Category: Help Net Security

Development activity on the Linux kernel continues into early 2026 with the stable release of version 6.19. Kernel maintainers have completed the pre-release cycle and merged the final set of changes into the mainline tree. The release follows the ongoing…

Read more →

BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Support zero-day (CVE-2024-12356) that…

Read more →

The European Commission has issued preliminary findings that say TikTok breaches the Digital Services Act due to its addictive design. The Commission opened a formal investigation into TikTok in February 2024. The probe examined whether the platform meets its obligations…

Read more →

OpenAI has updated its Europe-facing privacy policy following the November 2024 EU revision, clarifying scope, expanding coverage, and detailing user controls. The updated document is longer, with dedicated sections for data controls and practical resources. It explains key controls and…

Read more →

Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption can quickly become an operational and public trust crisis. In this Help Net Security interview, Deneen…

Read more →

Allama is an open-source security automation platform that lets teams build visual workflows for threat detection and response. It includes integrations with 80+ types of tools and services typical in security operations, including SIEM systems, endpoint detection and response products,…

Read more →

Security and governance approaches to autonomous AI agents rely on static credentials, inconsistent controls, and limited visibility. Securing these agents requires the same rigor and traceability applied to human users, according to Cloud Security Alliance’s Securing Autonomous AI Agents report.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Global Threat Map: Open-source real-time situational awareness platform Global Threat Map is an open-source project offering security teams a live view of reported cyber activity…

Read more →

German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these attacks…

Read more →

On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively affect…

Read more →

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors and aren’t receiving timely security updates.…

Read more →

For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On…

Read more →

Claude Opus 4.6 builds on earlier releases with improved coding performance and more consistent behavior in complex tasks. Opus 4.6 finds real vulnerabilities in codebases better than any other model (Source: Anthropic) According to Anthropic, the model applies more deliberate…

Read more →

MintMCP launched its enterprise governance platform for AI agents and MCP servers, enabling teams to deploy, monitor, and secure agent infrastructure at scale. The platform enables organizations to deploy, monitor, and secure AI agents at scale while maintaining complete audit…

Read more →

Kasada released Account Intelligence, a new product designed to detect account-level fraud and abuse. The goal is to prevent repeat abuse before it creates financial loss and unnecessary friction for customers. Enterprises are facing account and business-logic abuse that existing…

Read more →

Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 vulnerabilities in Windows 11 and Server2025,…

Read more →

Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither…

Read more →

In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Avast, Fingerprint, Gremlin, and Socure. Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers Gremlin, the proactive reliability platform, launched Disaster Recovery Testing:…

Read more →

CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit Broadcom…

Read more →