Help Net Security

Low-skilled attacker used Claude, Codex to breach 14 companies

Zeljka Zorz — Wed, 17 Jun 2026 15:43:00 +0000

Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromised server on which an attacker deployed Anthropic’s Claude Code and OpenAI’s Codex agents, the researchers discovered how easily the attacker was able to bypass most of the agents’ guardrails, and how little he actually needed to … More →

The post Low-skilled attacker used Claude, Codex to breach 14 companies appeared first on Help Net Security.

Another healthcare firm attacked days after Novo Nordisk breach

Sinisa Markovic — Wed, 17 Jun 2026 14:51:03 +0000

Medical technology company iRhythm Holdings disclosed a cyberattack involving certain third-party-hosted business applications that resulted in the theft of patient protected health information, proprietary data, and other personal data. The company discovered unauthorized activity on June 8, 2026, and launched an investigation with the assistance of external cybersecurity experts. A day later, a threat actor claimed to have obtained “sensitive information, including proprietary data, patient protected health information and other personal information” and demanded payment … More →

The post Another healthcare firm attacked days after Novo Nordisk breach appeared first on Help Net Security.

WitnessAI Agentic Control secures AI agents, tools, and MCP server access

Industry News — Wed, 17 Jun 2026 14:01:08 +0000

WitnessAI has announced extended agentic security capabilities that govern how AI agents interact with enterprise systems, tools, and Model Context Protocol (MCP) servers. With the launch of Agentic Control, enterprises have greater visibility and control over their AI agents with a single control plane to discover, monitor, govern, and restrict agent behaviors at runtime. Enterprises are deploying AI agents across chat applications, integrated development environments (IDE), and custom workflows, but security teams lack the visibility … More →

The post WitnessAI Agentic Control secures AI agents, tools, and MCP server access appeared first on Help Net Security.

Tigera introduces unified control plane for Kubernetes-based AI agent security

Industry News — Wed, 17 Jun 2026 13:49:02 +0000

Tigera has announced the general availability of Tigera Lynx, a unified control plane for Kubernetes-native AI agents. Lynx gives enterprises a single place to find every agent in their Kubernetes estate, tighten security posture, assign sandboxes, provide each agent with a cryptographic identity, enforce policy on every action it takes, audit agent activity, and detect anomalous behavior, all without changing a line of agent code. AI agents do not behave like the workloads enterprise security … More →

The post Tigera introduces unified control plane for Kubernetes-based AI agent security appeared first on Help Net Security.

Rokarolla Android trojan targets banking and crypto users, enables device takeover

Sinisa Markovic — Wed, 17 Jun 2026 13:23:46 +0000

A newly discovered Android banking trojan, dubbed Rokarolla, targets 217 banking and cryptocurrency applications and can execute 137 commands on infected devices, according to researchers at Zimperium. Named after its command-and-control (C2) infrastructure, Rokarolla is primarily distributed through malicious websites that impersonate popular applications such as TikTok and Google Chrome, fooling users into downloading what appears to be a legitimate app. Banker malware impersonating a legitimate app and requesting accessibility service (Source: Zimperium) Zimperium said … More →

The post Rokarolla Android trojan targets banking and crypto users, enables device takeover appeared first on Help Net Security.

Flip expands platform with digital identity, no-code apps, and AI automation

Industry News — Wed, 17 Jun 2026 12:55:40 +0000

Flip has announced Frontline Identity and Flip Fusion, two new offerings that help organizations securely connect frontline employees to enterprise systems, applications and AI-powered workflows. Flip’s new products expand the platform beyond employee communications, helping organizations provide secure digital identity, enterprise application access and AI-powered workflow automation through a single mobile experience. Frontline Identity brings secure digital identity to frontline workers Flip’s Frontline Identity is a digital identity and authentication platform purpose-built for frontline workers. … More →

The post Flip expands platform with digital identity, no-code apps, and AI automation appeared first on Help Net Security.

Corelight enhances Open NDR to detect AI-driven threats and unknown assets

Industry News — Wed, 17 Jun 2026 12:40:41 +0000

Corelight has expanded its Open NDR platform to include native network performance monitoring and passive asset classification capabilities. The release adds asset visibility to its existing anomaly detection foundation, helping security teams defend against AI-powered threats that can discover and weaponize vulnerabilities faster than patching programs can respond. This new AI-driven threat landscape renders strategies that rely on endpoint controls and patching alone insufficient. With this release, the same Zeek-based analysis engine that powers Corelight’s … More →

The post Corelight enhances Open NDR to detect AI-driven threats and unknown assets appeared first on Help Net Security.

ArmorCode helps product manufacturers prepare for EU Cyber Resilience Act requirements

Industry News — Wed, 17 Jun 2026 12:25:34 +0000

ArmorCode has announced new Cyber Resilience Act (CRA) capabilities within the ArmorCode Agentic AI Platform. The capabilities help manufacturers of products with digital elements (PDEs) prepare for the European Union’s cybersecurity regulation that will impact all sellers of these solutions in the region. ArmorCode now enables organizations to operationalize CRA requirements through a unified system of record that combines product security data, exploit-aware risk prioritization, disclosure workflow management, software bill of materials (SBOM) and vulnerability … More →

The post ArmorCode helps product manufacturers prepare for EU Cyber Resilience Act requirements appeared first on Help Net Security.

Legit Security brings agentic AI to AppSec remediation and risk reduction

Industry News — Wed, 17 Jun 2026 12:13:53 +0000

Legit Security has launched new remediation agents that independently prioritize issues, generate fixes, open pull requests, and confirm results using context learned from each organization’s distinct codebase. As AI allows attackers to exploit vulnerabilities faster than ever, rapid remediation becomes critical. As part of Legit’s agentic AppSec platform, these agents offer parallel remediation across code bases, critical when a common authentication bypass vulnerability is introduced through reused code and propagated across multiple services, along with … More →

The post Legit Security brings agentic AI to AppSec remediation and risk reduction appeared first on Help Net Security.

Tenable One adds continuous security control validation to improve exposure prioritization

Industry News — Wed, 17 Jun 2026 12:00:16 +0000

Tenable has announced extended continuous security control and validation capabilities within the Tenable One Exposure Management Platform. With security control visibility and evidence-based, contextualized insights, Tenable One confirms which cyber exposures are accessible and exploitable for more precise prioritization and overall risk reduction. Exploitability is highly dependent on the specifics of an organization’s environment. Without continuous security validation, security teams lack a reliable way to distinguish true threats from false positives, leading to inefficient remediation … More →

The post Tenable One adds continuous security control validation to improve exposure prioritization appeared first on Help Net Security.