Category: Help Net Security

Scammers behind cryptocurrency investment schemes are dispatching couriers to pick up cash from victims in person, the FBI warns. According to the agency, scammers usually approach victims through social media, text messages, or fake investment personas, luring them into cryptocurrency…

Read more →

Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was found during internal security testing”, raising the question…

Read more →

Software supply chain visibility is becoming part of product security work as the EU Cyber Resilience Act (CRA) moves toward application in December 2027. ENISA’s SBOM Adoption State of Play 2026 shows organizations preparing for CRA obligations through SBOM tooling,…

Read more →

Cyberattacks against hospitality, travel, and recreation organizations rose 24% year over year, reaching an average of 2,291 incidents per organization each week in May 2026, according to Check Point. (Source: Check Point) “The sector has more than doubled its attack…

Read more →

Developers coordinate code across README files, issue threads, and pull request discussions. Much of that exchange happens in English, and a large share happens in other languages. GitHub has released a dataset built to help researchers and developers locate public…

Read more →

In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone…

Read more →

Over recent years we’ve witnessed the EU becoming increasingly serious about cybersecurity. After years of watching high profile breaches, many resulting from supply chain attacks targeting our critical infrastructure, that seriousness is welcome. But good intentions and good policy are…

Read more →

In the latest episode of Identity Insider, I sat down with Chris Hughes, a cybersecurity expert who’s involved in OWASP’s work on non-human and machine identity security. Unsurprisingly, our discussion centered on the rapidly changing cybersecurity landscape, driven by the…

Read more →

Across large enterprises, a single question keeps surfacing when teams want to put customer data to work. Can this record be used for a given purpose, and does the consent behind it still hold? The data sits in warehouses and…

Read more →

Android Vulnerability Researcher Byteria | USA | Remote – View job details As an Android Vulnerability Researcher, you will analyze the Android attack surface, including the Linux kernel, system services, drivers, firmware, applications, and Trusted Execution Environment (TEE). You will…

Read more →

A China-linked cyber espionage operation targeted North American medical research institutions through compromised REDCap servers, using custom malware to gain persistent access and collect sensitive information, Google’s Threat Intelligence Group (GTIG) researchers found. UNC6508 exploits vulnerable REDCap servers GTIG attributed…

Read more →

A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the results of a forensic investigation published by cybersecurity firm Sygnia. The group’s defining…

Read more →

Delinea and Cyera announced a product integration that connects privileged access to sensitive data exposure, automatically correlating identities with the data they can access. Together, Delinea and Cyera help security teams identify, prioritize, and remediate the highest-risk access paths across…

Read more →

Trust3 AI has announced AgentDOS, an enterprise control plane that provides visibility into AI agents, including real-time token consumption monitoring across platforms such as Databricks Agent Bricks and Microsoft Copilot Studio. As enterprises rapidly scale AI adoption, a new class…

Read more →

1Password has announced 1Password Credential Broker, a new product that securely brokers credentials, tokens, and federated access from 1Password to trusted requesters. The 1Password Credential Broker is available in private beta today, with support for GitHub Actions and a roadmap…

Read more →

A Ukrainian national pleaded guilty to conspiracy to commit wire fraud in connection with the deployment of Conti ransomware, which targeted more than 1,000 victims worldwide. According to the U.S. Department of Justice, 44-year-old Oleksii Oleksiyovych Lytvynenko joined the Conti…

Read more →

Omada has announced Omada Agent Governance, a new solution designed to help organizations bring the same governance discipline to AI agents and non-human identities that they already apply to people. AI agents are rapidly becoming a new class of digital…

Read more →

Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original projection, and the Forum of Incident Response and Security Teams…

Read more →

Red Sift has announced a partnership with GMO GlobalSign to provide organizations with a direct path from email authentication to verified brand visibility in the inbox. Red Sift OnDMARC is now available through GMO GlobalSign, enabling secure outbound email protection…

Read more →

Modat has launched native Passive DNS intelligence in Magnify, its internet intelligence platform, unifying IP, device fingerprint, certificate, and passive DNS into a single pivot-driven investigation flow. Threat intelligence, threat hunting, exposure management, fraud and Security teams have long been…

Read more →