Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares views on…
Category: Help Net Security
Autorize: Burp Suite extension for automatic authorization enforcement detection
Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s how…
1 in 3 workers keep AI use a secret
Employees are feeling heightened concerns around the use of technology to enhance productivity, as well as job dissatisfaction and a lack of motivation at work. In fact, 30% of employees who use GenAI tools at work worry their job may…
Personal data of top executives easily found online
The personal information of 75% of corporate directors can be found on people search sites, according to Incogni. People search sites claim to reveal a variety of personal details, including public records, phone numbers, and even property values. Home addresses…
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 Langflow is an…
Immersive delivers a team-based approach to application security training
Immersive launched AppSec Range Exercises, expanding its AppSec solution beyond hands-on labs to help cyber leaders and practitioners prove and improve their capabilities as part of a holistic cyber readiness program. The new product offers range exercises for Engineering, AppSec…
Webinar: Securely migrating to the cloud
Whether your organization is already in the cloud or just starting to plan your migration, security is a top priority. This webinar will help you to better understand your options for cloud migration as well as learn how to prioritize…
Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
An easily and remotely exploitable vulnerability (CVE-2024-7399) affecting Samsung MagicINFO, a platform for managing content on Samsung commercial displays, is being leveraged by attackers. Exploit attempts have been flagged by the SANS Internet Storm Center and Arctic Wolf researchers: the…
What a future without CVEs means for cyber defense
The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By providing a standardized method for…
RSA helps organizations secure passwordless environments
RSA announced cybersecurity innovations that defend organizations against the next wave of AI powered identity attacks, including IT Help Desk bypasses, malware, social engineering, and other threats. These advancements are especially critical for organizations implementing passwordless strategies. Among the highlights…