Tag: Help Net Security

Ridge Security announced RidgeSphere, a centralized management platform designed to simplify the orchestration of multiple RidgeBot , the AI-powered automated security validation platform, across client environments. Built for Managed Security Service Providers (MSSPs) and large enterprises, RidgeSphere eliminates operational silos,…

Read more →

Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that automated tools consistently miss, and evaluates the real-world effectiveness of leading vulnerability scoring methodologies, including EPSS, CISA KEV, CVSS, and our proprietary…

Read more →

Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies. “Because AirPlay is a fundamental piece of software for…

Read more →

Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam preying on renters “Most campaigns are sent from compromised mailboxes belonging to educational…

Read more →

Frontegg launched Frontegg.ai, an identity management platform purpose-built for developers building AI agents. As AI agents move beyond experiments to becoming critical internal and market-facing enterprise products, secure, scalable identity infrastructure becomes essential to achieve market-readiness. While standards like Anthropic’s…

Read more →

Legit Security has unveiled new functionalities that leverage AI to help security teams more quickly shore up gaps in their AppSec programs. Specifically, Legit now leverages AI to drive advanced discovery for code-to-cloud correlation, increased precision in issues prioritization and…

Read more →

Hewlett Packard Enterprise has announced expansions of HPE Aruba Networking and HPE GreenLake cloud to help enterprises modernize secure connectivity and hybrid cloud operations by blending multi-layered and zero trust approaches to protect against threats. These new expansions include: New…

Read more →

BigID launched AI Data Lineage, a new solution that provides organizations with visibility into how AI models access, process, and utilize data. As organizations increasingly integrate AI into their workflows, understanding the data lineage of AI interactions is critical for…

Read more →

Securonix announced the next phase of Securonix EON, introducing modular GenAI Agents. These specialized, decision-capable agents are designed to perform high-impact jobs to be done (JTBD) across the threat detection, investigation, and response (TDIR) lifecycle. These intelligent security agents represent…

Read more →

Skyhigh Security announced the expansion of its Skyhigh AI offering to include additional data protection solutions for Copilot for Microsoft 365 and ChatGPT Enterprise. This development follows the company’s earlier introduction of Skyhigh AI, an advanced suite of AI-powered capabilities…

Read more →

Torii unveiled Torii Eko, an agentic SaaS Management Platform, ushering in a new era of AI-powered execution for modern software management. Torii Eko includes three intelligent in-platform agents: Eko Assist, available now; and Eko Insight and Eko Act, both coming…

Read more →

Arkose Labs has announced the expansion of its security portfolio with two new offerings: Arkose Edge and Arkose Scraping Protection. These innovations address the growing challenges large enterprises face in securing their complex digital perimeters and protecting valuable content from…

Read more →

Saviynt launched AI-powered Identity Security Posture Management (ISPM) as part of its converged Identity Cloud platform. Saviynt’s ISPM provides actionable insights into an organization’s identity and access posture, offering an intelligent starting point to prioritizing and remediating risks. “As GE…

Read more →

The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it suitable for both beginners and more experienced users. Ledger Flex stores your private keys…

Read more →

Trellix announced advancements to Trellix DLP Endpoint Complete, available globally in Q2 2025. New offerings and features incorporate intelligent capabilities to enhance Trellix’s data loss prevention (DLP) solutions, enabling customers to protect sensitive information in non-text file formats, strengthen compliance…

Read more →

The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary attack surfaces. CVE…

Read more →

Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, Villain enhances these shells with added functionality, offering commands and utilities, and allowing for shell sessions sharing across…

Read more →

Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses…

Read more →

As AI brings about excitement and transformative potential, the report reveals that organizations are forging ahead with innovations despite increased security concerns, according to LevelBlue’s 2025 Futures Report. In fact, just 29% of executives surveyed say they are reluctant to…

Read more →

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up from 37%…

Read more →

Bitwarden launched Access Intelligence, a set of new capabilities that enables enterprises to proactively defend against internal credential risks and external phishing threats. Access Intelligence introduces two core functionalities: Risk Insights, which allows IT teams to identify, prioritize, and remediate…

