Category: Help Net Security

Pathlock announced a major expansion of its SAP cybersecurity offerings, introducing a new portfolio of value-driven and easy-to-deploy SAP cybersecurity solutions, including a Free Edition. Designed to deliver maximum value and fast time-to-protection, the launch marks a significant step toward…

Read more →

Patient data is often stored or processed outside the country where it was collected. When that happens, the data falls under the laws of the country where it resides. Depending on those laws, local governments may have legal access to…

Read more →

In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice…

Read more →

Ransomware, trojans, and malware delivered through USB devices are putting growing pressure on industrial systems, according to the Honeywell 2025 Cyber Threat Report, which draws on data from monitoring tools deployed across industrial sites around the world. The findings highlight…

Read more →

Ransomware breaches continue to rise even as fewer victims pay, according to a Delinea report. 69% of organizations globally have fallen victim to ransomware, with 27% being hit more than once. While only 57% of organizations paid ransoms, down from…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and Varonis. Bitdefender unifies security, risk management, and compliance in a single platform Bitdefender announced GravityZone Compliance Manager,…

Read more →

Dynatrace is accelerating the generational shift in enterprise software development by extending the Dynatrace platform with agentic AI capabilities. Designed to predict and prevent disruptions, protect systems and data, and optimize operations autonomously, these advancements mark a new era of…

Read more →

Bitdefender announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline audit readiness. Designed specifically for today’s complex regulatory landscape, the solution provides real-time visibility, automated remediation, audit-ready reports,…

Read more →

Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules…

Read more →

Fortinet has enhanced its data and productivity security portfolio, expanding FortiMail with the launch of the FortiMail Workspace Security suite. These new capabilities extend protection not only to email but also to browser and collaboration security. These advancements, combined with new…

Read more →

Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136…

Read more →

If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they handle things online because of it. But different age…

Read more →

32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks, according to LevelBlue. AI brings hope and concern As AI promises healthcare organizations efficiency,…

Read more →

In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises. From highly customized, interconnected environments to the pressure of real-time patching, Strauss highlights why keeping SAP…

Read more →

Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters…

Read more →

Cobalt announced a set of product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control. These innovations further the company’s commitment to deliver expert-driven, fast-to-launch pentesting, now with even…

Read more →

Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of bounds read and write vulnerability in V8, the JavaScript and WebAssembly engine developed by Google for the…

Read more →

Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security. With its self-service onboarding and cloud-native connect capabilities, Salt reduces deployment time from months to minutes requiring no architecture knowledge and manual integrations, leading to zero…

Read more →

TXOne Networks announced an expanded new version of its SageOne OT Cybersecurity Governance Platform. Already relied upon by many industrial leaders across sectors with exacting cybersecurity requirements, TXOne SageOne has been enhanced to deliver a novel capability for intelligent vulnerability…

Read more →

Varonis announced Varonis Identity Protection, the latest enhancement to its Data Security Platform that gives organizations visibility and control of data and identities. Most identity security tools operate in a vacuum — with no understanding of the critical data each…

Read more →

Zscaler announced a new suite of solutions that enable customers to adopt zero trust everywhere. These innovations extend the reach of true zero trust and enable businesses to modernize and scale securely by providing end-to-end segmentation between and inside branches…

Read more →

According to research, 62% of organizations said their attack surface grew over the past year. It’s no coincidence that 76% of organizations also reported a cyberattack due to an exposed asset in 2024, as expanding digital footprints often outpace security…

Read more →

Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact…

Read more →

Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system…

Read more →

In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems. He explains why conventional threat modeling needs to adapt to address autonomous decision-making…

Read more →

Many organizations are overwhelmed by the complexity of their IT systems, making it difficult to manage cybersecurity risks, according to a new Ivanti report. The “Exposure Management: From Subjective to Objective Cybersecurity” report points out that as companies keep adding…

Read more →

Malwarebytes launched Scam Guard, an AI-powered digital safety companion that provides real-time feedback on scams, threats and malware alongside digital safety recommendations. Whether it’s a suspicious text, DM, email, image or link, Scam Guard offers judgment-free, personalized advice to help…

Read more →

Silobreaker released AI Summarise for dashboards and email alerting. This latest enhancement brings the power of customisable AI directly into the core of the analyst workflow – enabling threat intelligence teams to generate stakeholder-ready summaries from across their trusted sources…

Read more →

AttackIQ releaseed AttackIQ Ready3. With expanded discovery capabilities, Ready3 maps both internal and external attack surfaces. By correlating asset discovery with vulnerability context, attack paths and compensating controls, the platform helps security teams identify which vulnerabilities are truly exposed because…

