Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Bringing governance and visibility to machine and AI identities
In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and CyberArk, he describes the shift from human-driven systems to autonomous machines.
MITRE releases a shared fraud-cyber framework built from real attack data
The MITRE Fight Fraud Framework, known as F3, is a behavior-based model designed to give both teams a common structure for describing, detecting, and disrupting fraud campaigns. F3 organizes fraudster behavior into tactics and techniques drawn from real-world incidents. The tactics cover the full attack lifecycle: Reconnaissance, Resource Development, Initial Access, Defense Evasion, Positioning, Execution, and Monetization.
ZeroID: Open-source identity platform for autonomous AI agents
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to carry out parts of a task, each sub-agent may call APIs, write files, or execute shell commands.
Fixing vulnerability data quality requires fixing the architecture first
In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce the idea of Minimum Viable Vulnerability Enumeration (MVVE), a minimum set of assertions needed to confirm two systems describe the same vulnerability, and find no true minimum exists.
Review: The Psychology of Information Security
Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from organizational psychology, change management, and usability research.
Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready
In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed and remediated method to compromise Claude Code’s memory, showing how a single poisoned memory object can spread across sessions, users, and subagents.
Network segmentation projects fail in predictable patterns
Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed segmentation projects finds that failure clusters into four distinct patterns, and the type of failure a team experiences depends heavily on the kind of environment and approach they attempted.
Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure infrastructure. He outlines how EU regulations, including the Cyber Resilience Act and NIS2, are creating stronger accountability for vendors and organizations.
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast.
EU cybersecurity standards are at risk if supplier ban passes
The European standards body ETSI sent a formal position paper to the European Commission, calling for changes to the proposed Cybersecurity Act 2 (CSA2), the EU’s planned revision to its existing cybersecurity certification framework.
GitHub lays out copyright liability changes and upcoming DMCA review for developers
A U.S. Supreme Court ruling issued in March has settled a question that has circulated among platform operators and developers for years: whether a service provider can be held liable for copyright infringement committed by its users without evidence of intent to contribute to that infringement.
Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug
Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more than 30 days, long enough for researchers to watch the actor work through their tools, scripts, and decisions beyond the initial break-in.
Workplace stress in 2026 is still worse than before the pandemic
Roughly 40% of employees worldwide said they experienced a lot of stress during the previous day, according to Gallup’s State of the Global Workplace 2026 report, a figure that has remained above pre-pandemic levels for several years. Daily anger stood at 22% globally, sadness at 23%, and loneliness at 22%. Together, these numbers point to a workforce that has not returned to the emotional baseline it held before 2020.
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. CVE-2026-34621 is a critical prototype pollution vulnerability – a type of vulnerability that occurs in JavaScript and allows attackers to add or modify an application’s JavaScript objects and properties.
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. CPUID (at cpuid[.]com) is a website that hosts free software utilities, primarily for Windows and Android.
Booking.com data breach: Customer reservation data exposed
“Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over the weekend warn. The online travel agency did not say which system(s) were accessed by the unauthorized third parties nor explained the scope of the incident.
Testing reveals Claude Mythos’s offensive capabilities and limits
Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that while its cybersecurity capabilities exceed those of previously available models, it can’t reliably execute autonomous attacks on hardened networks.
Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808)
Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk.
NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward
NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities.
Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild
The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw in the same platform. The second, “UnDefend,” allows a standard user to block Microsoft Defender from receiving signature updates or disable it entirely (if Microsoft pushes a major Defender update).
29 million leaked secrets in 2025: Why AI agents credentials are out of control
GitGuardian’s State of Secrets Sprawl Report found 28,649,024 new secrets exposed in public GitHub commits across 2025, a 34% year-over-year increase and the largest annual jump in the report’s history.
Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian
AI coding assistants are becoming part of everyday development, but they introduce new risks: secrets can be exposed before code reaches a repository or CI pipeline. Developers may paste API keys into prompts, or AI agents may access sensitive data through files and commands. Once inside the workflow, that data can be sent to model providers, logged, or cached. GitGuardian addresses this with ggshield AI hooks, which scan prompts and actions in real time to detect and block secrets before they are exposed.
