433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025,” the National Institute of Standards and Technology said. “We don’t expect this trend to let up anytime soon.” A two-year struggle and a new approach NIST has been struggling to … More → The post NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward appeared first on Help Net Security.
http://news.poseidon-us.com/TS4H7T

Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards

Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the kind of instruction fidelity that matters when a model is running tasks autonomously over multiple steps. Opus 4.7 is available across all Claude products and the API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft … More → The post Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards appeared first on Help Net Security.
http://news.poseidon-us.com/TS4H79

Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)

Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About FortiSandbox FortiSandbox is Fortinet’s security solution for detecting and analyzing advanced threats. It does so by detonating suspicious files and URLs in an isolated environment and returning verdicts. Other Fortinet products – firewalls, … More → The post Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) appeared first on Help Net Security.
http://news.poseidon-us.com/TS44pb

Google Play is changing how Android apps access your contacts and location

Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for managing new contact and location policy changes to support a smoother, more predictable app review experience. By October, Play policy insights in Android Studio can help developers identify if their apps should use new features and will guide them on the steps to take. From October 27, new pre-review … More → The post Google Play is changing how Android apps access your contacts and location appeared first on Help Net Security.
http://news.poseidon-us.com/TS416S

Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug

Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more than 30 days, long enough for researchers to watch the actor work through their tools, scripts, and decisions beyond the initial break-in. The attacker had previously been documented targeting transportation carriers through compromised load board platforms, which are online marketplaces connecting shippers … More → The post Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug appeared first on Help Net Security.
http://news.poseidon-us.com/TS3xrT

Two US nationals jailed over scheme that generated $5 million for the North Korean regime

Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government. Kejia Wang was sentenced to 108 months in prison, and Zhenxing Wang to 92 months. Both pleaded guilty to wire fraud and money laundering charges, … More → The post Two US nationals jailed over scheme that generated $5 million for the North Korean regime appeared first on Help Net Security.
http://news.poseidon-us.com/TS3xrR

OpenAI updates Agents SDK, adds sandbox for safer code execution

OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update provides standardized infrastructure for OpenAI models, a model-native harness that lets agents work with files and tools on a computer, and native sandbox execution for running tasks safely. The new harness and sandbox capabilities launch first in Python, with TypeScript support planned for a future release. Additional features, including code mode … More → The post OpenAI updates Agents SDK, adds sandbox for safer code execution appeared first on Help Net Security.
http://news.poseidon-us.com/TS3xqt