433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware

A cryptocurrency-stealing malware campaign used inflated GitHub activity, software reviews, YouTube tutorials and favorable VirusTotal comments to make malicious trading and gambling tools appear trustworthy, Check Point researchers found. According to the researchers, the attackers packaged the malware as tools designed to help users make money. The offerings included cryptocurrency sniper bots and gambling “predictors” that claimed to identify winning opportunities before other traders or forecast the outcome of online betting games. Instead of quick … More → The post Cybercriminals abused GitHub, YouTube and VirusTotal to push crypto-stealing malware appeared first on Help Net Security.
http://news.poseidon-us.com/TT6ptP

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation has also been confirmed by the vendor and Resecurity, who said that its potential for full system compromise should push organizations to prioritize patching and review systems for indicators of compromise such as: Requests containing path traversal sequences (../) PostgreSQL connection parameters … More → The post Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253) appeared first on Help Net Security.
http://news.poseidon-us.com/TT6lsW

Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures

Google has introduced hand gesture verification for reCAPTCHA, a new method for verifying that a user is human. Google’s reCAPTCHA is part of Google Cloud Fraud Defense, a fraud and abuse prevention platform for bot, account, and transaction protection. It uses risk analysis and challenge-based verification to help organizations identify automated activity and suspicious behavior. The service is commonly deployed on login pages, registration forms, password reset pages, and checkout systems, where it can allow … More → The post Forget traffic lights, Google’s reCAPTCHA may ask for hand gestures appeared first on Help Net Security.
http://news.poseidon-us.com/TT6lrt

Mastodon 4.6 adds profile Collections and two-factor controls

People who run accounts on the open source social network Mastodon can now group profiles together and share those groups across the web. The 4.6 release centers on a feature called Collections, along with reworked profiles, email newsletters, server administration controls, and a set of accessibility changes. Server controls The release gives server administrators a control to require two-factor authentication on member accounts. Jerry, the administrator of infosec.exchange, plans to turn the requirement on and … More → The post Mastodon 4.6 adds profile Collections and two-factor controls appeared first on Help Net Security.
http://news.poseidon-us.com/TT6hzQ

Google sets timeline for Android developer verification enforcement

Android’s developer verification protections will take effect on September 30, 2026, starting with users in Brazil, Indonesia, Singapore, and Thailand. Developers distributing apps through participating stores in those markets must complete the verification process by the deadline. Google Play, HONOR App Market, OPPO App Market, Galaxy Store, Palm Store, V-Appstore, and GetApps will begin verifying app installations, with expansion to certified Android devices globally planned for 2027. Google introduced Android developer verification last year and … More → The post Google sets timeline for Android developer verification enforcement appeared first on Help Net Security.
http://news.poseidon-us.com/TT6fnm

Accenture to buy Dragos, runZero, and NetRise in $4.2 billion cybersecurity deal

Accenture is expanding its position with the acquisition of a majority stake in Dragos and all of runZero and NetRise to deliver end-to-end operational technology (OT) security for the critical infrastructure and industrial operations underpinning power grids, pipelines, manufacturing, distribution facilities and data centers. The Dragos Platform will expand to cover the extended environment that controls physical processes, while Accenture’s deep OT security expertise, unique industrial datasets and decades of trusted relationships with critical infrastructure … More → The post Accenture to buy Dragos, runZero, and NetRise in $4.2 billion cybersecurity deal appeared first on Help Net Security.
http://news.poseidon-us.com/TT6fmv

BlackFog brings shadow AI visibility to macOS endpoints with ADX Vision

BlackFog has announced the general availability of ADX Vision for macOS, extending its shadow AI detection, governance, and prevention platform to Apple endpoints. With this release, enterprises can now apply a single, consistent AI data-loss policy across Windows and macOS devices to stop sensitive data from leaving the organization through unsanctioned LLMs. The release addresses one of the most significant blind spots in enterprise AI governance. BlackFog’s research shows that most employees now use AI … More → The post BlackFog brings shadow AI visibility to macOS endpoints with ADX Vision appeared first on Help Net Security.
http://news.poseidon-us.com/TT6c04

Your browser tab could become encrypted storage for someone else’s files

Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor at IENYC, describes a system called Safecloud built on one design rule: the nodes that store data see only ciphertext, and the nodes that route data hold no keys. How the system splits and hides files Safecloud breaks each … More → The post Your browser tab could become encrypted storage for someone else’s files appeared first on Help Net Security.
http://news.poseidon-us.com/TT6Wsx

Companies are discarding the logs they need to catch a breach

Many large enterprises discard most of the log data their systems generate, and they do it on purpose to keep costs down. A Dynatrace survey of 450 senior IT leaders at large enterprises found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation. Many also limit how long they retain the logs they do keep. That choice carries a security cost of its … More → The post Companies are discarding the logs they need to catch a breach appeared first on Help Net Security.
http://news.poseidon-us.com/TT6TtG