Category: Help Net Security

Nation-state involvement in crypto increased in 2025, signaling a shift in how on-chain crime operates. Three waves of crypto crime (Source: Chainalysis) Research from Chainalysis shows that crypto-related crime has grown more organized over recent years, with illicit groups running…

Read more →

In this Help Net Security interview, Hans Quivooij, CISO at Damen Shipyards Group, discusses securing OT and ICS in the shipyard. He outlines how project-based operations, rotating contractors, and temporary systems expand the threat surface and complicate access control. Quivooij…

Read more →

Firewalls, VPN access, and traffic rules need steady attention, often with limited budgets and staff. In that context, the open source pfSense Community Edition (CE) continues to show up in production environments, supported by a long-standing user community. pfSense CE…

Read more →

Cybersecurity debates around surveillance usually stay inside screens. A new academic study argues that this boundary no longer holds when communication laws extend into robots that speak, listen, and move among people. Researchers Neziha Akalin and Alberto Giaretta examine the…

Read more →

Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that…

Read more →

CISOs describe a shift in how they define success. New research from Absolute Security shows broad agreement that resilience outweighs security goals centered on prevention alone. Security leaders increasingly define their role around keeping the business operating through disruption. The…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Pharma’s most underestimated cyber risk isn’t a breach Chirag Shah, Global Information Security Officer & DPO at Model N examines how cyber risk in pharma…

Read more →

NordPass simplifies secure logins by including Authenticator on multiple devices in the application for personal use. The time-based one-time password (TOTP) support enables users to add an extra layer of security to their accounts with two-factor authentication, without the need…

Read more →

The European Commission has opened a public call for evidence on European open digital ecosystems, a step toward a planned Communication that will examine the role of open source in EU’s digital infrastructure. The consultation runs from January 6 to…

Read more →

Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and evolution…

Read more →

TrackerControl is an open-source Android application designed to give users visibility into and control over the hidden data within mobile apps. Many apps routinely communicate with third-party services that collect information about usage. TrackerControl makes this activity visible and allows…

Read more →

AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally…

Read more →

Security teams spend a lot of time explaining why detection systems need more compute. Cloud bills rise, models retrain more often, and new analytics pipelines get added to existing stacks. Those conversations usually stay focused on coverage and accuracy. A…

Read more →

Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption…

Read more →

Upwind announced Choppy AI, embedding new AI-powered capabilities across the company’s CNAPP platform. Choppy AI introduces natural-language–driven experiences that make cloud security exploration, investigation, and analysis more intuitive, while providing transparency, control, and trust for security teams. As cloud environments…

Read more →

An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical…

Read more →

Cyera announced a $400 million Series F funding round, bringing its total funding to over $1.7 billion. This raise comes just over six months after the previous round and triples the company’s valuation from a year ago to $9 billion.…

Read more →

Vannadium has launched Leap, a platform that combines blockchain-level data integrity with real-time, on-chain performance. As AI is adopted in sectors like healthcare, finance, and supply chain, the reliability of underlying data has become a critical concern. Leap addresses this…

Read more →

Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and privately reported…

Read more →

Security and operations teams often work with firewall platforms that require frequent tuning or upgrades to meet evolving network demands. IPFire has released its 2.29 Core Update 199, aimed at network and protection teams that manage this open source firewall…

Read more →