433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Poisoned “Office 365” search results lead to stolen paychecks

A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered. SEO poisoning and malvertising + phishing + AiTM The group, which Microsoft tracks as Storm-2755, begins by poisoning search engine results and running malicious ads against generic queries like “Office 365”, or even common misspellings like “Office 265.” Victims who click through land on a convincing but fake … More → The post Poisoned “Office 365” search results lead to stolen paychecks appeared first on Help Net Security.
http://news.poseidon-us.com/TRyvXy

Gmail’s end-to-end encryption comes to mobile, no extra apps required

Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for Enterprise Plus users with the Assured Controls or Assured Controls Plus add-on. Composing a E2EE message in Gmail (Source: Google) With this update, users can compose, send, and read encrypted messages directly in the Gmail app. … More → The post Gmail’s end-to-end encryption comes to mobile, no extra apps required appeared first on Help Net Security.
http://news.poseidon-us.com/TRyrTQ

To counter cookie theft, Chrome ships device-bound session credentials

Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory where browsers store authentication cookies. What DBSC does Google’s Device Bound Session Credentials (DBSC) is now entering public availability for … More → The post To counter cookie theft, Chrome ships device-bound session credentials appeared first on Help Net Security.
http://news.poseidon-us.com/TRyrRl

Little Snitch for Linux shows what your apps are connecting to

Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool. It is free and, according to the company, will remain so. Architecture choices The kernel component uses eBPF for traffic … More → The post Little Snitch for Linux shows what your apps are connecting to appeared first on Help Net Security.
http://news.poseidon-us.com/TRykWl

Apiiro CLI turns AI coding assistants into full-stack security engineers

The Apiiro CLI brings the Apiiro platform to your terminal and to your AI coding assistants, giving them six native security capabilities: scanning, risk management, remediation, an AI security analyst (via Apiiro Guardian Agent), AI Threat Modeling, and prompt enrichment. It installs in seconds on macOS, Linux, and Windows via brew, direct download, or RPM. Apiiro CLI ships with agent skills, structured capability definitions that AI coding assistants like Claude Code and Cursor can read … More → The post Apiiro CLI turns AI coding assistants into full-stack security engineers appeared first on Help Net Security.
http://news.poseidon-us.com/TRykWD

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview

I just blinked and the first quarter of the year is GONE. Where does the time go? I looked back at my article from last month where I touched on the use of AI and some of the vulnerabilities associated with it and realized it was good precursor to some themes at RSAC this year. AI was certainly the focus this year, with almost everyone having some form of AI connection to their products (some … More → The post April 2026 Patch Tuesday forecast: Spring-cleaning of a preview appeared first on Help Net Security.
http://news.poseidon-us.com/TRyg1Z

What vibe hunting gets right about AI threat hunting, and where it breaks down

In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI scans datasets for anomalous patterns and surfaces potential threats. Taylor draws a firm line on responsibility: analysts must be able to explain their reasoning. When they cannot, the AI is steering the hunt. She also addresses enrichment, junior analyst development, … More → The post What vibe hunting gets right about AI threat hunting, and where it breaks down appeared first on Help Net Security.
http://news.poseidon-us.com/TRycBs

Health insurance lead sites sell personal data within seconds of form submission

Lead generation websites that offer health insurance quotes collect sensitive personal data and sell it to multiple buyers within seconds of a user clicking submit. A study by researchers at UC Davis, Stanford University, and Maastricht University mapped this process across 105 health insurance lead generation sites and monitored what happened to the data over 60 days. The researchers created 210 synthetic user profiles, each with a unique phone number and email address, and submitted … More → The post Health insurance lead sites sell personal data within seconds of form submission appeared first on Help Net Security.
http://news.poseidon-us.com/TRyZfG

Product showcase: Session, a messenger without phone numbers or metadata

Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as long as there is a reliable data connection. Privacy and metadata concerns With the growth of communication, privacy and security concerns became more prominent. Companies responded by encrypting message content to protect user data. End-to-end … More → The post Product showcase: Session, a messenger without phone numbers or metadata appeared first on Help Net Security.
http://news.poseidon-us.com/TRyZfD

New infosec products of the week: April 10, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Advenica, Intruder, Mallory, and Secureframe. Mallory brings contextual threat intelligence to security operations Mallory is launching an AI-native threat intelligence platform that monitors thousands of threat sources, contextualizes them against your actual attack surface, and puts that intelligence to work across hunting, detection, and exposure management use cases. One platform. Answers, not alerts. Secureframe expands Comply with User Access Reviews … More → The post New infosec products of the week: April 10, 2026 appeared first on Help Net Security.
http://news.poseidon-us.com/TRyZdn