Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
BlacksmithAI: Open-source AI-powered penetration testing framework
BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. BlacksmithAI runs as a hierarchical system in which an orchestrator coordinates task execution across specialized agents.
Security debt is becoming a governance issue for CISOs
Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational pattern, fixes lag discovery, and older weaknesses stay open across release cycles.
Your dependencies are 278 days out of date and your pipelines aren’t protected
Applications continue to ship with known weaknesses even as development workflows speed up. A new Datadog State of DevSecOps 2026 report examines how dependency management and pipeline practices are influencing exposure across cloud native environments.
AI went from assistant to autonomous actor and security never caught up
Enterprise AI deployments have shifted from pilot programs to production systems handling customer data, executing business transactions, and integrating with core infrastructure. That has exposed a significant gap between what AI agents can do and what security teams can observe or control.
Cybersecurity is now the price of admission for industrial AI
Industrial organizations are accelerating AI deployment across manufacturing, utilities, and transportation and running straight into a security problem. Cisco’s 2026 State of Industrial AI Report, based on responses from more than 1,000 decision-makers across 19 countries, finds that cybersecurity has become the single largest obstacle to AI adoption, outranking skills gaps, integration challenges, and budget constraints.
Cybersecurity professionals are burning out on extra hours every week
Cybersecurity professionals in the U.S. are working an average of 10.8 extra hours per week beyond their contracted schedules, according to survey data collected from 300 cybersecurity and IT leaders by Sapio Research. That figure effectively adds a sixth working day to the standard week for a large portion of the field. Nearly half of respondents reported working 11 or more overtime hours weekly, and one in five logged more than 16 additional hours.
The vulnerability that turns your AI agent against you
Zenity Labs disclosed PleaseFix, a family of critical vulnerabilities affecting agentic browsers, including Perplexity Comet, that allow attackers to hijack AI agents, access local files, and steal credentials within authenticated user sessions. The vulnerabilities can be triggered through malicious content embedded in routine workflows, enabling unauthorized actions without user awareness.
Threat actors weaponize OAuth redirection logic to deliver malware
An ongoing phishing campaign is abusing the OAuth authentication redirection mechanism to avoid triggering conventional email and browser defenses, Microsoft researchers have revealed. The attackers are targeting government and public-sector organizations, and redirecting unsuspecting users from trusted login pages to their own infrastructure, to serve malware or capture login credentials.
Coruna: Spy-grade iOS exploit kit powering financial crime
A powerful iOS exploit kit has circulated among multiple threat actors over the past year, moving from a commercial surveillance operation to state-linked espionage campaigns and, ultimately, ended into the hands of financially motivated hackers, according to new research from Google’s Threat Intelligence Group (GTIG).
Over 1,200 IceWarp servers still vulnerable to unauthenticated RCE flaw (CVE-2025-14500)
A critical RCE vulnerability (CVE-2025-14500) in IceWarp, an EU-made business communication and collaboration platform, may be exploited by attackers to gain unauthorized access to exposed unpatched servers. According to the Shadowserver Foundation, there are currently over 1,200 internet-facing instances that have yet to receive a fix, and the organization is sending out alerts to the owners, urging them to update.
As AI agents start making purchases, security teams must rethink risk
In this Help Net Security interview, Donald Kossmann, CTO at fintech company Chargebacks911, talks about the emerging security, fraud, and governance risks of “agentic commerce,” where AI agents can autonomously make purchasing decisions on behalf of users or organizations.
FreeScout vulnerability enables unauthenticated, zero-click RCE via email (CVE-2026-28289)
A newly discovered vulnerability (CVE-2026-28289) in the open-source help desk platform FreeScout could allow attackers to take over vulnerable servers by sending a specially crafted email to a FreeScout mailbox. FreeScout is a free, open-source help desk and shared inbox system used by businesses or teams to manage customer support conversations in one place.
Cisco warns of SD-WAN Manager exploitation, fixes 48 firewall vulnerabilities
Cisco has confirmed that two Catalyst SD-WAN Manager vulnerabilities (CVE-2026-20128 and CVE-2026-20122) patched in late February 2025 are being exploited by attackers. CVE-2026-20128 is a bug in the Data Collection Agent (DCA) feature of Cisco Catalyst SD-WAN Manager, which could allow an authenticated, local attacker to gain DCA user privileges on an affected system.
Iran-linked APT targets US critical sectors with new backdoors
An Iran-linked hacking group has been active inside the networks of several US organizations since early February, raising concerns that the activity could precede broader cyber operations connected to escalating geopolitical tensions in the Middle East.
Why workforce identity is still a vulnerability, and what to do about it
Most organizations believe they have workforce identity under control. New hires are verified. Accounts are provisioned. Multi-factor authentication is enforced. Audits are passed. Then a breach happens, often through an account that was “properly secured.” But the problem can be traced back to the fact that identity verification, provisioning, authentication, and recovery operate as separate events, not a continuous system of trust.
