Category: Help Net Security

Zenni Optical introduces Zenni ID Guard, a privacy-focused lens technology that reflects near-infrared light to help disrupt unwanted tracking. It’s a shield for your face, built right into your everyday glasses, all at an accessible price. The growing use of…

Read more →

Barracuda Networks launched Barracuda Entra ID Backup Premium – a comprehensive, cost-effective solution to safeguard Microsoft Entra ID environments from accidental and malicious data loss. With fast, reliable recovery of vital identity data, the new offering strengthens cyber resilience and…

Read more →

IPinfo launched Residential Proxy Detection API, extending its privacy detection capabilities to help security and fraud prevention teams identify one of the most evasive forms of anonymized IP traffic. Residential Proxy Detection is also available via downloadable database and Snowflake…

Read more →

Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind…

Read more →

Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping…

Read more →

In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents. She explains how organizations should approach…

Read more →

AI is changing how we detect, prevent, and respond to cyber threats. From traditional networks to emerging spaces, it is shaping security operations, identity management, and threat response. This collection of AI books offers diverse perspectives, including practical implementations, strategic…

Read more →

With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway instances have been probed and compromised by attackers. Citrix’s current…

Read more →

IBM unveiled Power11 today, a new generation of Power servers built to improve performance across processing, hardware, and virtualization. It’s designed to run reliably both on-site and in IBM’s hybrid cloud. Enterprises in banking, healthcare, retail and government depend on…

Read more →

Tosibox launched TosiANTA (Tosibox Advanced Network Traffic Analytics), a solution that redefines comprehensive OT network control for industrial organizations. Redefining control in an era of escalating threats Industrial organizations today face a cybersecurity crisis that demands a complete redefinition of…

Read more →

ParrotOS, known for its emphasis on security, privacy, and development, is widely used by cybersecurity professionals and enthusiasts alike. Version 6.4 delivers a host of updates and community-driven enhancements. The update is expected to be the final release in the…

Read more →

In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment and prioritization. He also…

Read more →

Sports fans and cybercriminals both look forward to major sporting events, but for very different reasons. Fake ticket sites, stolen login details, and DDoS attacks are common ways criminals try to make money or disrupt an event. Why are sports…

Read more →

Most organizations are exposing sensitive data through APIs without security controls in place, and they may not even realize it, according to Raidiam. Their report, API Security at a Turning Point, draws on a detailed assessment of 68 organizations across…

Read more →

In this Help Net Security video, Art Poghosyan, CEO at Britive, explores the rise of agentic AI and its impact on identity security. As autonomous AI agents begin to think, act, and interact more like humans, traditional identity and access…

Read more →

Analyst III-Threat Intel Verizon Data Services | India | Hybrid – View job details As an Analyst III-Threat Intel, you will deploy security tools, analyze logs and endpoints, and assess threats across Verizon’s enterprise and cloud environments. You’ll also help…

Read more →

There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple of weeks. The news and message boards…

Read more →

In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He…

Read more →

Attack Surface Management (ASM) has become one of those buzzwords that gets used a lot but rarely explained in detail. The authors of this book offer a practical guide that aims to change that. About the authors Ron Eddings is…

Read more →

Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to back up your data. It supports both HOTP and TOTP, so it…

Read more →

Researchers from the University of Pretoria presented a new technique for detecting tampering in PDF documents by analyzing the file’s page objects. The technique employs a prototype that can detect changes to a PDF document, such as changes made to…

Read more →

While most enterprises have integrated cloud resources into their operations, many need to improve their ability to secure these environments and the data they contain, according to Thales. Cloud security challenges go beyond technology The variability of controls across cloud…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now,…

Read more →

NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are…

Read more →

In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains how attackers now use AI-powered, multi-channel phishing tactics to target fresh employees who…

Read more →

75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security. This article has been indexed from…

Read more →

While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social engineering tactics continue to succeed at…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from DigitalOcean, Scamnetic, StealthCores, and Tracer AI. Scamnetic KnowScam 2.0 helps consumers detect every type of scam KnowScam 2.0 now comes with major upgrades, including an…

Read more →

To ensure resilience across the internet stack, organizations need to protect and manage four key areas: reachability, availability, reliability, and performance, according to Catchpoint. The negative economic impact of incidents 51% report monthly losses of over $1 million due to…

Read more →

Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic…

Read more →

Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew out information that may benefit them, such…