Read more →

Infosecurity Europe 2025 is a cybersecurity event taking place from June 3 to 5 in London. Help Net Security is on-site and here’s a closer look at the conference. The featured vendors are: Okta, PlexTrac, ISC2, Insight, EasyDMARC, Defense.com, Tines,…

Read more →

RSA announced a new Identity Security Posture Management (ISPM) and enhancements to its passwordless identity platform. These innovations will help enterprises proactively find and resolve security risks across hybrid and cloud environments and simplify users’ log-in processes with advanced, phishing-resistant…

Read more →

Akamai Technologies has introduced Akamai DNS Posture Management, a solution that offers unified, multicloud visibility over all DNS assets. The agentless solution provides real-time monitoring and guided remediation across all major DNS providers. Security teams can quickly detect and respond…

Read more →

Interactive Brokers is warning customers to be on high alert due to a wave of scams involving fraudsters posing as company representatives. Interactive Brokers (IBKR) is a global brokerage firm that lets investors trade stocks, options, futures, and other assets…

Read more →

In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends,…

Read more →

A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity…

Read more →

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including…

Read more →

Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a…

Read more →

The post Cybersecurity jobs available right now: June 3, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now: June 3, 2025

Read more →

A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch…

Read more →

Barracuda Networks unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for managed service providers (MSPs), other channel partners and end users. BarracudaONE…

Read more →

DoControl announced expanded capabilities that further support organizations in enforcing zero trust security strategies – without compromising business agility or user productivity. Zero trust principles dictate that no user, device, or location is inherently trusted. While this approach is essential…

Read more →

The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To manage these…

Read more →

In this Help Net Security interview, Aaron McCray, Field CISO at CDW, discusses how AI is transforming the CISO role from a tactical cybersecurity guardian into a strategic enterprise risk advisor. With AI now embedded across business functions, CISOs are…

Read more →

In this Help Net Security video, Mick Leach, Field CISO at Abnormal AI, explores why security awareness training (SAT) is failing to reduce human error, the top cause of cybersecurity incidents. He discusses how AI can transform SAT into a…

Read more →

If you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how pentesters are using the tool. It mostly succeeds, with some caveats…

Read more →

32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible outcome. Software compliance adoption varies across organizations…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerabilities found in NASA’s open source software Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems,…

Read more →

Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability…

Read more →

Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that…

Read more →

82% of organizations already use AI agents, but only 44% of organizations report having policies in place to secure them, according to SailPoint. While 53% are in the process of developing such policies, the reality is that most remain exposed…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint. New MCP server from…

Read more →

Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These…

Read more →

Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations.…

Read more →

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level…

Read more →

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level…

Read more →

Cisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era. Identity is a prime target for bad actors, accounting for 60% of Cisco…

Read more →

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into…

Read more →

Cybersecurity leaders and consultants identified AI-driven automation and cost optimization as top organizational priorities, according to Wipro. 30% of respondents are investing in AI automation to enhance their cybersecurity operations. AI-driven automation can help in detecting and responding to threats…

Read more →

Fraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines…

Read more →

In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins). These are legitimate tools built into operating systems, such as PowerShell,…

Read more →

If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point. It’s written with beginners in mind and assumes…

Read more →

PlainID introduced Policy Management for Agentic AI. Securing the future with a solution that brings identity-aware, policy-based access control to the next generation of AI systems. As organizations adopt AI and LLM-based systems, they are ingesting and processing vast amounts…

Read more →

Radiant Logic announced its new Identity Observability features as part of the RadiantOne platform. As identity remains the dominant attack vector for cybercriminals, the latest enhancements to the RadiantOne platform deliver real-time visibility and context into the entire Identity and…

Read more →

BalkanID has unveiled its self-service Identity Governance and Administration (IGA) Lite Platform, offering flexibility and transparent pricing. Consisting of three streamlined modules: User Access Reviews (UAR) Lite, IAM Risk Analyzer Lite, and Lifecycle Management Lite, BalkanID’s IGA Lite is the…

Read more →

A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium confidence the threat…

Read more →

LogicGate is elevating its Risk Cloud platform with a new Operational Risk Management (ORM) Solution designed to allow organizations to prioritize risks based on process criticality and financial impact. By helping minimize operational disruptions, such as failed internal processes, inadequate…

Read more →

Across the enterprise, artificial intelligence has crept into core functions – not through massive digital transformation programs, but through quiet, incremental adoption. Legal departments are summarizing contracts. HR is rewording sensitive employee communications. Compliance teams are experimenting with due diligence…

