Tag: Help Net Security

The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says. They…

Read more →

Legit Security launched a new Legit AppSec risk prevention dashboard. The new dashboard helps reduce the time, costs, and effort of fixing vulnerabilities by preventing issues in the first place. Legit’s prevention dashboard allows companies to go beyond “shift left”…

Read more →

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant…

Read more →

runZero releases new product capabilities, welcomes executive leadership with deep industry expertise, and gains channel momentum. runZero’s expanded platform offers a new approach to effectively manage the risk lifecycle, enabling security teams to find, prioritize, and remediate broad classes of…

Read more →

GetReal Security launched unified platform to help enterprises, government agencies and media organizations manage risk and mitigate threats from the growing presence of AI-fueled attacks. The platform brings together GetReal’s products and service offerings into a unified digital experience for…

Read more →

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber…

Read more →

In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security stacks. Buckley shares insights on how deep observability…

Read more →

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to…

Read more →

ETSI launched post-quantum security standard to guarantee the protection of critical data and communications in the future. The specification “Efficient Quantum-Safe Hybrid Key Exchanges with Hidden Access Policies” (ETSI TS 104 015) has been developed to enhance security mechanisms, ensuring…

Read more →

ESET researchers have published an in-depth analysis highlighting significant shifts within the ransomware landscape, spotlighting the rise of RansomHub. This relatively new ransomware-as-a-service operation has quickly come to dominate the scene. “The fight against ransomware reached two milestones in 2024:…

Read more →

Oscilar launched AI Agent platform, reshaping how organizations manage online risk. Built around a network of specialized AI agents, Oscilar’s platform addresses key challenges in fraud prevention, compliance, credit underwriting, and customer verification. Unlike traditional static AI models that require…

Read more →

ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s system: malicious tools…

Read more →

DeNexus announced an innovative enhancement to its cyber risk management flagship solution DeRISK. The new DeRISK Quantified Vulnerability Management leverages advanced AI techniques to automatically and continuously mapping common vulnerabilities and exposures, or CVEs, to potential financial impacts, providing insights…

Read more →

Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list of…

Read more →

Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS. Understand the biggest challenges facing security teams today, and how they can stay ahead of the curve…

Read more →

Concentric AI announced new, context-driven behavior analytics capabilities in its Semantic Intelligence data security governance platform, enabling organizations to identify abnormal activity at the user level. The company has also added new integrations with Google Cloud Storage, Azure Data Lake,…

Read more →

Blumira launched Microsoft 365 (M365) threat response feature to help organizations contain security threats faster by enabling direct user lockout and session revocation within M365, Azure and Entra environments. The new threat response feature integrates seamlessly with M365 environments through…

Read more →

Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited…

Read more →

Chainguard announced Chainguard VMs, a new product line offering minimal, zero-CVE virtual machine images built entirely from source. Purpose-built for modern, ephemeral workloads in the cloud, Chainguard VMs represent a stark contrast to the legacy, general-purpose VMs that dominate the…

Read more →

Sumsub is launching its Reusable Digital Identity product suite. It will mitigate repetitive verification and redundant Know Your Customer (KYC) checks that negatively impact user experience and conversion rates for businesses. The new offerings are set to reduce applicant onboarding…

Read more →