Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach| Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Keeping the internet afloat: How to protect the global cable network The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry can work together to strengthen this critical infrastructure. Cyber risk ...| Help Net Security
You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens when your team downloads and loads a machine learning model? A recent study shows why you should. Researchers from Politecnico di Milano found that loading a shared model can be just as risky as running untrusted code. In their tests, they uncovered six previously unknown flaws in popular machine learning … More → The post When loading a mo...| Help Net Security
Protegrity Developer Edition enables developers, data scientists, ML engineers, and security teams an easy way to add data protection into GenAI and unstructured data workflows, without the need for enterprise setup. Billed as the first enterprise-grade, governance-focused Python package, it is built to help teams create secure, well-governed data pipelines and AI workflows from the ground up. Protegrity Developer Edition removes common barriers to evaluation and experimentation with a lightw...| Help Net Security
SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity remains expensive, forcing teams to choose between visibility and budget. With AI making the threat landscape more complex and the government issuing mandates requiring companies to report incidents quickly, defenders need tools that help th...| Help Net Security
Americans are dealing with a growing wave of digital scams, and many are losing money in the process. According to the fourth annual Consumer Cyber Readiness Report, nearly half of U.S. adults have been targeted by cyberattacks or scams, and one in ten lost money as a result. Text scams are on the rise The survey found that text and messaging apps have become a growing source of scams. Three in ten people who experienced … More → The post Passkeys rise, but scams still hit hard in 2025 ap...| Help Net Security
Apple’s release of macOS 26 Tahoe introduced a new disk image format and updated an older one, both of which are drawing attention from system testers and forensic examiners. Apple Sparse Image Format (ASIF) The Apple Sparse Image Format (ASIF) is a single-file sparse disk image. Although it can be assigned a large nominal capacity, it only consumes space on the host volume as data is written. ASIF containers can be formatted with the file … More → The post Apple strengthens storage fle...| Help Net Security
Companies are pouring money into AI for IT operations, but most projects are still far from maturity. A global survey of 1,200 business leaders, IT leaders, and technical specialists found that while spending and confidence are rising, only 12% of AI initiatives have been fully deployed. The report, authored by Riverbed, suggests that optimism at the executive level is colliding with challenges in data quality, tool complexity, and everyday IT performance. Most AI projects remain … More →...| Help Net Security
Here’s a look at the most interesting products from the past week, featuring releases from Acronis, Legit Security, NowSecure, Siemens, and Telus. NowSecure Privacy helps organizations protect mobile apps from data leaks NowSecure announced the release of NowSecure Privacy, a privacy solution for mobile applications. With this launch, developers, security teams, and privacy professionals gain the capabilities needed to identify and fix systemic blind spots that compromise mobile application...| Help Net Security
The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitLab and have exfiltrated data from over 28,000 internal repositories connected to the company’s consulting business. What data was allegedly compromised? Red Hat is the U.S.-based open-source enterprise software company known for providing Linux, cloud, container, and automation platforms for enterprises. Its professional services arm ...| Help Net Security
The OpenSSL Project has announced the release of OpenSSL 3.6.0, a feature update that brings functionality improvements, standards compliance.| Help Net Security
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They| Help Net Security
This video breaks down how agentic AI functions, its potential to revolutionize business operations, and the vulnerabilities it introduces.| Help Net Security
AI improves phishing defense by spotting unusual behaviors and subtle threats early, helping security teams respond faster.| Help Net Security
AI systems can sometimes produce outputs that are incorrect or misleading, a phenomenon known as hallucinations. These errors can range from minor| Help Net Security
Cybersecurity Tabletop Exercises offers insights into how organizations have leveraged tabletop exercises to identify security gaps.| Help Net Security
Lee Waskevich discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data.| Help Net Security
LLMs in cybersecurity can boost decision accuracy, but uneven benefits and automation bias mean teams must verify outputs.| Help Net Security
