Category: Help Net Security

Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies to mask…

Read more →

Ransomware continues to be the major threat to large and medium-sized businesses, with numerous ransomware gangs abusing AI for automation, according to Acronis. Ransomware gangs maintain pressure on victims From January to June 2025, the number of publicly reported ransomware…

Read more →

Attackers don’t always need a technical flaw. More often, they just trick your people. Social engineering works, and AI makes it harder to catch.” Only about one in four cybersecurity teams are effective at collaborating with the broader business (Source:…

Read more →

A small-town water system, a county hospital, and a local school district may not seem like front-line targets in global conflict, but they are. These organizations face daily cyber attacks, from ransomware to foreign adversaries probing for weak points. What…

Read more →

In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including cases where they ignore…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Doppel, Druva, LastPass, and StackHawk. StackHawk empowers security teams to expand their API testing coverage StackHawk releaseed LLM-Driven OpenAPI Specifications, a powerful new capability that…

Read more →

A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets include organizations in…

Read more →

SailPoint unveiled SailPoint Accelerated Application Management, a solution that redefines how enterprises discover, govern, and secure applications at scale. While most organizations govern fewer than 50 applications, thousands more remain outside governance, creating serious risk. SailPoint’s new approach represents a…

Read more →

AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3 access protection…

Read more →

Doppel announced Doppel Simulation, a new product and expansion to the Doppel Vision Platform that enables organizations to redefine security awareness training and social engineering penetration testing by mirroring today’s multi-channel and dynamic attacker behaviors. Informed by real-world threats and…

Read more →

Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM combined with…

Read more →

In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security leadership, and…

Read more →

The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 Level 3 certification and operates without the need for software, making it…

Read more →

Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not…

Read more →

Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of 1,000 senior executives shows that business and IT leaders are not always aligned on what needs…

Read more →

Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device…

Read more →

US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugene, Oregon, is accused…

Read more →

Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday by researchers at watchTowr Labs, who also proved…

Read more →

StackHawk releaseed LLM-Driven OpenAPI Specifications, a powerful new capability that creates API documentation directly from source code, empowering security teams to expand their API testing coverage without relying on developers. This automation delivers faster, more accurate vulnerability scanning while enabling…

Read more →

LastPass announced passkey support, giving users and businesses a simpler, more secure way to log in across a variety of devices, browsers, and operating systems. Starting now, passkeys can be created, stored, and managed directly in the LastPass vault, alongside…

Read more →