Category: Help Net Security

The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The post Authorities disrupt four IoT botnets behind record DDoS attacks appeared first…

Read more →

Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable risks based on real-world attack paths and business impact. As organizations…

Read more →

Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He admitted to one count of conspiracy to commit wire fraud, which…

Read more →

ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and…

Read more →

ConductorOne has announced its AI Access Management product extension, a unified control plane for managing access to AI tools, agents, and MCP connections across the enterprise. The platform enables organizations to accelerate AI adoption while maintaining full visibility, policy enforcement,…

Read more →

Semgrep announced Semgrep Multimodal, a system that combines AI reasoning with rule-based analysis for detection, triage, and remediation. Its detection finds up to 8x more true positives while cutting noise by 50% compared to foundation models alone, and has already…

Read more →

AppViewX has acquired Eos, an AI-native identity control plane for AI agents and autonomous workloads within the enterprise. By combining AppViewX’s automated CLM and PKI with Eos’s agentic governance and privileged access control, the platform delivers an integrated solution for…

Read more →

Bonfy.AI announced Bonfy Adaptive Content Security (Bonfy ACS) 2.0, a platform built to secure enterprise content across all systems, applications, and AI agents – anywhere data moves, resides, or is processed. As organizations race to deploy copilots, custom AI apps,…

Read more →

In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the basics of bucket visibility. The first is bucket name squatting. Because S3 uses a…

Read more →

In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access management, authentication practices, and data risk processes that support employees in the field. Thompson…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Intel 471, Kore.ai, NinjaOne, Pindrop, Secure Code Warrior, Token Security, and Xona Systems. NinjaOne Vulnerability Management enables real-time detection and autonomous patching NinjaOne has unveiled…

Read more →

Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or resource-constrained environments. Llamafile, Mozilla-AI’s project for packaging and running LLMs as self-contained executables, has received…

Read more →

Flare has unveiled the general availability of Foretrace, a new business-to-business-to-employee (B2B2E) product that delivers enterprise-grade identity protection directly to employees. Built on the same threat intelligence infrastructure used by security teams to defend their organizations, Foretrace allows individuals to…

Read more →

A powerful iPhone hacking toolkit dubbed “DarkSword” has been used since November 2025 to compromise devices by exploiting zero-day iOS vulnerabilities, Google researchers have shared. iOS vulnerabilities exploited by DarkSword Two weeks ago, Google Threat Intelligence Group (GTIG) and iVerify…

Read more →

Intezer has expanded capabilities in its AI SOC platform designed for teams who have outgrown their traditional managed detection and response (MDR) services. Internal SOC teams can now focus on supervising outcomes rather than grinding through alerts, with Intezer providing…

Read more →

Nagomi Security has announced the next evolution of its platform with Agentic Exposure Ops, expanding Nagomi from exposure visibility to agent-driven exposure elimination. Most exposure management programs generate findings faster than teams can validate what’s real, route fixes to the…

Read more →

Versa has revealed early access to Versa Secure Enterprise Browser, a new browser-native security capability within the VersaONE Universal SASE Platform that protects employees, contractors, and partner users as they access web, SaaS, and enterprise AI applications by enforcing security,…

Read more →

The U.K.’s media regulator Ofcom fined 4chan £450,000 under the Online Safety Act for failing to introduce age checks to stop children from accessing pornographic content on its platform. 4chan is an online forum notorious for its extreme right-wing content,…

Read more →

Entro Security has launched its Agentic Governance & Administration (AGA), a new pillar of the Entro platform designed to help security and identity teams govern AI agents and AI access across enterprise systems. Applied to the new realities of AI-driven…

Read more →

Discern Security has introduced new agentic AI capabilities across its proactive security platform, designed to help security teams move faster from data to action. As environments become more complex and security teams face growing tool sprawl, fragmented workflows, and too…

Read more →