433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

ArmorCode gives security teams AI workers for exposure and remediation

ArmorCode has announced Anya Agents, a new agentic AI framework delivered on the patented ArmorCode Agentic AI Platform that enables organizations to operationalize AI-driven security workflows at enterprise scale. Built on ArmorCode’s Context Risk Graph, Anya Agents help security teams move beyond generic AI assistants by turning unified security and business context into purpose-built AI workers for triage, exposure analysis, remediation, validation, and compliance. Traditional vulnerability management is no longer valid. The tsunami of high … More → The post ArmorCode gives security teams AI workers for exposure and remediation appeared first on Help Net Security.
http://news.poseidon-us.com/TSdSNd

Novata uses AI to map risk across portfolios and supply chains

Novata has announced the launch of Risk Atlas, a new AI-powered risk monitoring tool designed to help organizations identify, compare, and prioritize risks across portfolios and supply chains. Framework for comparative risk visibility Risk Atlas provides a single, customizable framework for comparing risk across entities, normalizing diverse risk signals into a comparable view across portfolios and supply chains. It enables organizations to: Gain insight across multiple categories to identify where risk is concentrated or emerging … More → The post Novata uses AI to map risk across portfolios and supply chains appeared first on Help Net Security.
http://news.poseidon-us.com/TSdQ04

TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension

Following TeamPCP’s claim that they’ve breached GitHub’s own private code repositories, the Microsoft-owned company launched an investigation and confirmed the compromise. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only. The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far,” GitHub stated. The source of the breach The company previously said that they have no evidence that customer information stored outside of GitHub’s internal repositories was … More → The post TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension appeared first on Help Net Security.
http://news.poseidon-us.com/TSdQ03

Trust3 AI focuses on AI agent risks with MCP Security layer

Trust3 AI has announced the launch of Model Context Protocol (MCP) Security, establishing a new standard for safeguarding enterprise agentic AI workloads. This solution forms a key capability within Trust3 AI’s enterprise agent control plane, empowering security and governance teams with a unified trust layer to seamlessly and safely connect AI agents with vital business data, applications, and systems. As organizations increasingly adopt autonomous AI architectures, internal IT teams face significant risks. MCP servers are … More → The post Trust3 AI focuses on AI agent risks with MCP Security layer appeared first on Help Net Security.
http://news.poseidon-us.com/TSdPzb

Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals

Encryption Consulting has released CertSecure Manager v3.3, which automates zero-touch certificate renewal across all major enterprise server platforms and extends CA support to 11 providers, including Google Public CA and AWS. Certificate-related outages can cost enterprises millions in unplanned downtime, and expired or misconfigured certificates often cause serious security incidents. CertSecure Manager v3.3 closes both gaps, removing the manual steps that introduce costly renewal errors. “With v3.3, we have made zero-touch certificate renewal a reality … More → The post Encryption Consulting launches CertSecure Manager v3.3 with zero-touch certificate renewals appeared first on Help Net Security.
http://news.poseidon-us.com/TSdL8c

Darwinium updates mobile SDKs to detect remote access scam activity

Darwinium has announced updates to its Android and iOS mobile SDKs. It enables banks, payment providers, and digital businesses to tackle the proliferation of remote access scams, including those that manipulate live sessions and account farming operations that run mule networks. “Most fraud platforms validate trust at a single moment, typically at login or payment, through device binding, authentication, or a step-up challenge,” said Alisdair Faulkner, CEO of Darwinium. “But agentic-fueled mobile fraud doesn’t happen … More → The post Darwinium updates mobile SDKs to detect remote access scam activity appeared first on Help Net Security.
http://news.poseidon-us.com/TSdL8b

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company has provided step-by-step mitigation advice to protect affected Windows devices from exploitation. CVE-2026-45585 and the YellowKey exploit CVE-2026-45585 is a security feature bypass vulnerability that can only be exploited if the attacker has physical access … More → The post Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) appeared first on Help Net Security.
http://news.poseidon-us.com/TSdL7z

Communicating cyber risk in dollars boards understand

In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and organizational dynamics. He unpacks the gap between security teams and boards, pointing to weak risk communication and a reliance on qualitative heatmaps over hard evidence. He pushes back on root cause analysis as … More → The post Communicating cyber risk in dollars boards understand appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYP

CVE Lite CLI: Open-source dependency vulnerability scanner

Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours or days after writing the code. CVE Lite CLI, now an officially recognized OWASP Incubator Project, moves that check to the developer’s terminal. The open-source tool, maintained by Sonu Kapoor, reads a project’s … More → The post CVE Lite CLI: Open-source dependency vulnerability scanner appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYL

When your AI assistant has the keys to production

Large language models in operational roles query telemetry, propose configuration changes, and in some deployments execute those changes against live infrastructure. Ticket drafting and alert summarization were the starting point. Vendors describe this work as autonomous remediation or self-healing infrastructure. A recent survey on agentic AI in network and IT operations gives it a more useful name: a confused-deputy problem waiting to happen. The confused-deputy problem in agentic AI security The classic confused-deputy attack tricks … More → The post When your AI assistant has the keys to production appeared first on Help Net Security.
http://news.poseidon-us.com/TSdBYH