Category: Help Net Security

Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic…

Read more →

Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such…

Read more →

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco…

Read more →

StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec delivers line-rate processing up to 10 Gbps on FPGA and even faster…

Read more →

GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line…

Read more →

Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and private. Cybersecurity challenges in the…

Read more →

In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang…

Read more →

80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re…

Read more →

As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy…

Read more →

44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, according to Forescout. How confident are you in your OT/IoT threat detection coverage?…

Read more →

Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said…

Read more →

Scamnetic releaseed KnowScam 2.0, its flagship product for scam protection and digital identity verification. KnowScam 2.0 builds on everything users already trust — now with major upgrades, including an enhanced three-point scoring system, the new Auto Scan feature for Microsoft…

Read more →

Exabeam announced a major expansion of its integrated multi-agent AI system Exabeam Nova that now equips security leaders with a real-time strategic planning engine and boardroom communication tool. The Exabeam Nova Advisor Agent is the AI capability designed to turn…

Read more →

Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s easy to get distracted. But at the end of the day, the goal stays the…

Read more →

In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to tighter regulations and global growth. He discusses the impact of frameworks…

Read more →

The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging from 4GB to 512GB and holds FIPS 140-2 Level 3 validation. The device is OS-agnostic,…

Read more →

Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services, SSH endpoints, or other TCP-based systems. Secretless Broker features “We created Secretless Broker to solve…

Read more →

Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers are creating fake listings so convincing, people are losing money before they even pack a…

Read more →

By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique…

Read more →

Cloudflare is now the first major internet infrastructure company to block AI crawlers by default when they try to access website content without permission or payment. Starting today, website owners can choose whether to allow AI crawlers and set rules…

Read more →

If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in…

Read more →

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said.…

Read more →

Human trafficking tied to online scam centers is spreading across the globe, according to a new crime trend update from INTERPOL. Human trafficking victims by country of origin (Source: INTERPOL) By March 2025, people from 66 countries had been trafficked…

Read more →

Tracer AI launched Tracer Protect for ChatGPT, a solution that protects brands from the reputational harm being propagated at machine scale via AI chatbots by bad actors. The rising popularity of generative AI (genAI) engines is driving the urgent and…

Read more →

In a recent case tracked by Flashpoint, a finance worker at a global firm joined a video call that seemed normal. By the end of it, $25 million was gone. Everyone on the call except the employee was a deepfake.…

Read more →

Application Security Engineer Fireblocks | Israel | Hybrid – View job details As an Application Security Engineer, you will improve and secure the company’s continuous integration and deployment pipelines through CI/CD security hardening. You will operate, fine-tune, and customize security…

Read more →

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted this analysis as foundational research during…

Read more →

Nearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work, up ten points in a year, but just under a third of organizations have put formal policies in place, according to…

Read more →

Spanish authorities arrested five members of a criminal network responsible for laundering €460 million stolen through global cryptocurrency investment fraud schemes. Source: Europol The operation, led by the Guardia Civil with support from Europol and law enforcement in Estonia, France,…

Read more →

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month.…

Read more →

Cato Networks has raised $359 million in a late-stage funding round, bringing its total valuation to $4.8 billion. The company, which provides a secure networking platform built entirely in the cloud, says the money will support its product development, AI…

Read more →

Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware written…

Read more →

In this Help Net Security interview, Chris McGranahan, Director of Security Architecture & Engineering at Backblaze, discusses how AI is shaping both offensive and defensive cybersecurity tactics. He talks about how AI is changing the threat landscape, the complications it…

Read more →

Gartner projects that by 2028, organizations enriching their Security Operations Center (SOC) data with exposure insights will reduce the frequency and impact of cyberattacks by 50%. This bold forecast underscores a crucial shift: proactive exposure management is quickly becoming foundational…

Read more →

Europe is banking on AI to help solve its economic problems. Productivity is stalling, and tech adoption is slow. Global competitors, especially the U.S., are pulling ahead. A new report from Accenture says AI could help reverse that trend, but…