Financial institutions must meet DORA standards by improving ICT risk, incident reporting, resilience, third-party risk, and info sharing.| Help Net Security
The EU's NIS 2 directive is now enforceable, imposing stricter cyber resilience requirements on EU companies.| Help Net Security
The EU’s DORA regulation strengthens financial institutions' cyber resilience to prevent systemic risks and market disruptions.| Help Net Security
A comprehensive microsegmentation project involves analyzing network connections, identifying services, and enforcing hundreds of policies.| Help Net Security
To enhance cybersecurity resilience, organizations must understand both their infrastructure and the threats they face.| Help Net Security
OT/ICS cyber threats escalate as geopolitical conflicts intensify| Help Net Security
Threat modeling should be conducted alongside AI systems. As the system design evolves, the threat model should be updated accordingly.| Help Net Security
AI forces CISOs to expand beyond security, mastering data science, ML basics and AI model evaluation for risk and governance.| Help Net Security
If you’re trying to make sense of how to build AI agents, not just talk about them, AI Agents in Action might be for you—read the review.| Help Net Security
While AI adoption is widespread, its impact on productivity, trust, and team structure varies sharply by role and region.| Help Net Security
Multi-cloud security demands a new approach as organizations face complex attack surfaces, inconsistent policies, and evolving threats.| Help Net Security
Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat| Help Net Security
The complexity of machine identity management is compounded by the lack of a “single pane of glass” solution.| Help Net Security
Many organizations use AI to lighten SOC analysts' workload, but some fear AI might eventually take their jobs.| Help Net Security
The use of Chinese servers for sensitive US data has been flagged by federal agencies as a growing threat to national security.| Help Net Security
In 2024, threat actors exploited 75 zero-days - i.e., unknown vulnerabilities without an available patch - in a wide variety of attacks.| Help Net Security
This article explores the growing ransomware threat in healthcare, highlighting challenges in healthcare data protection, and more.| Help Net Security
Discover why employees may become insider threats and find out how to protect your organization from these risks.| Help Net Security
As global tensions rise, cybersecurity faces increasing growing threats from sophisticated nation-state attacks.| Help Net Security
Despite growing national security concerns, Chinese military-linked companies remain deeply embedded in the US digital supply chain.| Help Net Security
Contec CMS8000, a patient monitor manufactured by a Chinese company exfiltrates patients' data and has a dangerous backdoor.| Help Net Security
Healthcare leaders must prioritize cybersecurity as an essential aspect of their mission to provide safe, high-quality patient care.| Help Net Security
75% of external relationships that enabled third-party breaches involved software or other technology products and services.| Help Net Security
Fraudsters behind €460 million crypto scam arrested in Spain| Help Net Security
Explore how the cURL project keeps billions of devices secure, from vulnerability handling to best practices and updates.| Help Net Security
SentinelOne to acquire Observo AI, enhancing SIEM and security operations| Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected| Help Net Security
Awareness of generative AI and deepfakes among consumers is high, and 52% of consumers believe they could detect a deepfake video.| Help Net Security
Advanced identity fraud is not only about a deepfake. 46% of global organizations experienced synthetic identity fraud in the past year.| Help Net Security
Malicious individuals are using stolen PII and voice and video deepfakes to try to land remote IT, programming, and software-related jobs.| Help Net Security
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
ScamAgent study reveals how AI agents simulate scam calls, bypass safety guardrails, adapt across conversations, exploit text-to-speech.| Help Net Security
Cybersecurity news with a focus on enterprise security. Discover what matters in the world of information security today.| Help Net Security
Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report.| Help Net Security
The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for| Help Net Security
Shadow AI includes AI products and platforms used within your organization without department knowledge, posing risks.| Help Net Security
As the AI threat landscape evolves daily, certain LLM vulnerabilities pose significant risks to enterprise operations.| Help Net Security
Adversaries can intentionally mislead or "poison" AI systems, causing them to malfunction, and developers have yet to find an infallible defense against| Help Net Security
AI security researchers have designed a technique that can speedily jailbreak large language models (LLMs) in an automated fashion.| Help Net Security
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making.| Help Net Security
As businesses adopt AI-enabled interfaces, ransomware actors use them to expand, increase profits, and enhance successful attacks.| Help Net Security
