Category: Help Net Security

CERT UEFI Parser, a new open-source security analysis tool from the CERT Coordination Center has been released to help researchers and defenders examine the structure of Unified Extensible Firmware Interface (UEFI) software and identify classes of vulnerabilities that are often…

Read more →

Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered this reality during their implementation: “Once a secret is pushed to GitLab or GitHub, you…

Read more →

Security and risk teams often rely on documentation and audit artifacts that reflect how an AI system worked months ago. ETSI’s continuous auditing based conformity assessment specification (ETSI TS 104 008) describes a different approach, where conformity is evaluated through…

Read more →

A new study shows that some of the most widely used AI-powered browser extensions are a privacy risk. They collect lots of data and require a high level of browser access. The research was conducted by Incogni, which analyzed 442…

Read more →

Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked…

Read more →

Tenable announced general availability of Tenable One AI Exposure. With this release, the Tenable One Exposure Management Platform unifies AI protection, discovery and usage governance across the enterprise, including SaaS platforms, cloud services, APIs and agents. AI is deeply embedded…

Read more →

A malware delivery campaign detailed by Blackpoint researchers employs an impressive array of tricks to deliver an infostealer to employees without triggering enterprise defenses or close examination by security researchers. The attackers aim to get the Amatera Stealer installed on…

Read more →

NICE Actimize launched Actimize Insights Network, an intelligence network designed to give financial institutions real-time visibility into counterparty risk. Leveraging insights from its Fraud and Financial Crime network, the Actimize Insights Network delivers the scale and precision needed to prevent…

Read more →

Amazon Web Services has added IPv6 support to IAM Identity Center through new dual-stack endpoints. The update allows identity services to operate over IPv6 networks while continuing to support IPv4. The change applies to access portals, managed applications, and service…

Read more →

Microsoft Purview Data Security Investigations is now available. The tool is part of Microsoft Purview and is intended for scenarios such as data breach and leak investigations, credential exposure, internal fraud and bribery, sensitive data exposure in Teams, and inappropriate…

Read more →

HackerOne announced Agentic Pentest as a Service (Agentic PTaaS), delivering continuous security validation by combining autonomous agent execution with human expertise to ensure every finding reflects exploitable risk that security teams can trust and act on at scale. Enterprise security…

Read more →

NETSCOUT announced new capabilities that further enhance its observability solutions to address critical gaps in remote site management and risks stemming from expired SSL/TLS certificates. New nGeniusONE solution enhancements support real-time deep packet inspection (DPI) over Ethernet or Wi-Fi 7,…

Read more →

Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated advisory…

Read more →

Zscaler has announced new AI security innovations designed to empower enterprises to secure the fast growing use of AI, while maintaining visibility, control, and governance. As organizations adopt generative AI and prepare for the use of agentic AI, they face…

Read more →

Scientific research environments are built for openness and collaboration, often prioritizing long-term discovery over traditional enterprise security. In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where cybersecurity blind spots emerge,…

Read more →

Logitech announced Rally AI Camera and Rally AI Camera Pro, conference cameras that pack new AI-powered video intelligence into a nearly-invisible aesthetic for large spaces. Rally AI Cameras bring new intelligence, automation into larger, more complex rooms Logitech is merging…

Read more →

Descope has updated its Agentic Identity Hub to provide MCP developers and AI agent builders with standards-based identity infrastructure for their AI systems. Organizations can now use Descope to manage AI agents as first-class identities alongside human users, add OAuth…

Read more →

AI’s impact on systems, security, and decision-making is already permanent. Superintelligence, often referred to as artificial superintelligence (ASI), describes a theoretical stage in which AI capability exceeds human cognitive performance across domains. Whether current systems are progressing toward cybersecurity superintelligence…

Read more →

Privacy programs are taking on more operational responsibility across the enterprise. A new Cisco global benchmark study shows expanding mandates, rising investment, and sustained pressure around data quality, accountability, and cross-border data management tied to AI systems. Privacy programs grow…

Read more →

Ivanti announced AI advancements to the Ivanti Neurons platform, introducing solutions that transform how IT and security teams harness AI-driven intelligence to achieve impactful business outcomes. These features include agentic AI capabilities for Ivanti Neurons for IT Service Management (ITSM),…

Read more →