Help Net Security Daily information security news with a focus on enterprise security.
- Spirals ransomware locks down victim systems in under 24 hoursby Sinisa Markovic on July 17, 2026 at 12:25 pm
A previously unknown ransomware strain called Spirals was used last month in an attack against an IT services company in South Asia, where attackers went from initial access to data theft and encrypting the network in less than 24 hours, according to Symantec’s Threat Hunter Team. Spirals encrypts files quickly after gaining a foothold Spirals is written in Rust and encrypts files using a separate AES-128 key per file, each wrapped with an attacker-controlled ECDH … More → The post Spirals ransomware locks down victim systems in under 24 hours appeared first on Help Net Security.
- Scammers weaponize FaceTime to drain bank accountsby Sinisa Markovic on July 17, 2026 at 10:02 am
Apple is warning iPhone and iPad users that scammers are using FaceTime calls to trick them into handing over money and account details. According to Apple, scammers pose as trusted organizations and use social engineering to convince people to hand over account credentials, security codes, and financial information. Apple says a caller can fake its number entirely, a trick known as spoofing, so the incoming call looks like it comes from Apple or a bank … More → The post Scammers weaponize FaceTime to drain bank accounts appeared first on Help Net Security.
- Claude can now sign into websites with 1Password without exposing your credentialsby Anamarija Pogorelec on July 17, 2026 at 9:17 am
1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets. The integration is available to paid Claude subscribers (Pro, Max, Team, and Enterprise) using Claude Desktop on macOS and to 1Password customers on individual, family, and business plans. It requires a Mac, Claude Desktop, Claude in Chrome, the 1Password desktop app, and the 1Password browser extension. For Team and … More → The post Claude can now sign into websites with 1Password without exposing your credentials appeared first on Help Net Security.
- Ransomware attack halts Coca-Cola’s Fairlife US milk productionby Sinisa Markovic on July 17, 2026 at 8:04 am
A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC). “Product quality and safety have not been impacted. However, as a result of the incident, production operations at fairlife in the United States are temporarily suspended. fairlife’s Canada production operations are … More → The post Ransomware attack halts Coca-Cola’s Fairlife US milk production appeared first on Help Net Security.
- Prompt injection is becoming the XSS of the web agent eraby Anamarija Pogorelec on July 17, 2026 at 6:00 am
Autonomous web agents read whatever a page displays, and much of that content comes from strangers. Product reviews, seller listings, and advertisements sit beside trusted site menus on a single page. An agent that reads all of that text as instructions can be steered by any of it. A group at UC Berkeley describe Cross-Site Prompting, or XSP, as the agent-era version of Cross-Site Scripting. Their system, Prismata, sits between a web agent and the … More → The post Prompt injection is becoming the XSS of the web agent era appeared first on Help Net Security.
- The script, not the voice, is what makes AI voice phishing workby Sinisa Markovic on July 17, 2026 at 5:30 am
The call comes in at 4:40 on a Friday. The voice belongs to a senior manager, or sounds close enough, and she needs a password reset before a flight. She is polite, she is in a hurry, and she has the last four of the badge number. Researchers at Harvard Kennedy School, Meta and elsewhere ran a version of that moment past 4,100 US adults, using six commercial voice systems and human callers as a … More → The post The script, not the voice, is what makes AI voice phishing work appeared first on Help Net Security.
- The five step plan that cuts security budget wasteby Help Net Security on July 17, 2026 at 5:00 am
In this Help Net Security video, Viktor Bulanek, CTO of Penetrify, explains where security budget waste comes from. Budgets get built around vendor categories, compliance checkboxes, and last year’s headlines. Attackers work along attack paths, and that mismatch is where the money goes. He walks through the two big leaks, overlapping tools that flag the same issue three times, and shelfware that covers a third of the estate at 100% of the invoice. The license … More → The post The five step plan that cuts security budget waste appeared first on Help Net Security.
- A hard drive reliability check on 341,263 drives, from 4TB to past 20TBby Anamarija Pogorelec on July 17, 2026 at 4:30 am
Large cloud storage operators track their hard drives every day, recording which units keep running and which ones drop off the racks. Backblaze does this at scale, and its Q1 2026 report covers a fleet built for continuous use. The analysis covered 341,263 hard drives, after boot drives and a small group of units that missed the reporting thresholds were set aside. The pool spans capacities from 4TB to past 20TB. The quarterly annualized failure … More → The post A hard drive reliability check on 341,263 drives, from 4TB to past 20TB appeared first on Help Net Security.
- New infosec products of the week: July 17, 2026by Anamarija Pogorelec on July 17, 2026 at 4:00 am
Here’s a look at the most interesting products from the past week, featuring releases from Cloudflare, Lineation.ai, Nudge Security, and Polygraf AI. Polygraf AI Meeting Guard delivers real-time deepfake detection for enterprise meetings Polygraf AI has announced Meeting Guard, a real-time AI fraud detection solution for enterprise meetings built to detect fraud and protect meeting security. It joins virtual meetings as a visible participant and delivers near-real-time security analysis to every attendee. Built for enterprise … More → The post New infosec products of the week: July 17, 2026 appeared first on Help Net Security.
- Scattered Spider members jailed over Transport for London hack that cost £29 millionby Sinisa Markovic on July 16, 2026 at 1:48 pm
Two members of the notorious “Scattered Spider” hacking collective have been sentenced to five years and six months in prison each for a cyberattack on Transport for London (TfL) that disrupted services for thousands of commuters and cost the transport authority an estimated £29 million. Thalha Jubair, 20, of East London, and Owen Flowers, 18, of Walsall, pleaded guilty last month, on the day their trial was set to start. The National Crime Agency (NCA) … More → The post Scattered Spider members jailed over Transport for London hack that cost £29 million appeared first on Help Net Security.