85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023.| Help Net Security
The emergence of new AI technology and large language models have made it easier for cybercriminals to generate phishing campaigns.| Help Net Security
Virtual patching is a security technique that uses rules on WAF to block known vulnerabilities in an app or system without modifying code.| Help Net Security
Security issues in the cloud can be avoided. By employing the necessary systems at the same time as cloud adoption, enterprises can reap the benefits.| Help Net Security
Matter 1.4.2 strengthens the standard by adding improvements in security, certification, infrastructure.| Help Net Security
Why privacy in blockchain must start with open source| Help Net Security
Researchers have witnessed an increase in ransomware attacks occurring when criminals know IT staff won’t be around, mostly night time.| Help Net Security
Companies must expand their “assume breach” mindset to prepare for multiple and even simultaneous attacks.| Help Net Security
Major regional and global events – such as military exercises, political or economic summits, and elections – drove cyber threat activities.| Help Net Security
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts| Help Net Security
Security awareness goes by other names: security culture, training, education, etc. But they are all involve managing human risk.| Help Net Security
Organizations should consider three-factor authentication (3FA), but the new device can't be used to authenticate from a foreign device.| Help Net Security
In this video for Help Net Security, Dan Lohrmann talks about MFA and how everyone should consider it to protect their identity and accounts.| Help Net Security
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using MFA.| Help Net Security
Selfie spoofing entails taking a picture of an image from a screen, from a piece of paper or even of a headshot on an identity document.| Help Net Security
Learn more about AI data regulations, their implications for public and private sectors, and their role in shaping future privacy practices.| Help Net Security
Companies are struggling to get visibility into the operations of their AI programs, potentially reducing productivity while creating risks.| Help Net Security
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense.| Help Net Security
There has been a 44% increase in organized ID fraud in North America. This upsurge is believed to be driven by the ongoing economic recovery.| Help Net Security
AI advancements give malicious groups access to tools that will allow them to create more elaborate social engineering attacks in the future.| Help Net Security
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released.| Help Net Security
Organizations face increased vulnerability to cyber-attacks due to a longer timeframe for addressing low employee cybersecurity awareness.| Help Net Security
AI, post-quantum cryptography, zero trust, and ongoing cryptography research will shape cybersecurity strategies in the present and for 2024.| Help Net Security
The 2023 Verizon DBIR has confirmed FBI's findings: BEC scammers are ramping up their social engineering efforts to great success.| Help Net Security
Infostealer malware remains widely available to buy through underground forums, while Russian Market remains the top seller.| Help Net Security
Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site| Help Net Security
Most organizations reported that they have cybersecurity workforce shortages to prevent and troubleshoot security issues.| Help Net Security
SOC teams identified three clear challenges they face each day: too much data; too many tedious tasks; and, too many reporting requirements.| Help Net Security
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get BEC attacks in front of employees.| Help Net Security
Incognia raises $31 million to help organizations combat fraud| Help Net Security
Phishing attacks using open redirect flaws have increased again, orgs should consider refreshing employees' knowledge on how to spot them.| Help Net Security
A phishing campaign using QR codes has been detected targeting various industries to acquire Microsoft credentials.| Help Net Security
QR scan scams trick users into scanning QR codes from their PCs using their mobile devices to take advantage of weaker phishing protection.| Help Net Security
Ivanti research finds 83% of respondents used QR codes to process payments in the last year, but many are unaware of the risks.| Help Net Security
Ukraine’s top security official to keynote IRISSCON 2023 conference| Help Net Security
CEOs cite generative AI adoption as being critical to success. 40% of CEOs plan to hire additional staff because of generative AI.| Help Net Security
The rise of AI complicates the CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity.| Help Net Security
GenAI provides organizations with new opportunities to streamline processes, boost productivity, and reduce staff burnout.| Help Net Security
Disruptive technologies like AI are heightening the longstanding tension between organizational security and employee productivity.| Help Net Security