OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers model and enforce fine-grained access control in their applications. At its core, OpenFGA enables teams to define who can…
Category: Help Net Security
For blind people, staying safe online means working around the tools designed to help
Blind and low-vision users face the same password challenges as everyone else, but the tools meant to make security easier often end up getting in the way. A study from the CISPA Helmholtz Center for Information Security and DePaul University…
3 DevOps security pitfalls and how to stay ahead of them
In this Help Net Security video, Dustin Kirkland, SVP of Engineering at Chainguard, explores three of the most pressing DevOps security issues engineers encounter: unpatched code, legacy systems, and the rise of AI and automation. He explains how each one…
Companies want the benefits of AI without the cyber blowback
51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern is…
Google introduces agentic threat intelligence for faster, conversational threat analysis
Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat data…
Illumio unveils AI Insights Agent to cut alert fatigue and accelerate threat response
Illumio has released Insights Agent, a new capability within Illumio Insights, the company’s AI-driven cloud detection and response (CDR) solution. Agent is an AI-powered, persona-driven guide designed to reduce alert fatigue, accelerate threat detection, and enable containment by delivering real-time,…
Dataminr’s $290 million ThreatConnect deal expands AI for real-time cyber defense
Dataminr has announced its intent to acquire ThreatConnect in a transaction valuing the company at $290 million. The fusion of Dataminr’s AI platform for public data signals with ThreatConnect’s deep internal data capabilities will create agentic AI-powered, client-tailored intelligence. Dataminr’s…
DataDome secures MCP infrastructure for trusted agentic AI
DataDome announced a new capability to secure Model Context Protocol (MCP) server infrastructure. With a standard DataDome integration module, enterprises can now gain visibility into and protect MCP interactions, enabling them to build agentic customer experiences on a foundation of…
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog, presumably…
Veeam acquires Securiti AI for $1.725 billion
Veeam Software has signed a definitive agreement to acquire Securiti AI for $1.725 billion. Veeam and Securiti AI unify data resilience with DSPM, privacy, governance, and AI trust spanning production and secondary data. Together, they will help customers understand their…
Official Xubuntu website compromised to serve malware
The official website for Xubuntu, a community-maintained “flavour” of Ubuntu that ships with the Xfce desktop environment, has been compromised to serve Windows malware instead of the Linux distro. The malicious download Reports about a potential compromise began popping up…
Sophos ITDR enhances identity security with dark web monitoring and automated response
Sophos has launched Sophos Identity Threat Detection and Response (ITDR), a new solution for Sophos XDR and Sophos MDR that continuously monitors customer environments for identity risks and misconfigurations while scanning the dark web for compromised credentials. It enables organizations…
Agentic AI security: Building the next generation of access controls
As artificial intelligence (AI) solutions continue to evolve, the rise of agentic AI—intelligent systems that can act autonomously on behalf of an organization—presents new security challenges. Research from Delinea’s 2025 AI in Identity Security Demands a New Playbook report reveals…
When everything’s connected, everything’s at risk
In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud…
Your smart building isn’t so smart without security
The lights switch on as you walk in. The air adjusts to your presence. Somewhere in the background, a server notes your arrival. It’s the comfort of a smart building, but that comfort might come with a cost. Smart buildings…
AI’s split personality: Solving crimes while helping conceal them
What happens when investigators and cybercriminals start using the same technology? AI is now doing both, helping law enforcement trace attacks while also being tested for its ability to conceal them. A new study from the University of Cagliari digs…
10 data security companies to watch in 2026
At Help Net Security, we’ve been tracking the cybersecurity world for nearly three decades. Through our Industry News section, we’ve watched countless companies rise, and push the limits of what’s possible in data protection. Some vendors consistently stand out, not…
Cybersecurity jobs available right now: October 21, 2025
CISO Open-Xchange | Germany | Remote – View job details As a CISO, you will lead the development and implementation of security strategies and requirements across the OX Group. You will advise management on information security matters, provide transparent reporting,…
Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due to…
China-linked Salt Typhoon hackers attempt to infiltrate European telco
Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,…