Malware Deployed via Fortinet and Trend Micro Flaw Exploits

Post Views: 1

Recent High-Security Threats and Patches

In recent times, there have been several high-security threats and patches released by various organizations.

Microsoft Patch for SharePoint RCE Bug

Microsoft has released patches for a high-severity remote code execution vulnerability (CVE-2026-45659) in SharePoint that may be exploited in low-complexity attacks. This vulnerability affects the SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.

Trend Micro Apex One Flaw Exploited in Zero-Day Attacks

A relative directory path traversal vulnerability (CVE-2026-34926) in Trend Micro’s Apex One platform has been exploited in zero-day attacks, the company confirmed. Trend Micro Apex One is a security platform that protects all the devices in an organization from cyber threats.

New InfoStealer via FortiClient EMS Vulnerability

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS).

Manage Machine Identities

Every automation, integration, and workload needs authentication and permissions, creating a large population of machine identities such as service accounts, service principals, workload roles, OAuth apps, AI agents, and IAM roles.

Lessons from the Verizon 2026 Data Breach Investigations Report

The latest Verizon 2026 Data Breach Investigations Report (DBIR) offers valuable insight into the evolving cyber threat landscape. Based on more than 31,000 security incidents and 22,000 confirmed data breaches across 145 countries, the vendor-neutral report draws on data from police forces, cybersecurity companies, and CSIRTs.

Building a Risk-Based Vulnerability Management Program That Scales

In this Help Net Security video, Shankar Somasundaram, CEO at Asimily, explains how to build a risk-based vulnerability program. He notes that vulnerabilities are exploding by an order of magnitude in the age of AI-driven attacks, with one customer finding a thousand vulnerabilities for every one they knew about.

Boards Want Cyber Risk in Dollars, Not CVE Counts

In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business terms, not technical jargon.

The Alert Economy Is Driving Security Analyst Burnout

In this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing repetitive tickets while the institutional knowledge of senior staff walks out the door when they quit, taking organizational context with them and driving up false positives.

OpenHack: Open-Source AI-Powered Vulnerability Research

Source-guided vulnerability research increasingly leans on coding harnesses such as Claude Code, Codex, and Cursor to drive agent-based reviews of application code. A new MIT-licensed project from the Dutch security firm Hadrian, called OpenHack, packages that approach into a file-based workspace that any of those harnesses can run.

Authorities Seize 800 Servers Used for Cyberattacks and Disinformation

Dutch authorities arrested two men and seized 800 servers linked to a hosting provider that investigators say supported Russian activities aimed at undermining democracy and security through cyberattacks, disinformation, and disruption of public and economic systems.

Cisco Refines Its Risk-Based Vulnerability Disclosure for the AI Era

Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review.

Anthropic Adds 28 Security and Compliance Integrations for Claude

To address the growing security and oversight requirements of AI usage, Anthropic introduced 28 integrations with security and compliance tools that allow IT and security teams to manage Claude in the same way they manage other applications in their environments.

What Happens When Security Teams Inherit Identity?

Eric Woodruff, Chief Identity Architect at Semperis, shared his perspective on where organizations struggle with identity, why identity platforms become difficult to manage, how phishing-resistant authentication works in practice, and what non-human identities and AI could mean for security.