Help Net Security

French government messaging platform breached through account hijacking

Sinisa Markovic — Tue, 09 Jun 2026 14:04:43 +0000

French authorities are investigating a compromise of Tchap, the government’s secure messaging platform, after hackers hijacked a user account and gained access to public chat rooms. Tchap is the French government’s messaging platform for civil servants, ministries, and public agencies. Built on the open-source Matrix protocol, it was developed to keep government communications on infrastructure managed by the French state rather than foreign technology providers. The Interministerial Directorate for Digital Affairs (DINUM) said the incident … More →

The post French government messaging platform breached through account hijacking appeared first on Help Net Security.

Elastic brings AI-driven incident investigation to Kubernetes and observability tools

Industry News — Tue, 09 Jun 2026 13:55:16 +0000

Elastic has introduced an agentic Kubernetes investigation workflow and MCP-based observability skills that diagnose incidents the moment an alert fires. By the time an SRE opens the alert, the root cause has already been identified, evidence has been assembled, and recommended next steps have been surfaced. For teams running Kubernetes at scale, the gap between alert and answer costs time, compounds outages, and wears down on-call engineers. Elastic closes that gap by starting the investigation … More →

The post Elastic brings AI-driven incident investigation to Kubernetes and observability tools appeared first on Help Net Security.

Filigran launches XTM One to automate CTEM with AI agents

Industry News — Tue, 09 Jun 2026 13:31:47 +0000

Filigran has announced XTM One, an AI-native agentic layer that automates Continuous Threat Exposure Management (CTEM) workflows across the Filigran XTM Platform. XTM One introduces a dedicated AI orchestration layer that connects OpenCTI and OpenAEV into a single, continuous workflow. Security teams move manually between tools, ingesting threat intelligence in one system, building attack scenarios in another, and tracking remediation in separate dashboards. XTM One automates those handoffs by coordinating AI agents across the lifecycle, … More →

The post Filigran launches XTM One to automate CTEM with AI agents appeared first on Help Net Security.

Rockwell Automation adds AI-powered security tools to SecureOT Suite

Industry News — Tue, 09 Jun 2026 13:11:50 +0000

Rockwell Automation has announced the launch of three enhanced offerings within the SecureOT solution suite: OT Cybersecurity Assessment Suite, SecureOT Platform Managed Services and Managed Secure Remote Access (MSRA). Facing an increasing volume of alerts and limited visibility into operational technology (OT) assets, cybersecurity teams are under pressure to detect and respond quickly. SecureOT’s industrial cybersecurity solution suite enables industrial enterprises to stay proactive and resilient without the need to add infrastructure or specialized staff. … More →

The post Rockwell Automation adds AI-powered security tools to SecureOT Suite appeared first on Help Net Security.

LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271)

Zeljka Zorz — Tue, 09 Jun 2026 11:37:31 +0000

A command injection vulnerability (CVE-2026-42271) in BerryAI’s LiteLLM open-source AI gateway is being exploited by attackers, the US Cybersecurity and Infrastructure Security Agency (CISA) confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog on Monday. About CVE-2026-42271 LiteLLM is an open-source library that provides a unified interface for calling many different large language model APIs using a single (OpenAI) format. It’s used by both developers and enterprises, to avoid vendor lock-in, centrally manage … More →

The post LiteLLM vulnerability under active attack, CISA warns (CVE-2026-42271) appeared first on Help Net Security.

Google patches Chrome zero-day exploited in the wild (CVE-2026-11645)

Sinisa Markovic — Tue, 09 Jun 2026 11:24:41 +0000

Google has fixed 74 vulnerabilities in Chrome, including a high-severity zero-day (CVE-2026-11645) that has been exploited in the wild. “Google is aware that an exploit for CVE-2026-11645 exists in the wild,” the company said in a Monday security advisory. The fix has been shipped in Chrome 149.0.7827.102/.103 for Windows and macOS and Chrome 149.0.7827.102 for Linux, with the update rolling out to users over the coming days and weeks. About CVE-2026-11645 CVE-2026-11645 is an out-of-bounds … More →

The post Google patches Chrome zero-day exploited in the wild (CVE-2026-11645) appeared first on Help Net Security.

Apple Intelligence can now replace weak passwords without user intervention

Anamarija Pogorelec — Tue, 09 Jun 2026 11:19:28 +0000

Apple’s next generation of Apple Intelligence, the company’s personal intelligence system, expands its capabilities and introduces new security features in Passwords. Automatically Fix Passwords (Source: Apple) Introduced as a standalone app in 2024, Passwords gives users a central place to store and access passwords, passkeys, Wi-Fi credentials, and verification codes. It alerts users when a password is weak, reused, or exposed in a known data breach and recommends updating it. Any required changes previously had … More →

The post Apple Intelligence can now replace weak passwords without user intervention appeared first on Help Net Security.

Apple expands what parents can block, approve, and limit

Anamarija Pogorelec — Tue, 09 Jun 2026 09:55:59 +0000

Apple has previewed a set of new child safety features coming to iPhone, iPad, and the Mac later this year, expanding parental controls with tools that help families manage app access, web browsing, communication, and screen time. The features will arrive with updates to iOS 27, iPadOS 27, and macOS 27 this fall. Apple said the changes are designed to help parents create age-appropriate digital experiences and build on the company’s existing child safety tools. … More →

The post Apple expands what parents can block, approve, and limit appeared first on Help Net Security.

Mythos Preview can weaponize N-day vulnerabilities in hours

Sinisa Markovic — Tue, 09 Jun 2026 09:19:53 +0000

Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerabilities unknown to software vendors. The new study examines N-days, vulnerabilities that have already been disclosed and patched but remain present on unpatched systems. “In some ways, N-days are the more dangerous of the two, because the patch itself … More →

The post Mythos Preview can weaponize N-day vulnerabilities in hours appeared first on Help Net Security.

The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic

Help Net Security — Tue, 09 Jun 2026 06:00:23 +0000

The advent of AI-assisted vulnerability discovery and autonomous exploit development has brought about a new age in cybersecurity—one in which we can no longer rely on patching as a primary defense mechanism. Patching is, by definition, a reactive approach to security. It cannot occur until after a vulnerability is discovered and a vendor fix is made available, an operational delay that all too often lands well after an exploit is already weaponized in the wild. … More →

The post The architecture of subtraction: Why it’s time to erase the roads, not just map the traffic appeared first on Help Net Security.