Read more →

Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and Cisco…

Read more →

StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet network security. Building on the proven security foundation of StealthAES, StealthMACsec delivers line-rate processing up to 10 Gbps on FPGA and even faster…

Read more →

GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a command-line…

Read more →

Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel services. This puts pressure on the hospitality sector to keep that information safe and private. Cybersecurity challenges in the…

Read more →

In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang…

Read more →

80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up all over the workplace, often without anyone noticing. If you’re…

Read more →

As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globally, 63% of companies are in the “Exposed Zone,” indicating they lack both a cohesive cybersecurity strategy…

Read more →

44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detection capabilities, according to Forescout. How confident are you in your OT/IoT threat detection coverage?…

Read more →

Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said…

Read more →

Scamnetic releaseed KnowScam 2.0, its flagship product for scam protection and digital identity verification. KnowScam 2.0 builds on everything users already trust — now with major upgrades, including an enhanced three-point scoring system, the new Auto Scan feature for Microsoft…

Read more →

Exabeam announced a major expansion of its integrated multi-agent AI system Exabeam Nova that now equips security leaders with a real-time strategic planning engine and boardroom communication tool. The Exabeam Nova Advisor Agent is the AI capability designed to turn…

Read more →

Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s easy to get distracted. But at the end of the day, the goal stays the…

Read more →

In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to tighter regulations and global growth. He discusses the impact of frameworks…

Read more →

The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging from 4GB to 512GB and holds FIPS 140-2 Level 3 validation. The device is OS-agnostic,…

Read more →

Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services, SSH endpoints, or other TCP-based systems. Secretless Broker features “We created Secretless Broker to solve…

Read more →

Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews, scammers are creating fake listings so convincing, people are losing money before they even pack a…

Read more →

By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique…

Read more →

Cloudflare is now the first major internet infrastructure company to block AI crawlers by default when they try to access website content without permission or payment. Starting today, website owners can choose whether to allow AI crawlers and set rules…

Read more →

If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in…

Read more →

Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said.…

Read more →

Human trafficking tied to online scam centers is spreading across the globe, according to a new crime trend update from INTERPOL. Human trafficking victims by country of origin (Source: INTERPOL) By March 2025, people from 66 countries had been trafficked…

Read more →

In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven strategy. She explains how the Fed assesses potential disruptions to financial stability and addresses third-party and…

Read more →

Tracer AI launched Tracer Protect for ChatGPT, a solution that protects brands from the reputational harm being propagated at machine scale via AI chatbots by bad actors. The rising popularity of generative AI (genAI) engines is driving the urgent and…

Read more →

In a recent case tracked by Flashpoint, a finance worker at a global firm joined a video call that seemed normal. By the end of it, $25 million was gone. Everyone on the call except the employee was a deepfake.…

Read more →

Nearly three out of four European IT and cybersecurity professionals say staff are already using generative AI at work, up ten points in a year, but just under a third of organizations have put formal policies in place, according to…

Read more →

Application Security Engineer Fireblocks | Israel | Hybrid – View job details As an Application Security Engineer, you will improve and secure the company’s continuous integration and deployment pipelines through CI/CD security hardening. You will operate, fine-tune, and customize security…

Read more →

This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted this analysis as foundational research during…

Read more →

Spanish authorities arrested five members of a criminal network responsible for laundering €460 million stolen through global cryptocurrency investment fraud schemes. Source: Europol The operation, led by the Guardia Civil with support from Europol and law enforcement in Estonia, France,…

Read more →

While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month.…

Read more →

Cato Networks has raised $359 million in a late-stage funding round, bringing its total valuation to $4.8 billion. The company, which provides a secure networking platform built entirely in the cloud, says the money will support its product development, AI…

Read more →

Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware written…

Read more →

In this Help Net Security interview, Chris McGranahan, Director of Security Architecture & Engineering at Backblaze, discusses how AI is shaping both offensive and defensive cybersecurity tactics. He talks about how AI is changing the threat landscape, the complications it…

Read more →

Gartner projects that by 2028, organizations enriching their Security Operations Center (SOC) data with exposure insights will reduce the frequency and impact of cyberattacks by 50%. This bold forecast underscores a crucial shift: proactive exposure management is quickly becoming foundational…

Read more →

Europe is banking on AI to help solve its economic problems. Productivity is stalling, and tech adoption is slow. Global competitors, especially the U.S., are pulling ahead. A new report from Accenture says AI could help reverse that trend, but…

