Category: Help Net Security

Censys announced the release of a new ICS/OT Internet intelligence offering designed to close the visibility gap defenders face when securing exposed industrial assets. From energy and manufacturing to defense and utilities, organizations across industries face growing risks as IT…

Read more →

AISLE emerged from stealth, delivering the AI-native cyber reasoning system (CRS) that autonomously identifies, triages and remediates with verification both known and zero-day application vulnerabilities, which still account for the majority of security breaches. Malicious actors continue to exploit a…

Read more →

Hospitals, clinics, and care networks continue to treat cybersecurity as a back-office issue, according to the 2025 Healthcare IT Landscape Report from Omega Systems. Security takes a back seat Healthcare IT leaders are juggling competing demands. Rising costs, new privacy…

Read more →

Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains block spam…

Read more →

In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they hold valuable data…

Read more →

AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Aura, Bitsight, Blumira, Cayosoft, Corelight, Netcraft, and Picus Security. Picus Security uses AI to turn threat intelligence into attack simulations Picus Security launched new AI-powered…

Read more →

CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,…

Read more →

Veeam Software announced the availability of Veeam Data Cloud (VDC) for Managed Service Providers (MSPs) through the Veeam Cloud & Service Provider (VCSP) program. Designed to empower third-party service providers, Veeam Data Cloud delivers secure, scalable, and resilient data protection…

Read more →

Cayosoft introduced Cayosoft Guardian Protector, a free, always-on solution that delivers real-time threat detection, proactive alerts, resolution guidance, and change history for complex Microsoft hybrid identity environments. Cayosoft Guardian Protector provides administrators and security teams with continuous, real-time visibility and…

Read more →

Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while…

Read more →

Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,…

Read more →

The rush to deploy AI is reshaping how companies think about risk, according to Cisco. A global study finds that while most organizations are moving quickly to adopt AI, many are not ready for the pressure it puts on their…

Read more →

Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show that anyone…

Read more →

Experts across industries say they are still losing ground against identity-related breaches, even after years of investment in stronger access controls, according to RSA. Many said their organizations had faced at least one identity-related breach in recent years, and most…

Read more →

On top of several new free tools launched during the summer, ImmuniWeb released over 500 updates, improvements, new features, and integrations across all our products in Q3, including ImmuniWeb On-Demand, ImmuniWeb MobileSuite, ImmuniWeb Continuous, ImmuniWeb Neuron, ImmuniWeb Neuron Mobile, and…

Read more →

US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often leveraged by…

Read more →

Blumira launched SOC Auto-Focus, an AI-powered security investigation tool, alongside enhancements to its Managed Service Provider (MSP) partner program. SOC Auto-Focus is designed to help IT teams and MSPs work smarter, reduce alert fatigue and accelerate incident response through contextual…

Read more →

Harmonic Security announced Model Context Protocol (MCP) Gateway, a developer-friendly, locally installed gateway that gives security teams complete visibility and control over their organization’s agentic AI ecosystem. The solution intercepts all MCP traffic enabling security teams to discover what clients…

Read more →

On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere…

Read more →