Aggregator

You must login to view this content

A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is automated scanning for vulnerable systems, but according to Greynoise and Defused, a suspected initial access broker has been prepping unpatched instances with a “sleeper” webshell for follow-on exploitation by other threat actors. “On February 9, Defused Cyber reported a campaign deploying dormant in-memory Java class loaders to compromised … More →

The post Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells appeared first on Help Net Security.

Microsoft has begun updating Secure Boot certificates originally issued in 2011 to ensure that Windows devices continue to verify boot software as older certificates reach the end of their lifecycle and begin expiring in June 2026. How Secure Boot certificate updates work For most individuals and businesses that allow Microsoft to manage updates, the new certificates will install automatically with monthly Windows updates, requiring no additional action. For specialized systems, such as servers and IoT … More →

The post Microsoft begins Secure Boot certificate update for Windows devices appeared first on Help Net Security.

CodeHunter is expanding its behavioral intent technology beyond traditional malware analysis to address supply chain risk and security decision-making across the software development lifecycle (SDLC). According to a recent Gartner report, “software supply chains transcend organizational boundaries and consist of external entities in addition to internal systems.” Gartner also warns that “improper artifact integrity validation allows attackers to poison the software delivery pipeline and compromise the software being delivered”. Originally built to overcome the limitations … More →

The post CodeHunter expands behavioral intent analysis to secure the software supply chain appeared first on Help Net Security.

Kong has announced Kong Context Mesh, a product that automatically discovers enterprise APIs, transforms them into agent-consumable tools, and deploys them with runtime governance. “Organisations have spent years building APIs as the nervous system of the enterprise. Context Mesh allows them to reuse that investment to power agents instead of starting from scratch,” said Marco Palladino, CTO of Kong. “The challenge is that agents are only as good as the enterprise context they can reach. … More →

The post Kong launches Context Mesh to turn enterprise APIs into agent-ready tools appeared first on Help Net Security.

You must login to view this content