Read more →

In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and invisible to identity governance systems. With a special focus on the healthcare sector, Shrestha outlines…

Read more →

Supply chain risks remain top-of-mind for the vast majority of CISOs and cybersecurity leaders, according to SecurityScorecard. Their findings reveal that the way most organizations manage supply chain cyber risk isn’t keeping pace with expanding threats. The expanding web of…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices…

Read more →

In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping…

Read more →

Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore…

Read more →

Attackers are more inclined to “log in rather than break in,” using stolen credentials, legitimate tools, and native access to stealthily blend into their target’s environment, according to Bitdefender’s 2025 Cybersecurity Assessment Report. Attack surface reduction is a top priority…

Read more →

Even though GenAI threats are a top concern for both security teams and leadership, the current level of testing and remediation for LLM and AI-powered applications isn’t keeping up with the risks, according to Cobalt. GenAl as a threat or…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta,…

Read more →

Verax AI announced Verax Protect, a solution suitable even for companies in highly regulated industries, aiming to help large enterprises uncover and mitigate GenAI risks, including unintended leaks of sensitive data. As companies race to embrace the productivity potential of…

Read more →

ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends…

Read more →

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named Gemini CLI,…

Read more →

Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security…

Read more →

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr.…

Read more →

Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment…

Read more →

Creative Commons introduced CC Signals, a new framework that helps data and content owners communicate how they want their work used by AI systems. The idea is to build a shared understanding of what’s acceptable, and to encourage more fair…

Read more →

Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way…

Read more →

People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by combining stolen…

Read more →

60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A survey…

Read more →

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details and…

Read more →

Tines announced autonomous AI capabilities within its workflow automation platform via the launch of agents. Agents mark a significant evolution in Tines’ platform, enabling customers to automate workflows with maximum control and flexibility, whether with deterministic logic, human-in-the-loop copilots, or…

Read more →

Stellar Cyber announced its next-generation MITRE ATT&CK Aligned Coverage Analyzer, expanding the capabilities first introduced in the original Coverage Analyzer. This new version transforms visibility into strategy, providing security teams, CISOs, MSSPs, compliance officers, and insurance underwriters with precision in…

Read more →

Mitiga launched Helios AI, an AI powered SOC assistant that supercharges SecOps teams with automated triage, augmented investigation, and accelerated threat remediation across complex multi-cloud environments. The first Helios AI feature available to customers is AI Insights. This automated SOC…

Read more →

Fortanix announced PQC Central, a new feature in the Fortanix Key Insight that reframes how enterprises approach the post-quantum cryptography (PQC) challenge. As quantum computing advances, enterprises face security challenges that threaten current cryptographic standards and demand proactive adaptation—organizations must…

Read more →

OpenRouter, a startup helping software developers manage the growing number of AI models, has raised $40 million in venture capital. The company wants to make it easier for developers to choose and use the right AI model for their applications,…

Read more →

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal is to…

Read more →

Mastercard and Chainlink are teaming up to power Swapper Finance, a new way to buy crypto directly from decentralized exchanges (DEXs) using any Mastercard. Holders of Mastercard’s 3.5 billion cards around the world will now be able to directly purchase…

Read more →

XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat Friedman. This brings XBOW’s total funding to…

Read more →

BackBox announced the upcoming release of BackBox 8.0, a significant advancement engineered to address the complex and often disparate challenge of securing modern networks that blend traditional on-premise hardware with burgeoning cloud-managed and SASE (Secure Access Service Edge) environments. This…

Read more →

In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data…

Read more →

Abstract Security announced LakeVilla, a cloud-native cold storage solution built for long-term security telemetry retention that delivers compliance-ready, highly accessible storage at a fraction of SIEM costs—without compromising on performance or accessibility. “Security telemetry is exploding—but that doesn’t mean you…

Read more →

Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, and logistics. Photo by Chalmers University of Technology Now, researchers at Chalmers…

