Tag: Help Net Security

Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a request is served. Maintained by TecharoHQ, the project targets a growing problem for site operators who want to keep…

Read more →

In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often…

Read more →

Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How researchers are teaching AI agents to ask for permission the right way People are starting to hand more decisions to AI agents, from booking…

Read more →

Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead…

Read more →

In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters, how to…

Read more →

NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features are designed specifically for…

Read more →

Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered threats…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST built on deep code analysis to eliminate false positives Apiiro introduced Apiiro…

Read more →

When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion in…

Read more →

Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to…

Read more →

Apiiro introduced Apiiro AI SAST, a new approach to static application security testing (SAST) that automates code risk detection, validation and fixes with the precision and cognitive process of an expert application security engineer. Grounded in Apiiro’s patented Deep Code…

Read more →

Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when…

Read more →

AppGate announced the launch of Agentic AI Core Protection, a new capability within AppGate ZTNA designed to secure AI workloads deployed in enterprise core environments across on-prem and cloud venues. This innovation enables organizations to embrace AI-driven transformation while maintaining…

Read more →

Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven threats.…

Read more →

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with…

Read more →

Concentric AI announced expanded Private Scan Manager functionality in its Semantic Intelligence data security governance platform. Customers now have the ability to deploy Semantic Intelligence within their own private Microsoft Azure cloud. This follows an announcement earlier this year where…

Read more →

Push Security announced the release of a new feature designed to tackle one of the fastest-growing cyber threats: ClickFix-style attacks. The company’s latest innovation, malicious copy-and-paste detection, blocks users from copying malicious scripts in their web browser, preventing them from…

Read more →

In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He notes that many…

Read more →

Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for turning these hidden…

Read more →