433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure infrastructure. He outlines how EU regulations, including the Cyber Resilience Act and NIS2, are creating stronger accountability for vendors and organizations. ENISA is building out European vulnerability services to support member states. Carvalho also addresses how practitioners navigate conflicting … More → The post Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time appeared first on Help Net Security.
http://news.poseidon-us.com/TS2pjw

Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups. What it checks Legitify evaluates configurations across five namespaces: organization-level settings, GitHub Actions configurations, member accounts, repositories, and runner groups. … More → The post Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab appeared first on Help Net Security.
http://news.poseidon-us.com/TS2l2B

Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian

AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read files, run shell commands, and call external tools during a session. That makes them useful, but it also creates a new risk: secrets can be exposed long before code reaches a repository or CI pipeline. A developer might paste an API key into a prompt while debugging. … More → The post Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian appeared first on Help Net Security.
http://news.poseidon-us.com/TS2jtn

Network segmentation projects fail in predictable patterns

Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type of failure a team experiences depends heavily on the kind of environment and approach they attempted. The research, conducted in early 2026, applied latent class analysis to survey responses measuring both general IT project failure … More → The post Network segmentation projects fail in predictable patterns appeared first on Help Net Security.
http://news.poseidon-us.com/TS2jtJ

Microsoft ends desktop detour for sensitivity labels in Office web apps

Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. Specifying users in the Permissions dialog (Source: Microsoft) Users can now apply sensitivity labels with user-defined permissions directly in the web versions of Word, Excel, and PowerPoint. The change brings the web apps in line with capabilities that were previously limited to desktop versions. Previously, browser-based users could only open … More → The post Microsoft ends desktop detour for sensitivity labels in Office web apps appeared first on Help Net Security.
http://news.poseidon-us.com/TS2ZpV

OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support

OpenSSL 4.0.0 removes several long-deprecated features, adds support for Encrypted Client Hello, and introduces API-level changes that will require code updates for applications built against older versions. SSLv3, SSLv2 client hello, and engines are gone SSLv3 support has been removed. The protocol was deprecated in 2015, and OpenSSL had it disabled by default since version 1.1.0 in 2016. Support for the SSLv2 Client Hello has also been removed. The engine API, which provided a mechanism … More → The post OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support appeared first on Help Net Security.
http://news.poseidon-us.com/TS2Hgf

Testing reveals Claude Mythos’s offensive capabilities and limits

Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can’t reliably execute autonomous attacks on hardened networks. What is Claude Mythos Preview? Anthropic introduced Claude Mythos Preview to the public earlier this … More → The post Testing reveals Claude Mythos’s offensive capabilities and limits appeared first on Help Net Security.
http://news.poseidon-us.com/TS2Hfs