Read more →

ExtraHop launched all-in-one sensor designed to unify network traffic collection that scales across a number of security use cases. This further advances ExtraHop’s vision to consolidate NDR, network performance monitoring (NPM), intrusion detection (IDS), and full packet forensics into an…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT…

Read more →

The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted. The Telegraph’s sources say ransomware was deployed by a unnamed criminal gang. Bleeping Computer’s…

Read more →

Huntress has unveiled its newly enhanced Managed Identity Threat Detection and Response (ITDR) solution, purpose-built to wreck hacker identity tradecraft, alongside new research on the growing threat of identity-based attacks and organizations’ ability to defend against them. Drawing insights from…

Read more →

Varonis announced always-on AI risk defense that continuously identifies data exposure in real time, flags violations, and automatically fixes issues before they can become data breaches. In organizations with poor data security posture, employees and AI agents are only one…

Read more →

Aqua Security has unveiled the next phase of its AI security strategy with the introduction of Secure AI, full lifecycle security from code to cloud to prompt. These new capabilities secure AI applications through the development process and into production,…

Read more →

Bugcrowd’s new service connects customers with a global network of vetted ethical hackers for a variety of red team engagements—fully managed through the Bugcrowd Platform. This release sets a new benchmark in the red team services market, enabling organizations to…

Read more →

Netwrix unveiled new solutions and capabilities across its 1Secure SaaS platform. Its new Data Security Posture Management (DSPM) solution identifies and eliminates data exposures within Microsoft 365 environments and will be available in May. Netwrix also announced new risk assessment…

Read more →

Arctic Wolf has introduced Cipher, an AI security assistant that provides customers with self-guided access to deeper security insights directly within the Arctic Wolf Aurora Platform. Cipher enhances investigations and alert comprehension by delivering instant answers, contextual enrichment, and actionable…

Read more →

Lumu released Lumu SecOps Platform, a fully integrated Security Operations (SecOps) platform that unifies threat detection, response, automation, compliance, and intelligence across the network, identities and endpoints—delivering full attack context and enabling security teams to autonomously detect and neutralize complex…

Read more →

Oasis Security launched Oasis NHI Provisioning, a capability that automates the creation, governance, and security of non-human identities (NHIs) from their inception. Built into the Oasis NHI Security Cloud, this solution addresses the critical challenges of fragmented processes, ungoverned sprawl,…

Read more →

I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now,…

Read more →

Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. Teams are scattered. Some machines haven’t been rebooted in months. Automation can help. But…

Read more →

Sumo Logic announced a number of new security capabilities that help organizations build and operate intelligent security operations to reduce risks, accelerate threat containment, and ensure stronger security postures. “With the rise of AI-powered attacks, dynamically scaling cloud environments, and…

Read more →

Cloudflare says it mitigated 20.5 million DDoS attacks in the first quarter of 2025. This is a 358% increase compared to the same time last year. Their Q1 2025 DDoS report highlights a rise in the number and size of…

Read more →

In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He explains why security must be embedded across IT, business lines, and product development, how automation and risk discovery…

Read more →

Analyst IV – Cybersecurity Carpenter Technology | USA | On-site – View job details As an Analyst IV – Cybersecurity, you will guide IT teams on IAM tasks, including account provisioning, password vaulting, access reviews, and encryption key management. You…

Read more →

Modern software relies on open-source. As open-source software (OSS) scaled, accelerated by AI, legacy security tools failed to keep pace, introducing undesired cost, complexity, and drag on developer productivity. Gartner cites false positives, alert fatigue, and the lack of exploitability…

Read more →

Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, unstructured workflows, and excessive noise from vulnerability scanning tools continue to slow remediation efforts, leading to delays and security…

Read more →

AuditBoard announced a new AI governance solution, enableing customers to fast-track their AI risk management programs and drive responsible AI innovation and adoption at scale. AuditBoard’s new AI governance solution will help customers meet AI best practices outlined in frameworks…

