microsoft Graph API starting with the May 2026 Windows security update. Windows Autopatch is a Microsoft-managed service that automates updates for Windows and Office. It also lets IT administrators pause updates and roll them back if devices fail to meet performance targets after installation. Introduced about a year ago, … More → The post Microsoft flips Windows Autopatch to default hotpatch security updates appeared first on Help Net Security.
http://news.poseidon-us.com/TRPg17

Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts

Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog researchers have warned. The cloned AWS phishing page (Source: Datadog Security Labs) The campaign has been running since the end of February and possibly earlier. “In one observed case, the operator authenticated to a compromised AWS account within 20 minutes of credential submission,” the researchers noted. Fake AWS security … More → The post Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts appeared first on Help Net Security.
http://news.poseidon-us.com/TRPg0C

Terra Portal adds human-governed AI to live production pentesting

Terra Security has announced the launch of Terra Portal, its agentic desktop app that serves as an execution layer for pentesters to direct and oversee AI-driven testing in live production environments. Terra Portal reduces the discovery-to-fix cycle for vulnerabilities from the industry average of nearly three months to a matter of hours without sacrificing safety or compliance. As a result, customers can now remediate critical findings well within the Cybersecurity and Infrastructure Security Agency’s (CISA) … More → The post Terra Portal adds human-governed AI to live production pentesting appeared first on Help Net Security.
http://news.poseidon-us.com/TRPZc5

Armadin secures $189.9 million to counter AI-driven cyber threats

Armadin has raised $189.9 million in Seed and Series A funding. Led by Accel, with participation from Google Ventures, Kleiner Perkins, Menlo Ventures, In-Q-Tel, and follow-on investment from 8VC and Ballistic Ventures, this marks the largest combined Seed and Series A funding round in cybersecurity history. Armadin’s mission is to prepare organizations for the speed and scale of AI-driven threats. Closing the hyperattack gap AI-powered attackers are launching faster, more complex campaigns that overwhelm security … More → The post Armadin secures $189.9 million to counter AI-driven cyber threats appeared first on Help Net Security.
http://news.poseidon-us.com/TRPW5c

Teen crew caught selling DDoS attack tools

Seven minors who distributed online programs designed to facilitate DDoS attacks have been identified by Poland’s Central Bureau for Combating Cybercrime (CBZC). They were between 12 and 16 at the time of the crime. CBZC officer during a cybercrime investigation (Source: Poland’s Central Bureau for Combating Cybercrime) According to investigators, using the tools they administered, the minors attacked popular websites, including auction and sales portals, IT domains, hosting services and accommodation booking sites. The activity … More → The post Teen crew caught selling DDoS attack tools appeared first on Help Net Security.
http://news.poseidon-us.com/TRPW4s

This spy tool has been quietly stealing data for years

ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate cloud provider to ensure operational resilience. This dual-implant architecture has enabled sustained surveillance of Ukrainian military personnel since at least April 2024. The Sednit group itself was tied to Unit 26165 of the GRU by the US Department of Justice in 2016, identifying it as part of Russia’s Main Intelligence … More → The post This spy tool has been quietly stealing data for years appeared first on Help Net Security.
http://news.poseidon-us.com/TRPW4m