Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the…
Category: Help Net Security
Global hiring risks: What you need to know about identity fraud and screening trends
Hiring new employees has always carried some risk, but that risk is growing in new ways, and identity fraud is becoming more common in the hiring process. HireRight’s 2025 Global Benchmark Report takes a close look at how organizations around…
Many networking devices are still vulnerable to pixie dust attack
Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS) allows…
Nagomi Control reveals where organizations are most exposed
Nagomi Security announced the next step in its platform evolution with Nagomi Control, a new release that enhances Continuous Threat Exposure Management (CTEM) by enabling security teams to shift from identifying exposures to fixing them. While CTEM has long provided…
BeyondTrust introduces identity security controls for AI
BeyondTrust released new AI security controls in Identity Security Insights. These capabilities provide visibility into AI agents, secure orchestration of their actions, and an on-board intelligence layer to help teams make faster, smarter security decisions. “The rise of AI agents…
Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting…
Siren’s K9 uses AI to turn complex investigations into actionable insights
Siren announced the launch of K9, an AI companion designed to transform the way investigators uncover threats and connections. K9 is fast, dependable and mission-focused, built to guard, protect, and serve those on the front lines of keeping communities and…
Astrix unveils secure-by-design AI agents to help enterprises manage compliance risk
Astrix Security launched the AI Agent Control Plane (ACP), a solution designed to deploy secure-by-design AI agents across the enterprise. With ACP, every AI agent receives short-lived, precisely scoped credentials and just-in-time access based on least privilege principles, eliminating access…
ManageEngine enhances Log360 to reduce alert fatigue for SOC teams
ManageEngine unveiled that its security information and event management (SIEM) solution, Log360, has been strengthened with a reengineered threat detection approach, in a major enhancement aimed at addressing the needs of security operations center (SOC) teams. Over 60% of SOC…
How a fake ICS network can reveal real cyberattacks
Researchers have introduced a new way to study and defend against ICS threats. Their project, called ICSLure, is a honeynet built to closely mimic a real industrial environment. Why traditional honeypots fall short Honeypots are systems designed to attract attackers…
Creating a compliance strategy that works across borders
In this Help Net Security interview, Marco Goldberg, Managing Director at EQS Group, discusses how compliance and regulation are evolving worldwide. He talks about how organizations can stay compliant with international rules while keeping their systems practical and user-friendly. Goldberg…
Rayhunter: EFF releases open-source tool to detect cellular spying
The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI catchers or Stingrays, mimic cell towers to trick phones into connecting so they can collect…
Bots vs. humans? Why intent is the game-changer
In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams. He explores how advanced AI agents and sophisticated bots blur the…
Old file types, new tricks: Attackers turn everyday files into weapons
Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how attackers continue…
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack
A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who run a compromised…
Neon Cyber exits stealth with Workforce Cybersecurity Platform
Neon Cyber announced its emergence from stealth and unveiled the first Workforce Cybersecurity Platform (WCP), delivering protection across browsers, SaaS applications and enterprise systems in every department. Built by cybersecurity veterans with decades of experience, Neon was created to solve…
Sentra enables organizations to leverage Copilot without compromising security
Sentra launched its solution for securing Microsoft 365 Copilot, enabling organizations to adopt Copilot with confidence while remaining compliant and protecting sensitive enterprise data. The solution allows organizations to prevent overexposure of sensitive data of employees and other users, discover…
Digital.ai brings expert-level cryptography to any developer team
Digital.ai released its App Sec White-box Cryptography Agent to simplify application security for developers and help customers ensure that every application requiring protection is secured. The Agent makes white-box cryptography, long considered an expert-only discipline, accessible to any development team,…
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a front-row seat…
N-able strengthens backup threat protection
N-able has enhanced the capabilities of Cove Data Protection with the launch of Anomaly Detection as a Service (ADaaS). Strengthening Cove’s defense against cyberthreats, this service is built into Cove’s architecture with no additional management overhead or cost impact. Cyberattacks…