Read more →

Palo Alto Networks announced Prisma AIRS, an AI security platform that serves as the cornerstone for AI protection, designed to protect the entire enterprise AI ecosystem – AI apps, agents, models, and data – at every step. Building upon the…

Read more →

ArmorCode launched Anya, an agentic AI champion purpose-built for AppSec and product security teams. Following a successful early access program, Anya is now available to all ArmorCode enterprise customers, delivering intelligent, conversation-driven security insights that close the expertise gap and…

Read more →

Censys is launching a new solution specifically designed to enable threat hunting teams to track adversary infrastructure. The Censys’ Threat Hunting solution is part of Censys’ recently released Internet Intelligence platform, which provides security teams across the enterprise with the…

Read more →

Trend Micro announced new AI-powered threat detection capabilities designed specifically for enterprises embracing AI at scale. This effort brings together Trend’s security expertise with NVIDIA accelerated computing and NVIDIA AI Enterprise software, leveraging AWS infrastructure to support scalable, enterprise-ready deployment.…

Read more →

Netskope announced expansion of the Netskope One platform to cover more AI security use cases, including enhanced protections for private applications and data security posture management (DSPM) attributes. While other vendors focus on enabling safe user access to AI applications,…

Read more →

Sentra launched Data Security for AI Agents solution, specifically designed to address the emerging challenges associated with proliferating AI assistants and empower large enterprises to embrace AI innovation securely and responsibly. With the solution, Sentra also announced platform support for…

Read more →

Abnormal AI introduces autonomous AI agents that improve how organizations train employees and report on risk while also evolving its email security capabilities. In a year defined by the explosive use of malicious AI for cybercrime, Abnormal is doubling down…

Read more →

Anetac announced the global rollout of Human Link Pro. This new capability unifies the management of human and non-human identity vulnerabilities within the Anetac Identity Vulnerability Management Platform. Already in use by organizations in financial services, retail, healthcare and critical…

Read more →

Flashpoint announced new capabilities to its flagship platform, Flashpoint Ignite. These innovations are designed to deliver insights that align with customers’ threat intelligence needs, enabling organizations to make informed decisions and protect their most critical assets. “Too often, high-value threat…

Read more →

Peridio, a platform for building and maintaining advanced embedded products, has launched Avocado OS, an open-source embedded Linux distribution made to simplify the way developers build complex embedded systems. Avocado OS focuses on delivering a smooth developer experience while offering…

Read more →

RSA announced cybersecurity innovations that defend organizations against the next wave of AI powered identity attacks, including IT Help Desk bypasses, malware, social engineering, and other threats. These advancements are especially critical for organizations implementing passwordless strategies and further solidify…

Read more →

Wallarm unveiled Agentic AI Protection, a capability designed to secure AI agents from emerging attack vectors, such as prompt injection, jailbreaks, system prompt retrieval, and agent logic abuse. The new feature extends Wallarm’s API Security Platform to actively monitor, analyze,…

Read more →

NetRise announced a new product, NetRise ZeroLens. NetRise’s category redefining platform creates a software asset inventory, which is critical to manage organizational risk. NetRise analyzes compiled code to find risk in software that actually executes on devices and other systems.…

Read more →

CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest researchers, who…

Read more →

Allurity announces its acquisition of Croatian cybersecurity company Infigo IS. With deep technical expertise and one of southern Europe’s strongest offensive security teams, Infigo brings strengths that accelerate Allurity’s journey to become the preferred cybersecurity partner in Europe. Founded in…

Read more →

In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to minimize your external attack surface is a no-brainer. The goal is simple: Make your organization…

Read more →

GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering…

Read more →

Ransomware attacks are becoming more refined and pervasive, posing significant challenges to organizations globally. A Veeam report reveals that while the percentage of companies impacted by ransomware attacks has slightly declined from 75% to 69%, the threat remains substantial. This…

Read more →

Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the Datadog State of DevSecOps 2025 report. 14% of Java services still contain at least one vulnerability By…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of its ATT&CK framework, which now also includes a new…

