Tag: Help Net Security

Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out what matters. When you dig into real incidents involving payment data, a surprising number come…

Read more →

Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new report by Hackuity. Fragmented detection and slow remediation Organizations use a formalized approach to…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, Firewalla, Forescout, Immersive, Kentik, Komodor, Minimus, Nokod Security, and Synack. Action1 addresses Intune gaps with patching and…

Read more →

Detego Global has announced the launch of Detego Case Manager for DFIR, a purpose-built platform designed to meet the evolving demands of digital forensics and incident response (DFIR) teams. Developed in close collaboration with investigative professionals, Detego Case Manager for…

Read more →

Clover announced $36 million in funding to secure the AI-native product wave. The company’s funding round was led by Notable Capital and Team8 with participation from SVCI. Clover Security is also backed by industry heavy weights, including Wiz co-founders Assaf…

Read more →

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Heisenberg: Open-source software supply chain health check tool Heisenberg is an open-source tool that checks the health of a software supply chain.…

Read more →

Customer identity has become one of the most brittle parts of the enterprise security stack. Teams know authentication matters, but organizations keep using methods that frustrate users and increase risk. New research from Descope shows how companies manage customer identity…

Read more →

Cyber attackers often succeed not because they are inventive, but because the systems they target are old. A new report by Cisco shows how unsupported technology inside national infrastructure creates openings that attackers can exploit repeatedly. The findings show how…

Read more →

Fraud operations are expanding faster than payment defenses can adjust. Criminal groups function like coordinated businesses that develop tools, automate tasks, and scale attacks. New data from a Visa report shows how these shifts are reshaping risk across the financial…

Read more →

The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list…

Read more →

Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the…

Read more →

Ostorlab introduced the AI Pentesting Engine for Mobile Applications, bringing automated, AI‑driven penetration testing to mobile security. The new engine helps security teams and developers uncover, validate, and safely exploit vulnerabilities that tools miss or bury in noise, so they…

Read more →

Vectra AI announced Vectra AI Shield for Microsoft, a purpose-built solution that enables channel partners and MSSPs to deliver unified visibility and control across Microsoft Entra ID, Microsoft 365, Copilot for M365, and Azure Cloud in a single AI-powered platform.…

Read more →

In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and strengthen…

Read more →

Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range of…

Read more →

Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users,…

Read more →

Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is noise. But buried beneath the marketing…

Read more →

In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains how boards think about their…

Read more →

Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The findings JSONFormatter and CodeBeautify are free, web-based tools/services used by developers to make messy code…

Read more →

People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength of the encryption that protects each hop. Tor developers are preparing a major upgrade called…

Read more →