Read more →

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction,…

Read more →

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into…

Read more →

Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control…

Read more →

Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand Ransom payments and recovery costs are on the decline Despite the…

Read more →

The Linux Foundation launched the Agent2Agent (A2A) project, an open protocol for secure agent-to-agent communication and collaboration. The A2A protocol is a collaborative effort launched by Google in April and with growing support from more than 100 leading technology companies.…

Read more →

ManageEngine launched a MSP Central, a unified platform designed to help MSPs streamline service delivery, device management, threat protection, and infrastructure monitoring from a single interface. ManageEngine focuses on addressing specific operational models and business challenges of MSPs, developing tools…

Read more →

Barracuda Networks launched Barracuda Managed Vulnerability Security. This fully managed service, powered by Barracuda’s global Security Operations Center (SOC), extends the BarracudaONE platform to help organizations proactively identify, assess and prioritize vulnerabilities. This enables them to reduce risk and strengthen…

Read more →

Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to…

Read more →

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are…

Read more →

The Common Good Cyber Fund is a new effort to support cybersecurity that protects everyone, especially those most at risk of harassment, harm, or coercion. It has the potential to make cybersecurity better and more accessible for billions of people…

Read more →

In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace also…

Read more →

In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report. He explores the surprising trend of cloud repatriation, where 97% of mid-market organizations plan to move some…

Read more →

Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work…

Read more →

Cyber Security Analyst Ascendion | Singapore | On-site – View job details As a Cyber Security Analyst, you will lead incident response efforts, including forensic analysis, malware mitigation, and DoS attack resolution. Design and implement advanced security architectures with a…

Read more →

Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. This is intended to be an ongoing process and Microsoft is planning to introduce…

Read more →

The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as it…

Read more →

Okta announced Cross App Access, a new protocol to help secure AI agents. As an extension of OAuth, it brings visibility and control to both agent-driven and app-to-app interactions, allowing IT teams to decide what apps are connecting and what…

Read more →

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless,…

Read more →

SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to…

Read more →

In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and…

Read more →

A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness…

Read more →

Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on…

Read more →

22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. The survey reveals that healthcare cybersecurity has evolved…

Read more →

New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Why new hires are easy targets for phishing attacks Based on data from 237 companies…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers unearth keyloggers on Outlook login pages Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and…

Read more →

Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as…

Read more →

Online scams are getting worse and more varied. DuckDuckGo knows that, so they’ve made changes. Their built-in Scam Blocker now stops more kinds of scam sites, all without tracking you. How Scam Blocker works (Source: DuckDuckGo) “If you accidentally click…

Read more →

Amazon Linux 2023 (AL2023) has earned FIPS 140-3 Level 1 validation for several of its cryptographic modules. This means it’s now approved for use in systems that need to meet U.S. and Canadian government standards for encryption. FIPS (Federal Information…

Read more →

In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He…

Read more →

95% of C-suite leaders say that GenAI is driving a new level of innovation in their organizations, according to NTT DATA. While CEOs and business leaders are committed to GenAI adoption, CISOs and operational leaders lack the necessary guidance, clarity…

Read more →

Stanford recently released its AI Index 2025, and it’s packed with insights on how AI is changing. For CISOs, it’s a solid check-in on where things stand. It covers what the tech can do now, how governments are responding, and…

Read more →

Even security teams, the ones responsible for protecting the business, are adding to AI-related risk. A new survey by AI security company Mindgard, based on responses from over 500 cybersecurity professionals at RSAC 2025 Conference and Infosecurity Europe 2025, found…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from BigID, Dashlane, Sumsub, and Jumio. Dashlane’s AI model alerts businesses to phishing risks In contrast to rule-based filters or reliance on a threat intel database,…

Read more →

Cyberstalkers are increasingly turning to cheap GPS trackers to secretly monitor people in real time. These devices, which often cost less than $30 and run on 4G LTE networks, are small, easy to hide under a bumper or in a…

Read more →