Read more →

Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate…

Read more →

Rubrik announced its upcoming solution, Identity Resilience, designed to secure the entire identity landscape alongside data. Identity Resilience aims to protect the most common entry points for attackers – human and non-human identities (NHIs) – to help organizations maintain operations…

Read more →

Detectify announced new Asset Classification and Scan Recommendations capabilities. This innovation directly addresses a critical challenge for security teams: knowing what else, beyond their core applications, requires in-depth testing. The new features automatically classify discovered web assets based on attacker…

Read more →

Vanta announced new ways to help organizations demonstrate AI security and evaluate AI risk across their ecosystem. With the launch of Vanta’s new AI Security Assessment offering, customers using, developing or building with AI can now more effectively address critical…

Read more →

As cloud app adoption continues to rise, and the modern workplace continues to evolve, LastPass will introduce a new approach to democratize access management. Built with the needs of small-to-mid-sized businesses in mind, Secure Access Experiences represents a more unified,…

Read more →

Dashlane unveiled a new approach to addressing human risk in response to the rise of AI-driven phishing attacks and shadow IT in corporate environments. Built on innovation that pushes beyond vault-based password management, Dashlane Omnix is the AI-accelerated credential security platform…

Read more →

BreachLock AEV automates multistep, threat-intelligence-led attack scenarios—helping security teams uncover real exposures and prioritize what matters most. Going beyond just showing security teams their risk, BreachLock Adversarial Exposure Validation simulates how real-world adversaries would exploit it by mirroring their behavior…

Read more →

76% of respondents have been impacted by incidents of device theft in the past two years, with incidents more common in organizations with more flexible working models, according to Kensington. For instance, research revealed that 85% of organizations with flexible…

Read more →

Organizations have implemented various aspects of threat exposure validation, including security control validation (51%) and filtering threat exposures based on the effectiveness of security controls to mitigate threats (48%), according to Cymulate. At the same time, nearly all respondents say…

Read more →

RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork…

Read more →

The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle approach, the framework outlines 13 core principles that expand into 72 detailed, trackable principles across five…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode. Email authentication simplified: How PowerDMARC makes DMARC effortless With PowerDMARC, users can generate and publish DMARC,…

Read more →

If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code…

Read more →

AppViewX has announced the launch of the AVX ONE Post-Quantum Cryptography (PQC) Assessment Tool that generates a Cryptographic Bill of Materials and PQC readiness score. By scanning code, dependencies, configurations and certificates in enterprise environments, the PQC Assessment Tool provides…

Read more →

DirectDefense has launched DirectDefense Security Essentials, a fully managed, subscription-based security program purpose-built for small to mid-sized businesses (SMBs). With Security Essentials, DirectDefense is addressing the critical security needs of the underserved SMB market by combining virtual CISO (vCISO) services,…

Read more →

Skyhawk Security is adding new protection for custom-built cloud applications. The company announced the update to its AI-powered Autonomous Purple Team for RSAC 2025 Conference, which starts April 28 in San Francisco. The AI-based purple team identifies security weaknesses and…

Read more →

Swimlane announced Compliance Audit Readiness (CAR) Solution, designed to streamline compliance management and accelerate audit readiness. Powered by the Swimlane Turbine AI Automation Platform and built on the Secure Controls Framework, CAR automates compliance control mapping, streamlines audit evidence gathering…

Read more →

AuditBoard announced RegComply, a new solution for regulatory compliance management to help organizations stay on top of changing regulations and manage their compliance programs with integrated risk insights. The new solution includes new AI capabilities from AuditBoard and is powered by…

Read more →

Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any other…

Read more →

Veracode announced new capabilities to help organizations address emerging threats, giving security professionals better visibility and control in one place. The launch includes new AI-powered functionality in the Dynamic Application Security Testing (DAST)product and an External Attack Surface Management (EASM)…

Read more →

Metomic launched AI Data Protection Solution, an offering designed to prevent sensitive business data from being inadvertently exposed through AI tools such as ChatGPT, Copilot, Glean, Notion AI, Box AI, and others. As enterprises accelerate AI integration, this solution empowers…

