Verosint launched Vera, an agentic AI security analyst to transform how organizations detect, investigate, and respond to identity-based threats. Built on top of Verosint’s intelligent ITDR platform, Vera is an always-on, expert identity security analyst that works alongside security teams…
Tag: Help Net Security
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on…
BlueVoyant introduces Continuous Optimization for Microsoft Security
BlueVoyant launched its Continuous Optimization for Microsoft Security (COMS) offering. COMS improves security outcomes, helps customers stay ahead of cyber threats, and minimizes technology costs by drawing on BlueVoyant’s expertise with the Microsoft Security stack. The Microsoft Security suite provides…
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that…
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. Researchers revealed how the group has scaled its operations to steal…
Rethinking AppSec: How DevOps, containers, and serverless are changing the rules
Application security is changing fast. In this Help Net Security interview, Loris Gutic, Global CISO at Bright, talks about what it takes to keep up. Gutic explains how DevOps, containers, and serverless tools are shaping security, and shares views on…
Autorize: Burp Suite extension for automatic authorization enforcement detection
Autorize is an open-source Burp Suite extension that checks if users can access things they shouldn’t. It runs automatic tests to help security testers find authorization problems. Autorize installation To use Autorize, you’ll need Burp Suite and Jython. Here’s how…
1 in 3 workers keep AI use a secret
Employees are feeling heightened concerns around the use of technology to enhance productivity, as well as job dissatisfaction and a lack of motivation at work. In fact, 30% of employees who use GenAI tools at work worry their job may…
Personal data of top executives easily found online
The personal information of 75% of corporate directors can be found on people search sites, according to Incogni. People search sites claim to reveal a variety of personal details, including public records, phone numbers, and even property values. Home addresses…
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
A missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has confirmed by adding it to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2025-3248 Langflow is an…