Category: Help Net Security

In this Help Net Security video, James Wickett, CEO of DryRun Security, explains cyber risks many teams underestimate as they add AI to products. He focuses on how fast LLM features are pushed into live applications without limits or guardrails.…

Read more →

Attackers continue to rely on domain names as an entry point into enterprise systems. A CSC domain security study finds that large organizations leave this part of their attack surface underprotected, even as attacks become more frequent. The research examined…

Read more →

Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out a scoring framework that helps banks rank systems and business use cases based on quantum risk…

Read more →

macOS Tahoe privacy and security features focus on screening unwanted contact, limiting tracking, and keeping more decisions on the device. Most updates run quietly in the background and require little setup. Built-in filtering for calls and messages Apple reduced exposure…

Read more →

Microsoft has published version 2512 of its security baseline for Microsoft 365 Apps for enterprise. The baseline documents recommended policy settings for Office applications used in enterprise environments and maps those settings to current management tools. What the v2512 baseline…

Read more →

CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or…

Read more →

Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is a code…

Read more →

Cohesity has unveiled Identity Threat Detection and Response (ITDR) capabilities that expand its Identity Resilience portfolio, providing a more comprehensive approach to securing and recovering critical identity systems such as Active Directory (AD) and Microsoft Entra ID. Identity is foundational…

Read more →

Check Point announced Check Point Exposure Management, a new approach designed to help organizations defend against attacks by turning fragmented exposure data into prioritized, actionable, and safe remediation. Exposure Management delivers real-time situational awareness by unifying threat intelligence, dark-web insights,…

Read more →

Vectra AI launched the next generation of its flagship platform, purpose-built to protect the AI enterprise by delivering preemptive security and proactive defense against AI-powered cyberattacks. As enterprises embed AI across applications and infrastructure, they are becoming AI enterprises: always-on,…

Read more →

The European Commission has proposed a new cybersecurity package aimed at strengthening the EU’s cyber resilience, including a revised EU Cybersecurity Act designed to secure ICT supply chains and ensure products reaching EU citizens are secure by design through a…

Read more →

The Rust project updated crates.io to include a Security tab on individual crate pages. The tab shows security advisories drawn from the RustSec database and lists which versions of a crate may have known issues. This change gives developers a…

Read more →

OpenAI is rolling out age prediction on ChatGPT consumer plans to help determine whether an account likely belongs to someone under 18. Age prediction builds on protections already in place. ChatGPT relies on an age prediction model that evaluates behavioral…

Read more →

Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and Vision Pro devices, as well as a…

Read more →

Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. SnapScope web app identifies malicious snaps (Source: Alan Pope) Instead…

Read more →

The UK’s National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad. NoName057(16) remains active In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting…

Read more →

cside announced the launch of Privacy Watch. The platform prevents website privacy violations on the client-side, a risk surface that is traditionally unmonitored. To help organizations automate compliance with regulations like GDPR, CPRA, and HIPAA, Privacy Watch deploys AI for…

Read more →

Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s…

Read more →

Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the lifecycle, especially…

Read more →

Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting, delivery, and remediation tracking play…

Read more →