Why manual certificate management is running out of time
In this video, John Murray, Senior Vice President of Sales at GlobalSign, explains what’s changing in the certificate industry and what companies need to do about it. Certificate validity periods are shrinking, which means companies will need to rotate certificates far more often than before.
Zero trust at year two: What nobody planned for
In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the stubborn problem. Identity sprawl, legacy system exceptions, and workforce friction each contribute to stalls that few programs anticipated.
Webinar: The IT Leader’s Guide to AI Governance
Generative AI is moving into everyday enterprise use, often outpacing governance. As adoption grows, organizations face challenges around security, privacy, and control. This discussion explores how enterprises manage AI governance in practice, focusing on real-world tradeoffs. Learn how guardrails, trusted content, and API-first platforms like headless CMS help bring AI under control while maintaining speed and visibility.
Google makes it harder to exploit Pixel 10 modem firmware
Google is working to improve the security of Pixel phones by focusing on the cellular baseband modem, a part of the device that handles communication with mobile networks and processes external data.
$12 million frozen, 20,000 victims identified in crypto scam crackdown
More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment scammers.
Basic-Fit hack compromises data of up to 1 million members
Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members.
W3LL phishing service sold for $500 dismantled by the FBI
The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law enforcement authorities. Officials estimate the operation was tied to more than $20 million in attempted fraud.
Microsoft ends desktop detour for sensitivity labels in Office web apps
Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps.
OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers
Defending critical software has long depended on the ability to find and fix vulnerabilities faster than attackers can exploit them. OpenAI is expanding a program designed to give professional defenders prioritized access to AI tools built for that purpose. Alongside that expansion, OpenAI is releasing GPT-5.4-Cyber, a version of GPT-5.4 fine-tuned specifically for defensive cybersecurity work.
Windows is getting stronger RDP file protections to fight phishing attacks
Microsoft has introduced new Windows protections starting with the April 2026 security update to reduce phishing attacks that abuse Remote Desktop (.rdp) files. With these updates, the Remote Desktop Connection app displays stronger warning dialogs before a connection is established, shows details about the remote system, and requires users to review any request to share local resources such as drives or the clipboard.
European AI spending set to hit $290 billion by 2029
European enterprises are committing serious money to AI, and the numbers are accelerating. According to IDC’s Worldwide AI and Generative AI Spending Guide, AI spending across Europe will reach $290 billion by 2029, growing at a compound annual growth rate of 33.7%.
Command integrity breaks in the LLM routing layer
Systems that rely on LLM agents often send requests through intermediary routing services before reaching a model. These routers connect to different providers through a single endpoint and manage how requests are handled. This layer can influence what gets executed and what data is exposed. A recent study examined 28 paid routers and 400 free routers used to access model APIs.
Anthropic tests user trust with ID and selfie checks for Claude
Anthropic announced identity verification for Claude using government ID and selfie checks, becoming the first major AI chatbot to do so, a move that may prove unpopular with users. Having built its reputation around privacy in the AI race, Anthropic risks undermining its positioning, as competitors such as OpenAI’s ChatGPT and Google’s Gemini do not require such verification.
Two US nationals jailed over scheme that generated $5 million for the North Korean regime
Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government.
Anthropic releases Claude Opus 4.7 with automated cybersecurity safeguards
Software teams building agentic AI workflows have been pushing frontier models toward longer, unsupervised task runs. Claude Opus 4.7, now generally available from Anthropic, is aimed squarely at that demand, with particular gains in software engineering, multimodal processing, and the kind of instruction fidelity that matters when a model is running tasks autonomously over multiple steps.
Social media bans might steer kids into riskier corners of the internet
Governments are moving to block children under 16 from social media in the name of safety. But once these measures move from policy to practice, they raise a harder question: what happens when protecting kids requires collecting more data than ever before and may put them at greater risk?
Apple AirTag tracking can be misled by replayed Bluetooth signals
Apple’s AirTag is designed to help users track lost items by relying on a vast network of nearby Apple devices. New research shows that this same system can be manipulated to display locations where an AirTag has never been.
Android 17 Beta 4 arrives with post-quantum cryptography and new memory limits
Google shipped Android 17 Beta 4 on April 16, marking the last scheduled beta in the Android 17 release cycle. The build targets app compatibility testing and platform stability ahead of the final release, and it carries several behavior changes that developers need to account for before the stable version ships.