Engineering trust: A security blueprint for autonomous AI agents
AI agents have evolved from just chatbots, answering questions to executing actions using various integrated tools, often autonomously, and as such the traditional security models have become less efficient. A single malicious instruction hidden in a webpage (that the agent processes), can manipulate that agent into performing unintended actions or leaking sensitive data.
March 2026 Patch Tuesday forecast: Is AI security an oxymoron?
Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI functionality in their products directly. But just how secure are these AI tools and routines themselves? Recent reports show they suffer from vulnerabilities just like any other code.
When cyber threats start thinking for themselves
In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security teams have traditionally measured risk through volume, speed, and sophistication.
Why phishing still works today
In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it. He outlines how phishing now uses HTTPS, branded pages, and lookalike domains, making attacks harder to spot. He highlights communication overload as a key weakness that attackers exploit.
Motorola turns to GrapheneOS for smartphone security upgrade
Motorola is strengthening smartphone security through a long-term partnership with the GrapheneOS Foundation, a mobile security nonprofit that develops a hardened operating system based on the Android Open Source Project.
Anthropic’s Claude hit by widespread service outage (updated)
Anthropic suffered widespread service disruptions Monday morning, leaving thousands of users unable to access its Claude AI platform. Most users reporting problems said they encountered errors when attempting to log in.
Meta AI in WhatsApp organizes chats and reopens privacy issues
The trend of integrating AI into digital platforms continues. In the latest Android beta release (2.26.9.4), the company has introduced a feature that allows users to organize their chat history with the help of Meta AI.
Anthropic poaches users from rival chatbots with easier migration
The controversy over Anthropic’s negotiations with the Pentagon has driven increased interest in Claude. Negotiations between the Department of Defense and Anthropic collapsed after a deadline for an agreement expired without a deal. The Pentagon had pressed the company to loosen certain restrictions on how its AI systems could be used. Anthropic declined and kept its existing policy limits in place.
$100 radio equipment can track cars through their tire sensors
When people consider what might track their movements, they think of smartphone apps, GPS services, or roadside cameras. The tires of a new car rarely enter that equation. Researchers at IMDEA Networks Institute, together with European partners, found that Tire Pressure Monitoring System (TPMS) sensors inside each wheel broadcast unencrypted wireless signals containing persistent identifiers.
Google speeds up Chrome updates with new security-focused release cycle
The Chrome browser is moving to a two-week release cycle, a change intended to give developers and users faster access to new features, performance improvements and bug fixes. The new schedule begins with the stable release of Chrome 153 on September 8, 2026, followed by new beta and stable releases every two weeks. The change applies to desktop, Android and iOS platforms, while the Dev and Canary channels remain unchanged.
Workers reviewing Meta Ray-Ban footage encounter users’ intimate moments
Bank details and intimate moments captured without people realizing they are being recorded are the new privacy nightmare behind the latest tech fashion hit, Meta Ray-Ban smart glasses. A joint investigation by Svenska Dagbladet and Göteborgs-Posten found that footage and audio recorded by Meta’s Ray-Ban smart glasses are reviewed by human contractors in Kenya, including recordings containing sensitive personal material.
Authorities pull plug on Tycoon 2FA phishing-as-a-service platform
Tycoon 2FA, a phishing-as-a-service platform that allowed cybercriminals to bypass MFA and break into online accounts, has been disrupted by law enforcement agencies and cybersecurity partners.
Western governments lay the groundwork for secure 6G networks
Governments are preparing for 6G, the next generation of mobile networks, placing security and resilience among their top priorities. In response, seven countries participating in the Global Coalition on Telecoms (GCOT) have introduced a set of 6G Security and Resilience Principles, developed with support from industry partners.
Backup strategies are working, and ransomware gangs are responding with data theft
Business email compromise (BEC) and funds transfer fraud combined for 58% of all cyber insurance claims filed in 2025, according to data from Coalition covering more than 100,000 policyholders across the United States, Canada, the United Kingdom, Australia, and Germany.
OpenAI’s GPT-5.4 doubles down on safety as competition heats up
In the midst of recent developments and controversies surrounding a contract with the U.S. Department of Defense, OpenAI released the GPT-5.4 model. The release comes at a time when users are reportedly leaving ChatGPT for rival chatbots, particularly Anthropic’s Claude.
Microsoft working on Teams feature to keep unauthorized bots at bay
Microsoft plans to add a new Teams feature that lets meeting admins identify and control third-party bots before they join. According to the Microsoft 365 Roadmap, the feature is scheduled to begin rolling out in May 2026 on Desktop, Mac, Linux, iOS, and Android versions of Microsoft Teams.
AI risk moves into the security budget spotlight
Enterprises are pushing AI deeper into workflows that touch sensitive data across cloud platforms and SaaS apps. The 2026 Thales Data Threat Report, based on a survey of 3,120 respondents in 20 countries, places that shift alongside growing pressure on data protection, identity controls, and cloud security.
UK reduces cyberattack fix times from two months to eight days
The UK government has launched a new vulnerability monitoring service (VMS) that promises to reduce the time needed to fix critical cyber weaknesses across the public sector. The service, launched as part of the Blueprint for Modern Digital Government, published in January 2025, continuously scans internet-facing systems at around 6,000 public sector organizations. Using commercial and proprietary tools, it detects about 1,000 types of cyber vulnerabilities.
