433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (656) 236-3022

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)

SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise. If the outlined indicators of compromise are present on the system, the company advises re-imaging (hardware) or re-deploying (virtual) appliances, changing user and administrator passwords, and resetting TOTP tokens. The vulnerabilities SonicWall SMA 1000 series appliances are secure … More → The post SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410) appeared first on Help Net Security.
http://news.poseidon-us.com/TTXMFy

The federal government is trying to drive innovation with accountability

“If last year of 2025 was the year of efficiency, 2026 is both the year of innovation and the year speed,” said Stephanie Kostro.
http://news.poseidon-us.com/TTXKwM

New macOS malware steals passwords by posing as Apple’s crash-reporting tool

Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved into active use. “Unlike much of the commodity stealer activity on macOS, which is built on AppleScript droppers or thin Objective-C wrappers, CrashStealer is … More → The post New macOS malware steals passwords by posing as Apple’s crash-reporting tool appeared first on Help Net Security.
http://news.poseidon-us.com/TTXCtQ

The FBI Warned About Fake Permit Fees. The Harder Question Is Where the Money Goes. | Recorded Future

A government impersonation scam is targeting property owners with fake planning and zoning permit invoices, and authorized wire transfers are clearing behavioral controls. Here’s how the scheme works and why beneficiary account intelligence is the signal that catches it.
http://news.poseidon-us.com/TTX8Gc

Download: The ultimate guide to network operations management

Modern network operations are too manual. Today’s IT and security teams are managing growing complexity across networks, infrastructure, tools, and workflows. The result? Slower response, duplicated effort, and operational friction. This guide explores how intelligent workflows help teams reduce manual work, improve visibility, and move faster across network operations. What you’ll learn: Why traditional approaches to network operations struggle to scale Where operational bottlenecks create delays, inefficiencies, and risk How intelligent workflows connect teams, systems, … More → The post Download: The ultimate guide to network operations management appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7Fg

“Context bombs” can frustrate AI-driven attacks, researchers found

A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not to hijack AI agents, but to defend against them. Canaries with context bombs Tracebit offers customers a range of canaries, i.e., decoy resources and credentials that, when targeted by attackers, provide early warning of … More → The post “Context bombs” can frustrate AI-driven attacks, researchers found appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7Fd

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW

Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers. GCPW is a free tool that lets users sign in to Windows computers with their Google Workspace account instead of, or alongside, a Windows username and password. The update allows organizations to strengthen account security by enabling administrators to enforce 2-step verification (2SV) with hardware security keys … More → The post Google adds FIDO2 keys and phone passkeys to Windows login via GCPW appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7DY