Mozilla challenges enterprise AI providers with Thunderbolt, open-source AI client under your control
For organizations that want to keep company data within their own systems and have more control over how AI is deployed, Mozilla is offering an alternative to externally hosted AI services with Thunderbolt, an open-source AI client designed for self-hosted use.
Google wipes out 602 million scam ads with Gemini on duty
Google claims that its security teams work around the clock using its Gemini AI models to detect and stop harmful ads. Malvertising remains an ongoing issue across Google’s ad network, with attackers abusing paid ads to pose as legitimate brands and lure users into malware downloads or phishing sites.
The fully free Linux OS Trisquel gets a major update with version 12.0 Ecne
Trisquel GNU/Linux, a free operating system aimed at home users, small enterprises, and educational centers, released version 12.0. The release, codenamed Ecne, is declared production-ready and builds on the previous version, Aramo, with changes to packaging, the kernel, security, and available software.
Seized VerifTools servers expose 915,655 fake IDs, 8 arrested
On April 7 and 8, Dutch police arrested eight suspects in a nationwide operation targeting users of the VerifTools platform as part of an identity fraud investigation. The suspects, all men aged 20 to 34, are accused of identity fraud, forgery, and cybercrime-related offenses. During searches, officers seized smartphones, laptops, cash, cryptocurrency, and weapons or items resembling them.
AI adoption is outpacing the safeguards around it
The 2026 AI Index from Stanford’s Institute for Human-Centered Artificial Intelligence outlines the broader environment around AI growth, including economic value, labor market effects, and the role of AI sovereignty. It also examines developments in science and medicine, the saturation of benchmarks, and governance frameworks that are struggling to keep up.
Google to penalize sites that hijack the back button
Google is broadening its spam policies to crack down on “back button hijacking,” a deceptive practice where websites interfere with browser navigation, blocking users from returning to the page they came from.
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend
Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert tied to a regex vulnerability, adjusts OAuth redirect handling to match a recent Microsoft change, and ships fixes across IMAP, SMTP, CalDAV, and CardDAV subsystems.
OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support
OpenSSL 4.0.0 removes several long-deprecated features, adds support for Encrypted Client Hello, and introduces API-level changes that will require code updates for applications built against older versions.
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab
Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put them at risk. Legitify, an open-source tool from Legit Security, addresses that gap by scanning GitHub and GitLab environments and reporting policy violations across organizations, repositories, members, and CI/CD runner groups.
What changed in nginx 1.30.0 and what it means for your upstream config
nginx 1.30.0 brings together features accumulated across the 1.29.x mainline series. The release covers a broad range of changes, from protocol support additions to security-relevant fixes and new configuration options.
Raspberry Pi OS 6.2 disables passwordless sudo by default
Raspberry Pi OS 6.2, based on the Trixie version, introduces small changes, bug fixes, and disables passwordless sudo by default for new installations.
Wi-Fi roaming security practices for access network providers and identity providers
Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and credential-handling practices operators should apply to networks running Passpoint and OpenRoaming.
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA
Ente Auth is a free, open-source authenticator app designed to generate and store one-time passcodes for 2FA. It supports setup through QR codes and manual entry, allowing users to add accounts and begin generating codes.
OpenAI updates Agents SDK, adds sandbox for safer code execution
OpenAI’s updated Agents SDK helps developers build agents that inspect files, run commands, edit code, and handle tasks within controlled sandbox environments. The update provides standardized infrastructure for OpenAI models, a model-native harness that lets agents work with files and tools on a computer, and native sandbox execution for running tasks safely.
Google Play is changing how Android apps access your contacts and location
Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for managing new contact and location policy changes to support a smoother, more predictable app review experience.
Codex can now operate between apps. Where are the boundaries?
OpenAI is rolling out a major update to the Codex desktop app for users signed in with ChatGPT. Personalization features, including context-aware suggestions and memory, will roll out to Enterprise, Edu, and users in the EU and UK soon. Computer use is initially available on macOS and will expand to EU and UK users in the near future.
Cybersecurity jobs available right now: April 14, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: April 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Axonius, Broadcom, Siemens, and Sitehop.