IPFire ships its 200th core update with a new domain blocklist and kernel upgrade
Network firewall distribution IPFire released Core Update 200, marking the 200th incremental update to the 2.29 branch. The release bundles a kernel upgrade, a beta domain blocklist service, security patches for OpenSSL and glibc, and a range of component updates.
5 years of shifting cybersecurity behavior
Online security is built through routine decisions made across devices and accounts. People choose how to create passwords, how often to reuse them, and how much effort to invest in protecting personal data. The National Cybersecurity Alliance and CybSafe’s Oh, Behave! The Cybersecurity Attitudes and Behaviors Report: 2021–2025 follows those patterns over five years, drawing on responses from more than 24,000 adults and documenting how attitudes and behaviors shift over time.
Healthcare organizations are accepting cyber risk to cut costs
Healthcare organizations are cutting cybersecurity budgets under financial pressure even as the threats targeting their systems intensify. A PwC survey of 381 global healthcare executives, conducted between May and July 2025, puts numbers to the gap between the risks the sector faces and the controls it has in place.
Android’s March 2026 security patch fixes over 100 flaws, one under targeted exploitation
The Android March 2026 security patch addresses vulnerabilities across dozens of components and includes one CVE confirmed under active exploitation. Devices running a patch level of 2026-03-05 or later receive fixes for all disclosed issues.
New Defender deployment tool streamlines Windows device onboarding with single executable
Microsoft’s Defender deployment tool for Windows helps administrators manage device onboarding at scale with updated progress visibility and additional controls.
Cloudflare tracked 230 billion daily threats and here is what it found
Cloudflare’s network blocks over 230 billion threats per day. The volume indicates how routine and automated the attack cycle has become, and the patterns behind that volume point to a shift in how breaches begin and progress. Cloudflare’s threat research unit, Cloudforce One, published its inaugural cyber threat report 2026, covering activity observed through 2025 and projecting into the year ahead. The report draws on telemetry from Cloudflare’s network, which handles roughly 20% of global web traffic.
Immutable Linux distribution Nitrux 6.0.0 adds GPU passthrough, boot-level recovery, C++ update system
Nitrux 6.0.0, released March 3, 2026, packages several components that security practitioners running Linux workstations will find worth examining: a new hypervisor orchestrator with IOMMU-enforced isolation, a rewritten update system with cryptographic verification, and a recovery mechanism that operates from within the boot process itself.
LeakBase cybercrime forum with 142,000 users taken down in global operation
LeakBase, an open-web cybercrime forum facilitating the trade of leaked databases and “stealer logs” containing stolen credentials, has been taken down in an international law enforcement operation coordinated by Europol and involving authorities from 14 countries.
Google changes Play Store policies after settling Epic Games dispute
Google is making changes to the Play Store after settling its legal fight with Epic Games, focusing on three areas: more billing options, lower fees with new programs for developers, and a program for registered app stores.
That attractive online ad might be a malware trap
Malware increasingly travels through the infrastructure that delivers online advertising. The Media Trust’s Global Report on Digital Trust, Ad Integrity, and the Protection of People describes a digital ad ecosystem where scam campaigns, malicious redirects, and malware delivery appear alongside marketing traffic.
What happens when AI teams compete against human hackers
A cybersecurity competition produced what may be the largest controlled dataset comparing AI-augmented teams to human-only teams on professional-grade offensive security tasks. The event, called NeuroGrid, ran for 72 hours on the Hack The Box platform and drew 1,337 registered human-only teams and 156 registered AI-agent teams competing across 36 challenges in nine security domains at four difficulty levels.
Cursor Automations turns code review and ops into background tasks
Cursor Automations, the always-on agent platform from Cursor, is expanding with a new generation of autonomous systems that streamline code review, incident response, and other engineering workflows. The platform runs AI agents on schedules or in response to development events.
New cyber module strengthens risk planning for health organizations
The Administration for Strategic Preparedness and Response’s (ASPR) new cybersecurity module in the Risk Identification and Site Criticality (RISC) 2.0 Toolkit helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation to reduce disruptions to patient care and strengthen resilience.
Secure by Design: Building security in at the beginning
Secure by Design is not a single tool, product, or one‑time activity. It is a holistic approach that requires security to be deliberately embedded from the very beginning, at the point where systems, software, and services are conceived and designed. Rather than reacting to vulnerabilities after deployment, Secure by Design emphasizes anticipating risk early and addressing it through intentional design decisions, clearly defined security requirements, and accountability across the entire lifecycle.
Webinar: The True State of Security 2026
In the webinar The True State of Security 2026, you’ll gain insight into why AI is distracting teams from more persistent risks and how human access and permissions remain the weakest link. You’ll also learn why current security workflows are slowing organizational growth and what a balanced security strategy should look like heading into 2026.
Cybersecurity jobs available right now: March 3, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: March 6, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Beazley Security, Push Security, Samsung, and Tufin.
