Category: Help Net Security

Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode,…

Read more →

In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making…

Read more →

Enterprises typically “modernize” access patterns for an application by enabling industry standard protocols like OIDC or SAML to provide single sign-on (SSO) for legacy apps via a cloud identity provider (IDP). That’s a major step towards better user experience, improved…

Read more →

Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breaches in 2024 were third-party…

Read more →

Is the remote IT worker you recently hired really who he says he is? Fake IT workers are slipping into companies around the world, gaining access to sensitive data. Recently, more of these schemes have been linked to North Korea.…

Read more →

Application Security Engineer, SDO AppSec Amazon | EMEA | Hybrid – View job details As an Application Security Engineer, SDO AppSec, you will be responsible for creating, updating, and maintaining threat models across a diverse range of software projects. Part…

Read more →

A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within…

Read more →

LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection, goal hijacking,…

Read more →

NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a…

Read more →

In this Help Net Security video, Stefan Tanase, Cyber Intelligence Expert at CSIS, gives an overview of how cybercriminals are changing their tactics, including using legitimate tools to avoid detection and developing more advanced info-stealing malware. Tanase also talks about…

Read more →

Hybrid cloud infrastructure is under mounting strain from the growing influence of AI, according to Gigamon. Cyberthreats grow in scale and sophistication As cyberthreats increase in both scale and sophistication, breach rates have surged to 55% during the past year,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Trojanized KeePass opens doors for ransomware attackers A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set…

Read more →

CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been…

Read more →

Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-made, and…

Read more →

Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame…

Read more →

Token Security launched Model Context Protocol (MCP) Server for non-human identity (NHI). This capability brings the power of agentic AI to modern security operations and enables teams to interact with complex NHI data using simple, natural language. The Token MCP…

Read more →

In this Help Net Security interview, Dr. Joy Wu, Assistant Professor, UBC Sauder School of Business, discusses the psychological and societal impacts of data monetization, why current privacy disclosures often fall short, and what it will take to create a…

Read more →

Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills…

Read more →

While 47% of organizations claim to have implemented shift left security strategies, many still struggle with execution gaps and security inefficiencies, according to Pynt. Of those who haven’t implemented shift left, half of them have no plans to do so…

Read more →

69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated scams are…

Read more →