Category: Help Net Security

Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in these latest…

Read more →

Malwarebytes announced Malwarebytes in ChatGPT, a new way for individuals and small businesses to get fast, trusted security assistance directly within ChatGPT. Users can ask Malwarebytes to check whether something is a scam or spam, tapping into the company’s deep…

Read more →

Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December…

Read more →

With preparations well underway, Span Cyber Security Arena 2026 is set to return for its third edition, bringing together domestic and international experts in cyber security. As in previous years, the conference is designed for everyone involved in that area…

Read more →

Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been part of Windows for decades and continues to appear in some environments, particularly where legacy…

Read more →

The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust cybersecurity practices. The documents are part of a larger series designed to support adoption of…

Read more →

AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI,…

Read more →

In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board members and what does not. He links cryptography, certificates, and…

Read more →

Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert malware scanning and policy checks directly into Node.js applications before files reach storage or business…

Read more →

Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of Non-Human Identity and AI Security report by the Cloud Security Alliance. AI identities…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where…

Read more →

Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, 2027. The updated schedule extends access by nearly nine months. Microsoft said the…

Read more →

A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of trade secrets tied to AI technology. Ding faces a maximum sentence…

Read more →

Arkose Labs announced Arkose Titan, a unified platform that protects enterprises from human and AI-powered fraud, scraping and bot attacks. Unlike fragmented point solutions, Arkose Titan provides defense-in-depth through intelligent detection and adaptive mitigation against both traditional and emerging AI…

Read more →

Apple users are already accustomed to managing app-level location permissions, and a new privacy feature in iOS 26.3 extends that control to cellular networks. Called Limit Precise Location, it reduces the amount of fine-grained location data that iPhones share with…

Read more →

The Electronic Frontier Foundation (EFF) has introduced a new campaign called Encrypt It Already, focused on expanding the use of end-to-end encryption in consumer technology products and services. The effort examines public security commitments and the current availability of encryption…

Read more →

Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 report by Tines. Within that environment, large numbers of teams already rely on…

Read more →

Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large organizations, and they bring a constant stream of logs, alerts, and operational data. That environment already exists…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from Acronis, Booz Allen Hamilton, cside, Descope, JumpCloud, MIND, Noction, Obsidian Security, Rubrik, SEON, SpyCloud, Tenable, Tosi and Vectra AI. Acronis Archival Storage brings compliance-ready, S3-compatible…

Read more →

Over 1 billion users wear devices for tracking steps, sleep, heart rate, and other personal metrics. These devices collect a continuous stream of sensitive data, often tied to detailed user profiles and companion apps. New Clutch survey data show that…

Read more →