News – Help Net Security

Two vulnerabilities (CVE-2026-39813, CVE-2026-39808) in FortiSandbox could be leveraged by unauthenticated attackers to bypass authentication and execute unauthorized code or commands on vulnerable systems. Both vulnerabilities can be triggered with a specially crafted HTTP request, putting unpatched FortiSandbox deployments at risk. About FortiSandbox FortiSandbox is Fortinet’s security solution for detecting and analyzing advanced threats. It does so by detonating suspicious files and URLs in an isolated environment and returning verdicts. Other Fortinet products – firewalls, … More → The post Fortinet fixes critical FortiSandbox vulnerabilities (CVE-2026-39813, CVE-2026-39808) appeared first on Help Net Security.

Google’s new set of Google Play policy updates and account transfer feature strengthen user privacy and protect businesses from fraud. Google is also expanding features for managing new contact and location policy changes to support a smoother, more predictable app review experience. By October, Play policy insights in Android Studio can help developers identify if their apps should use new features and will guide them on the steps to take. From October 27, new pre-review … More → The post Google Play is changing how Android apps access your contacts and location appeared first on Help Net Security.

The Tails Project released Tails v7.6.2, an emergency release of the popular open source secure portable operating system. What is Tails? Tails, which is based on Debian GNU/Linux, is aimed at users who want to preserve their online privacy and anonymity. The OS is installed on a dedicated USB stick and when plugged into a computer, it allows users to read and edit documents and images, watch videos, brows the web via the Tor internet … More → The post Tails 7.6.2 patches vulnerability that could expose saved files appeared first on Help Net Security.

Proofpoint researchers executed a malicious payload from a threat actor known to target trucking and logistics companies in late February 2026, doing so inside a decoy environment. The environment stayed compromised for more than 30 days, long enough for researchers to watch the actor work through their tools, scripts, and decisions beyond the initial break-in. The attacker had previously been documented targeting transportation carriers through compromised load board platforms, which are online marketplaces connecting shippers … More → The post Cargo theft malware actor spent a month inside a decoy network before researchers pulled the plug appeared first on Help Net Security.

Two US nationals have been sentenced for their role in a scheme that placed North Korean IT workers inside American companies under false identities. Over several years, the operation used stolen identities from at least 80 US individuals and brought in more than $5 million for the North Korean government. Kejia Wang was sentenced to 108 months in prison, and Zhenxing Wang to 92 months. Both pleaded guilty to wire fraud and money laundering charges, … More → The post Two US nationals jailed over scheme that generated $5 million for the North Korean regime appeared first on Help Net Security.