Tag: Help Net Security

Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links…

Read more →

Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to analyze source code early in the software delivery lifecycle, SAST solutions offered a more…

Read more →

CyCognito announced new capabilities designed to improve both security operations automation and risk visibility. These new features speed security operations by making assets easier to identify and attribute to owners, as well as compare attack surface risk to peer organizations.…

Read more →

The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, the promise of security automation is coming to fruition. In theory and practice, security…

Read more →

Whistic announced the next generation of its Assessment Copilot, a third-party risk management (TPRM) solution that integrates AI into the vendor assessment process for a fully automated workflow. With this release, Whistic builds upon the initial release of Assessment Copilot…

Read more →

While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned…

Read more →

Google announced it has signed a definitive agreement to acquire Wiz for $32 billion, subject to closing adjustments, in an all-cash transaction. Once closed, Wiz will join Google Cloud. This acquisition represents an investment by Google Cloud to accelerate two…

Read more →

Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month. “To conduct this scheme, cyber criminals across the globe are using any type…

Read more →

CISO Global launched of CISO Edge, its next-generation AI-driven cloud security solution, now available to existing customers and channel partners. Built to meet the growing demand for enterprise-grade cybersecurity, CISO Edge delivers comprehensive cloud-first, hybrid, and remote security—ensuring organizations can…

Read more →

In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on balancing compliance with agility, lessons from regulatory audits, and Discover’s approach to risk management and workforce…

Read more →

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According to ReversingLabs data,…

Read more →

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into…

Read more →

Encrypting files keeps sensitive data like personal details, finances, and passwords safe from attackers by making them unreadable to unauthorized users. Encryption also safeguards data in case of device loss or theft, preventing malicious actors from accessing or misusing the…

Read more →

Cloudflare announced that it is expanding end-to-end support for post-quantum cryptography to its Zero Trust Network Access solution. Available immediately, organizations can securely route communications from web browsers to corporate web applications to gain immediate, end-to-end quantum-safe connectivity. By mid-2025,…

Read more →

Bedrock Security is declaring an end to data security without data visibility with the launch of its metadata lake technology — a centralized repository powering the patented Bedrock Platform. It provides continuous visibility across enterprise metadata by automatically cataloging all…

Read more →

A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken…

Read more →

Ransomware negotiations are a high-stakes game where every decision matters. In this Help Net Security video, Kurtis Minder, CEO at GroupSense, takes us inside the world of ransomware negotiations. We learn how attackers communicate, the tough decisions victims face, and…

Read more →

Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including…

Read more →

IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol. “Originally designed for CSIRTs and later adopted by SOCs,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can keep data secure from a…

Read more →