Category: Help Net Security

NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features are designed specifically for…

Read more →

Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered threats…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST built on deep code analysis to eliminate false positives Apiiro introduced Apiiro…

Read more →

When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion in…

Read more →

Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to…

Read more →

Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code…

Read more →

Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when…

Read more →

AppGate announced the launch of Agentic AI Core Protection, a new capability within AppGate ZTNA designed to secure AI workloads deployed in enterprise core environments across on-prem and cloud venues. This innovation enables organizations to embrace AI-driven transformation while maintaining…

Read more →

Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven threats.…

Read more →

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with…

Read more →

Concentric AI announced expanded Private Scan Manager functionality in its Semantic Intelligence data security governance platform. Customers now have the ability to deploy Semantic Intelligence within their own private Microsoft Azure cloud. This follows an announcement earlier this year where…

Read more →

Push Security announced the release of a new feature designed to tackle one of the fastest-growing cyber threats: ClickFix-style attacks. The company’s latest innovation, malicious copy-and-paste detection, blocks users from copying malicious scripts in their web browser, preventing them from…

Read more →

In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He notes that many…

Read more →

Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for turning these hidden…

Read more →

If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on your list is exploring cybersecurity, AI, engineering, or career development, these titles offer something useful…

Read more →

AI use is expanding faster than the infrastructure that supports it, and that gap is starting to matter for security, resilience, and access. A new position paper argues that access to AI should be treated as an intergenerational civil right,…

Read more →

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard configurations (…)…

Read more →

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be…

Read more →

Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about the…

Read more →

XM Cyber announced an update to its platform that connects External Attack Surface Management with internal risk validation, closing the gap between what’s exposed outside and what exists inside. By bridging these two worlds, XM Cyber now allows security teams…

Read more →