Read more →

The Edgescan 2025 Vulnerability Statistics Report offers a data-rich snapshot of the global cybersecurity landscape, drawing from thousands of assessments and penetration tests conducted in 2024. Now in its 10th year, the report analyzes full-stack security trends across industries, highlighting…

Read more →

Binarly announced the rollout of its flagship Binarly Transparency Platform 3.0, a major update that fuses live threat‑intelligence signals with an exploitation‑aware scoring system to help enterprise teams prioritize the mitigation of vulnerabilities with the most immediate risk. The release…

Read more →

Security teams are drowning in alerts. The sheer volume of threats, suspicious activity, and false positives makes it nearly impossible for analysts to investigate everything effectively. Enter agentic AI, capable of completing hundreds of tasks simultaneously without tiring. Organizations increasingly…

Read more →

Cyber threats targeting the energy sector come in many forms, including state-sponsored actors seeking to disrupt national infrastructure, cybercriminals motivated by profit, and insiders intentionally causing damage. The consequences of a successful attack can be severe, potentially disrupting energy supplies…

Read more →

Artificial Intelligence for Cybersecurity is a practical guide to how AI and machine learning are changing the way we defend digital systems. The book aims to explain how AI can help solve real cybersecurity problems. It does that well, but…

Read more →

While AI adoption is widespread, its impact on productivity, trust, and team structure varies sharply by role and region, according to Exabeam. The findings confirm a critical divide: 71% of executives believe AI has significantly improved productivity across their security…

Read more →

Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) is an endpoint security solution that dynamically tailors hardening for each user, ensuring that security configurations align with user-intended privileges and behaviors and adapt to shrink attack surfaces. “Attackers are now…

Read more →

Tufin announced TufinAI, an AI-powered engine designed to transform the way enterprises manage and protect their networks. Backed by its strong financial foundation and record results in 2024, Tufin has been able to invest boldly in innovation – pushing far…

Read more →

IRONSCALES announced deepfake protection for enterprise email security. The announcement comes as deepfake-driven social engineering attacks continue to gain momentum. From 2022 to 2023, the total volume of deepfake-driven cyberattacks levied against private enterprises grew by a staggering 1,000% globally…

Read more →

Armis is expanding its vulnerability exposure and assessment capabilities with the free availability of the Armis Vulnerability Intelligence Database. The community-driven database integrates exploited vulnerabilities, emerging threats and AI-powered insights, providing the cybersecurity industry with the knowledge organizations need to…

Read more →

NinjaOne announced new capabilities that unify vulnerability management and patching workflows, ensuring a risk-based approach to patching and reducing time to remediate vulnerabilities. The new tools automate the import of vulnerability data, giving IT teams continuous visibility into vulnerabilities, so…

Read more →

MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors. About MITRE ATT&CK MITRE ATT&CK is a regularly…

Read more →

The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%, according to Verizon’s 2025 Data Breach Investigations Report. Researchers analyzed 22,052 real-world security incidents, of which 12,195 were confirmed data breaches.…

Read more →

Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with…

Read more →

BlinkOps launched No-Code Security Agent Builder, an enterprise platform that allows security teams to create an unlimited number of custom security agents tailored for their unique environments. The platform gives organizations full control over how agents operate, what they access,…

Read more →

Cohesity announced Cohesity RecoveryAgent, a new AI-powered cyber orchestration solution for Cohesity NetBackup and DataProtect customers. RecoveryAgent automates cyber recovery preparation, testing, compliance, and response, enabling customers to recover from cyber incidents faster. It offers intelligent, customizable recovery blueprints and…

Read more →

1Password announced Agentic AI Security capabilities as part of the 1Password Extended Access Management platform, built to secure and govern identities, credentials, and access of autonomous AI agents in the enterprise. As agentic AI reshapes how work gets done, from…

Read more →

Ivanti has launched Ring Deployment in Ivanti Neurons for Patch Management. The new capability allows IT teams to reduce risks associated with patching systems by creating and configuring deployment rings, enabling them to strategically group devices based on organizational needs…

Read more →