Category: Help Net Security

NordPass simplifies secure logins by including Authenticator on multiple devices in the application for personal use. The time-based one-time password (TOTP) support enables users to add an extra layer of security to their accounts with two-factor authentication, without the need…

Read more →

The European Commission has opened a public call for evidence on European open digital ecosystems, a step toward a planned Communication that will examine the role of open source in EU’s digital infrastructure. The consultation runs from January 6 to…

Read more →

Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and evolution…

Read more →

TrackerControl is an open-source Android application designed to give users visibility into and control over the hidden data within mobile apps. Many apps routinely communicate with third-party services that collect information about usage. TrackerControl makes this activity visible and allows…

Read more →

AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally…

Read more →

Security teams spend a lot of time explaining why detection systems need more compute. Cloud bills rise, models retrain more often, and new analytics pipelines get added to existing stacks. Those conversations usually stay focused on coverage and accuracy. A…

Read more →

Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption…

Read more →

Upwind announced Choppy AI, embedding new AI-powered capabilities across the company’s CNAPP platform. Choppy AI introduces natural-language–driven experiences that make cloud security exploration, investigation, and analysis more intuitive, while providing transparency, control, and trust for security teams. As cloud environments…

Read more →

An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical…

Read more →

Cyera announced a $400 million Series F funding round, bringing its total funding to over $1.7 billion. This raise comes just over six months after the previous round and triples the company’s valuation from a year ago to $9 billion.…

Read more →

Vannadium has launched Leap, a platform that combines blockchain-level data integrity with real-time, on-chain performance. As AI is adopted in sectors like healthcare, finance, and supply chain, the reliability of underlying data has become a critical concern. Leap addresses this…

Read more →

Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and privately reported…

Read more →

Security and operations teams often work with firewall platforms that require frequent tuning or upgrades to meet evolving network demands. IPFire has released its 2.29 Core Update 199, aimed at network and protection teams that manage this open source firewall…

Read more →

Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in…

Read more →

Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open…

Read more →

Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the…

Read more →

In this Help Net Security video, Ashley Rose, CEO at Living Security, discusses how AI is changing insider risk. AI is now built into daily work across departments, which shifts how risk shows up and how security teams should respond.…

Read more →

Many voice protection tools promise to block cloning by adding hidden noise to speech. Researchers at a Texas university found that widely used voice protection methods can be stripped away, restoring speaker identity and allowing fake voices to pass automated…

Read more →

The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it. Setting up a Government Cyber Unit “Cyber attacks can…

Read more →

The Debian Project is asking for volunteers to step in after its Data Protection Team became inactive. All three members of the team stepped down at the same time, leaving no dedicated group to handle privacy and data protection work.…

Read more →