Aggregator

Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows system. About CVE-2026-20841 For many, many years, Windows Notepad was a simple text editor and a staple tool for everyone who wanted a no-frills way to work with plain text, but in early 2022, Microsoft started redesigning it … More →

The post Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841) appeared first on Help Net Security.

AI is giving online romance scammers even more ways to hide and accelerate their schemes while making it more difficult for people to detect fraud operations that are resulting in billions of dollars being stolen every year from millions of victims.

The post AI is Supercharging Romance Scams with Deepfakes and Bots appeared first on Security Boulevard.

Black Duck has announced the availability of a set of enhanced Black Duck Polaris Platform integrations across all major source code management (SCM) platforms, including GitHub, GitLab, Azure DevOps, and Bitbucket. The Polaris Platform is an integrated, software-as-a-service application security platform powered by the static application security testing, software composition analysis, and dynamic application security testing engines. With development teams managing an explosion of human and AI-generated code and increasingly distributed development environments, manual onboarding … More →

The post Black Duck expands Polaris platform with unified, automated security across all major SCMs appeared first on Help Net Security.

The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.

The post Outlook add-in goes rogue and steals 4,000 credentials and payment data appeared first on Security Boulevard.

You must login to view this content

You must login to view this content

Research has shown that some AI models can identify phishing websites with near-perfect accuracy when asked. When those same models are used as autonomous agents with access to tools like email, web browsers, and password vaults, they can still carry out the scam. That gap is the focus of a new open source benchmark from 1Password called the Security Comprehension and Awareness Measure, or SCAM. The benchmark tests whether AI agents behave safely during real … More →

The post 1Password open sources a benchmark to stop AI agents from leaking credentials appeared first on Help Net Security.

NowSecure announced the launch of AI-Navigator, new functionality that streamlines and improves mobile application security testing. By automating authentication workflows, NowSecure enables security teams to dynamically test mobile apps for vulnerabilities and privacy leaks up to 90% faster. “Mobile apps are the front door to enterprise and consumer data, but security teams have struggled to continuously test them because they are unable to log in,” said NowSecure CTO David Weinstein. “Unauthenticated testing overlooks up to … More →

The post NowSecure AI-Navigator cuts mobile app testing time by automating authentication appeared first on Help Net Security.