Read more →

In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and invisible to identity governance systems. With a special focus on the healthcare sector, Shrestha outlines…

Read more →

Supply chain risks remain top-of-mind for the vast majority of CISOs and cybersecurity leaders, according to SecurityScorecard. Their findings reveal that the way most organizations manage supply chain cyber risk isn’t keeping pace with expanding threats. The expanding web of…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices…

Read more →

In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping…

Read more →

Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore…

Read more →

Attackers are more inclined to “log in rather than break in,” using stolen credentials, legitimate tools, and native access to stealthily blend into their target’s environment, according to Bitdefender’s 2025 Cybersecurity Assessment Report. Attack surface reduction is a top priority…

Read more →

Even though GenAI threats are a top concern for both security teams and leadership, the current level of testing and remediation for LLM and AI-powered applications isn’t keeping up with the risks, according to Cobalt. GenAl as a threat or…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta,…

Read more →

Verax AI announced Verax Protect, a solution suitable even for companies in highly regulated industries, aiming to help large enterprises uncover and mitigate GenAI risks, including unintended leaks of sensitive data. As companies race to embrace the productivity potential of…

Read more →

ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends…

Read more →

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named Gemini CLI,…

Read more →

Bitdefender announced Bitdefender GravityZone External Attack Surface Management (EASM), a new solution that gives businesses, managed service providers (MSPs) and their customers comprehensive visibility into their internet-facing assets and associated vulnerabilities. GravityZone EASM dramatically reduces threat exposure and strengthens security…

Read more →

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr.…

Read more →

Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment…

Read more →

Creative Commons introduced CC Signals, a new framework that helps data and content owners communicate how they want their work used by AI systems. The idea is to build a shared understanding of what’s acceptable, and to encourage more fair…

Read more →

Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way…

Read more →

People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by combining stolen…

Read more →

60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A survey…

Read more →

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details and…

Read more →

Tines announced autonomous AI capabilities within its workflow automation platform via the launch of agents. Agents mark a significant evolution in Tines’ platform, enabling customers to automate workflows with maximum control and flexibility, whether with deterministic logic, human-in-the-loop copilots, or…

Read more →

Stellar Cyber announced its next-generation MITRE ATT&CK Aligned Coverage Analyzer, expanding the capabilities first introduced in the original Coverage Analyzer. This new version transforms visibility into strategy, providing security teams, CISOs, MSSPs, compliance officers, and insurance underwriters with precision in…

Read more →

Mitiga launched Helios AI, an AI powered SOC assistant that supercharges SecOps teams with automated triage, augmented investigation, and accelerated threat remediation across complex multi-cloud environments. The first Helios AI feature available to customers is AI Insights. This automated SOC…

Read more →

Fortanix announced PQC Central, a new feature in the Fortanix Key Insight that reframes how enterprises approach the post-quantum cryptography (PQC) challenge. As quantum computing advances, enterprises face security challenges that threaten current cryptographic standards and demand proactive adaptation—organizations must…

Read more →

OpenRouter, a startup helping software developers manage the growing number of AI models, has raised $40 million in venture capital. The company wants to make it easier for developers to choose and use the right AI model for their applications,…

Read more →

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal is to…

Read more →

Mastercard and Chainlink are teaming up to power Swapper Finance, a new way to buy crypto directly from decentralized exchanges (DEXs) using any Mastercard. Holders of Mastercard’s 3.5 billion cards around the world will now be able to directly purchase…

Read more →

XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat Friedman. This brings XBOW’s total funding to…

Read more →

BackBox announced the upcoming release of BackBox 8.0, a significant advancement engineered to address the complex and often disparate challenge of securing modern networks that blend traditional on-premise hardware with burgeoning cloud-managed and SASE (Secure Access Service Edge) environments. This…

Read more →

In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data…

Read more →

Abstract Security announced LakeVilla, a cloud-native cold storage solution built for long-term security telemetry retention that delivers compliance-ready, highly accessible storage at a fraction of SIEM costs—without compromising on performance or accessibility. “Security telemetry is exploding—but that doesn’t mean you…

Read more →

Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, and logistics. Photo by Chalmers University of Technology Now, researchers at Chalmers…

Read more →

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction,…

Read more →

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into…

Read more →

Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control…

Read more →

Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand Ransom payments and recovery costs are on the decline Despite the…

Read more →