Category: Help Net Security

A US federal watchdog has outlined how the National Institute of Standards and Technology (NIST) failed to effectively manage the growing backlog of unprocessed cybersecurity vulnerabilities in the National Vulnerability Database (NVD). How the NVD crisis unfolded The NVD was…

Read more →

Dragos has acquired Phosphorus, extending the Dragos Platform to protect billions of connected devices embedded across critical infrastructure and other operational networks. Operational environments have outgrown traditional OT boundaries. Power grids, pipelines, manufacturing facilities, and data centers now depend on…

Read more →

Authentication bypass vulnerabilities (CVE-2026-0257) in Palo Alto Networks’ firewalls that the company disclosed on May 13 have been targeted in “limited exploit attempts”. “Across multiple customers, Rapid7 observed successful exploitation via authentication probes using forged cookies, but the appliance accepted…

Read more →

NVIDIA just dropped a big batch of open-source “physical AI” skills and tools, and they’re designed to make a roboticist’s life a whole lot easier. The idea? Take the messy, complicated work behind robots, self-driving cars, vision AI, and industrial…

Read more →

Asimily has launched Segmentation Orchestration, enabling connected-device risk intelligence to flow directly into enforceable network policy without manual translation. No other platform combines full asset visibility, vulnerability prioritization, and segmentation orchestration in a single system. “AI has exploded the volume…

Read more →

AI agents run across many platforms, and each one needs a way to locate and confirm the identity of the others it works with. The Linux Foundation’s DNS-AID project gives them that capability through the Domain Name System, the same…

Read more →

In this interview with Help Net Security, Avani Desai, CEO at Schellman, talks about the gap between what organizations think they know about their data and what discovery scans turn up. She shares stories of shadow data in abandoned cloud…

Read more →

AI agents keep memory across sessions. Conversation history, vector stores, scratchpads, and RAG indexes persist between runs, and anything written into that store becomes a privileged input the agent reads back later. An attacker who plants text in the wrong…

Read more →

Cybersecurity governance in the EU is shifting under expanding frameworks such as NIS2 and DORA, while AI raises new questions for security teams. What the future brings is hard to predict, and organizations must find a way to cope. Antonija…

Read more →

In this Help Net Security video, Alan Snyder, CEO at NowSecure, talks about governing shadow AI without stopping innovation. He frames the problem as two opposing forces. Companies need to adopt AI fast because attackers and competitors will outpace them…

Read more →

145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (Source: DataGrail) Shadow…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Coinflow CISO on crypto payments security under AI pressure Crypto payment firms sit near the top of the target list for advanced persistent threat groups,…

Read more →

The Dutch National Police and the country’s National Cyber Security Center (NCSC) have taken offline 200 servers controlling a botnet of 17 million devices, the law enforcement agency announced on Thursday. The investigation was launched after the NCSC received a…

Read more →

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold…

Read more →

Websites have spent years collecting information about visitors through browser fingerprinting, tracking scripts, and other techniques designed to identify devices and monitor behavior. Researchers have demonstrated another method that relies on something most users would never expect a website to…

Read more →

A newly documented phishing campaign is targeting professionals with fake LinkedIn business emails and abusing a trusted service operated by Adobe. The attack from the victim’s perspective The attack starts with an email that looks, at first glance, like a…

Read more →

Microsoft 365 Copilot, an AI assistant that helps people write, summarize, analyze information, and complete work tasks, has been redesigned. It now serves as a single, flexible entry point to Copilot across Microsoft 365 apps, suggesting relevant actions based on…

Read more →

Anthropic has released Claude Opus 4.8 and outlined plans for broader access to its Mythos-class models, which the company expects to make available to all customers in the coming weeks. Claude Opus 4.8 (Source: Anthropic) Claude Opus 4.8 is available…

Read more →

Humanix has announced a capability to identify live violations of organization-defined procedures governing IT support workflows. Designed to prevent unauthorized access, these procedures typically require help desk and service desk agents to follow identity verification steps before fulfilling sensitive requests,…

Read more →

Claroty has launched Claroty Claire, a CPS-native AI security agent designed to help organizations defend mission-critical infrastructure. Claire is powered by a CPS language model trained on more than a decade of industry expertise and CPS-related data. The launch expands…

Read more →