Category: Help Net Security

AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous AI-powered…

Read more →

Hirsch released Velocity 3.9, the latest advancement in its security management platform. Purpose-built for organizations that demand trust, compliance, and operational efficiency, Velocity 3.9 helps leaders safeguard people, assets, and data while simplifying operations at scale. Built for business impact…

Read more →

DigitalOcean has announced support for Single Sign-On. This integration is designed to provide digital native businesses with secure authentication to their DigitalOcean accounts. DigitalOcean Single Sign-On (SSO) helps to centralize user access and makes user onboarding and offboarding seamless. It’s…

Read more →

We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator…

Read more →

Breaches tied to file access are happening often, and the costs add up quickly. Many organizations have faced multiple file-related incidents over the last two years, with financial losses stretching into the millions. The fallout often includes stolen customer data,…

Read more →

Online shopping is convenient, saves time, and everything is just a click away. But how often do we stop to think about what happens to the data we leave behind, or the risks that might come with it? Where shopping…

Read more →

In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor partnerships to leveraging AI and making smart investments, she offers actionable advice for maintaining strong…

Read more →

Consumers are concerned about vulnerabilities in their vehicles, which directly impacts purchasing behavior and brand loyalty, according to RunSafe Security. Vehicles now run on over 100 million lines of code, which is more than most fighter jets, but they often…

Read more →

About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model. Outpost24’s…

Read more →

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent)…

Read more →

LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter role…

Read more →

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the /usr/bin/gcore utility…

Read more →

A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version…

Read more →

ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET) GhostRedirector…

Read more →

CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high”…

Read more →

Cato Networks acquired Aim Security to further enhance the Cato SASE Cloud Platform, supporting secure enterprise adoption of AI agents and both public and private AI applications. Cato has now exceeded $300 million in annual recurring revenue (ARR). The company…

Read more →

In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond simple…

Read more →

Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this…

Read more →

Veeam Software announced its fully pre-built, pre-harden ed software appliance: the new Veeam Software Appliance. Built to give IT teams instant protection without complexity, the appliance eliminates the friction of manual setup, OS patching, and Windows licensing. Delivered as a…

Read more →

Everfox launched High Speed Verifier-Turnkey (HSV-T). This hardware-enforced secure data transfer solution enhances digital collaboration and interoperability between allied nations, safeguarding mission-critical data transfers from high threat networks. Designed for tactical field deployments, HSV-T offers customizable, built-in threat removal capabilities…

Read more →