Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Reflectiz to Host Webinar, Joined by Taboola, on Securing Third-Party Marketing in the AI Era

Reflectiz, the web exposure management platform, today announced a live webinar with Taboola, "Securing Third-Party Marketing in the AI Era," taking place July 8 at 9 AM EDT / 3 PM CEST. Every marketing vendor a company approves can silently introduce third and fourth-party scripts that no security team ever reviewed. In the AI era, that invisible layer is expanding faster than point-in-time audits can track. The gap between what an organization approves and what actually executes on its site is where data leakage, regulatory exposure, and compliance failures happen.

OpenMatter Network Introduces Verifiable Trust Layer for Secure Collaboration and AI Agents

OpenMatter Network today announced the launch of its cryptographically verifiable platform for secure collaboration and AI governance, built on a simple premise: Don't Trust Data. Prove It. For decades, organizations have relied on trust-based assumptions to secure data, execute workloads, and govern digital systems. But as data becomes increasingly distributed and AI agents begin operating autonomously across organizations, applications, and networks, those assumptions are being tested in new ways.

Proof Over Prediction: What Happens When You Actually Watch Who's Attacking AI Infrastructure

Customer telemetry shows how AI agents behave in a limited set of production environments and what risks they carry. Vulnerability research surfaces how those environments can be attacked. Both sources are valuable, but neither shows actual attacker behavior or how quickly they operationalize a new vulnerability once it's public.

CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caused by improper validation of OpenID Connect (OIDC) token signatures. When OIDC is configured with group-authenticated login settings, unauthenticated attackers can forge identity tokens to bypass multi-factor authentication and gain privileged technician-level access to vulnerable SimpleHelp servers — without valid credentials.

Critical Remote Code Execution Vulnerability in libssh2 Client Library Require Urgent Mitigation

A suite of severe vulnerabilities has been disclosed in libssh2 (an SSH client library widely embedded in software such as curl, Git GUI clients, PHP, backup tools, and many IoT/embedded devices). The most critical, CVE-2026-55200 (CVSS 9.2/9.8), is a memory corruption bug in libssh2’s ssh2_transport_read() triggered by a malicious SSH server pre-authentication via a crafted packet_length.

Brace Yourself: Denial-of-Service in a Billion-Download Dependency

brace-expansion is a very popular npm package with over 38 billion all-time downloads (yeah, over 38,000,000,000) and used by tooling almost every JavaScript project relies on - eslint, glob, and npm itself. Despite being in the public eye for a while, we found a new Denial-of-Service vulnerability that could affect millions. This post walks through what the package does, existing issues that were fixed, and the new one we found - CVE-2026-13149.

Top Remote Access Software Providers Ranked by Security, Features, and Business Value

Choosing a remote access tool is a security decision before it is a convenience one, because every session is a potential doorway into your systems. The top remote access software providers ranked here are judged on three things that matter to security-conscious organizations: how well they protect each connection, how complete their feature set is, and how much value they deliver for the price. Splashtop leads because it scores highly on all three, pairing bank-grade security with the performance and pricing that suit teams of any size.

Multi-Factor Authentication for High-Security Facilities

Security threats targeting critical facilities have reached a level of sophistication that most organizations simply weren't built to handle. Data centers, government buildings, pharmaceutical labs: unauthorized access to any of these environments can trigger genuinely irreversible consequences. Here's a number worth sitting with: organizations deploying multi-factor authentication are 75% less likely to be compromised than those still relying on legacy methods. One statistic. Enormous implications. The era of badges and PINs as a primary defense is over, and facilities that haven't accepted that yet are running on borrowed time.