Tag: Help Net Security

Finding and exploiting SQL injection vulnerabilities is one of the oldest and most common steps in web application testing. sqlmap streamlines this process. It is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws…

Read more →

In this Help Net Security video, Josh Harguess, CTO of Fire Mountain Labs, explains how to evaluate, deploy, and govern AI-driven security tools. He talks about the growing role of AI in security operations and the new kinds of risks…

Read more →

AI has become part of everyday software development, shaping how code is written and how fast products reach users. A new report from Cycode, The 2026 State of Product Security for the AI Era, explores how deeply AI now runs…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Securing real-time payments without slowing them down In this Help Net Security interview, Arun Singh, CISO at Tyro, discusses what it takes to secure real-time…

Read more →

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial…

Read more →

Postman announced several updates bringing key enterprise features to its platform, so customers can build AI-ready APIs that meet the most critical enterprise specifications. As software increasingly shifts from applications to AI agents, the enterprise challenge has become clear: these…

Read more →

October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116 CVEs…

Read more →

Tufin announced Tufin Orchestration Suite (TOS) R25-2. The R25-2 release delivers expanded visibility, automation, and stronger security controls, enabling organizations to strengthen their security posture while simplifying operations across their hybrid environments. Security and network teams are forced to manage…

Read more →

In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations and why early collaboration between IT and security…

Read more →

Businesses are increasingly being pulled into lawsuits over how they collect and share user data online. What was once the domain of large tech firms is now a widespread legal risk for companies of all sizes. The latest analysis from…

Read more →

When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely…

Read more →

Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor. Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools Security Data Lake empowers both in-house security teams…

Read more →

Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of…

Read more →

Ping Identity announced “Identity for AI,” a new solution designed to secure the world of AI agents. As organizations embrace agentic AI to boost productivity and commerce, Ping Identity is redefining how enterprises enable this new class of autonomous digital…

Read more →

Team Cymru announced RADAR, a new real-time discovery module designed to give threat analysts visibility into all internet-facing infrastructure, whether known or unknown, without waiting on asset inventories, third-party scans, or compliance-oriented tools. “Our RADAR solution is about giving defenders…

Read more →

Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The incident] was isolated to the…

Read more →

Prowler launched Prowler Lighthouse AI, an intelligent security assistant and MCP Server, that brings autonomous AI directly into DevSecOps workflows. Available immediately, Prowler’s AI innovations combine agentic reasoning with automation to accelerate risk analysis, streamline compliance and guide teams through…

Read more →

State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,…

Read more →

1touch.io unveils Kontxtual, an AI-driven data platform engineered for the AI era. Built to accelerate enterprise innovation without compromising control, Kontxtual harnesses the power of AI and LLMs to deliver real-time data, identity, usage, and risk insights, assuring sovereignty and…

Read more →