Read more →

Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now constantly dealing with phishing attempts, which have become so common and credible that even…

Read more →

Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in AI systems, Kubernetes environments, and APIs before attackers can exploit them. Key features of…

Read more →

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Vuls: Open-source agentless vulnerability scanner Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created to…

Read more →

The Dutch intelligence and security services have identified a new Russia-affiliated threat group that has been breaching government organizations and commercial entities in Europe and North America, and they dubbed it Laundry Bear. “Compared to some other Russian threat actors…

Read more →

A new MCP server, faster than any other on the market, is launching today from groundcover, the eBPF-driven observability platform. Developers can now enhance their AI-driven workflows with deep system context, powered by groundcover’s granular access to logs, metrics, and…

Read more →

Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode,…

Read more →

In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making…

Read more →

Enterprises typically “modernize” access patterns for an application by enabling industry standard protocols like OIDC or SAML to provide single sign-on (SSO) for legacy apps via a cloud identity provider (IDP). That’s a major step towards better user experience, improved…

Read more →

Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breaches in 2024 were third-party…

Read more →

Is the remote IT worker you recently hired really who he says he is? Fake IT workers are slipping into companies around the world, gaining access to sensitive data. Recently, more of these schemes have been linked to North Korea.…

Read more →

Application Security Engineer, SDO AppSec Amazon | EMEA | Hybrid – View job details As an Application Security Engineer, SDO AppSec, you will be responsible for creating, updating, and maintaining threat models across a diverse range of software projects. Part…

Read more →

A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within…

Read more →

LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection, goal hijacking,…

Read more →

NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a…

Read more →

In this Help Net Security video, Stefan Tanase, Cyber Intelligence Expert at CSIS, gives an overview of how cybercriminals are changing their tactics, including using legitimate tools to avoid detection and developing more advanced info-stealing malware. Tanase also talks about…

Read more →

Hybrid cloud infrastructure is under mounting strain from the growing influence of AI, according to Gigamon. Cyberthreats grow in scale and sophistication As cyberthreats increase in both scale and sophistication, breach rates have surged to 55% during the past year,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Trojanized KeePass opens doors for ransomware attackers A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set…

Read more →

CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage group that has been…

Read more →

Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-made, and…

Read more →

Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame…

Read more →

Token Security launched Model Context Protocol (MCP) Server for non-human identity (NHI). This capability brings the power of agentic AI to modern security operations and enables teams to interact with complex NHI data using simple, natural language. The Token MCP…

Read more →

In this Help Net Security interview, Dr. Joy Wu, Assistant Professor, UBC Sauder School of Business, discusses the psychological and societal impacts of data monetization, why current privacy disclosures often fall short, and what it will take to create a…

Read more →

Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills…

Read more →

While 47% of organizations claim to have implemented shift left security strategies, many still struggle with execution gaps and security inefficiencies, according to Pynt. Of those who haven’t implemented shift left, half of them have no plans to do so…

Read more →

69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated scams are…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Anchore, Cyble, Outpost24, and ThreatMark. Outpost24 simplifies threat analysis with AI-enhanced summaries Outpost24 announced the addition of AI-enhanced summaries to the Digital Risk Protection (DRP)…

Read more →

A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows…

Read more →

StackHawk, the shift-left API security platform, announced it has taken on $12 million in additional funding from Sapphire and Castanoa Ventures to help security teams keep up with the pace of AI-driven development. With this funding, StackHawk will expedite shipping…

Read more →

Druva announced comprehensive protection for Azure SQL and Azure Blob Storage. Building on Druva’s strategic relationship with Microsoft, these enhancements help enterprises reduce risk, control costs, and improve operational agility with cloud-native data protection. As enterprises look to consolidate and…

Read more →

Signal has released a new version of its end-to-end encrypted communication app for Windows that prevents Microsoft Recall and users from screenshotting text-based conversations happening in the app. The new “Screen security” setting is enabled by default and can be…

Read more →

In this Help Net Security interview, Tim Grieveson, CSO at ThingsRecon, breaks down the first steps security teams should take to regain visibility, the most common blind spots in asset discovery, and why context should drive risk prioritization. What are…

Read more →

A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in through misplaced trust and weak identity safeguards.…

Read more →

70% percent of organizations view the pace of AI development, particularly in GenAI, as the leading security concern related to its adoption, followed by lack of data integrity (64%) and trustworthiness (57%), according to Thales. GenAI becomes a top spending…

Read more →