CISO accountability: Navigating a landscape of responsibility - Help Net Security
Expanding accountability requires CISOs to address vulnerabilities, shape strategies, and manage legal exposure.| Help Net Security
Expanding accountability requires CISOs to address vulnerabilities, shape strategies, and manage legal exposure.| Help Net Security
While authorities do not recommend making a ransomware payment, some companies are forced to make that choice.| Help Net Security
In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches - 25% longer than expected.| Help Net Security
Cybersecurity failures are quietly draining business budgets, costing companies billions annually, according to Panaseer research.| Help Net Security
Governments and international organizations combat AI fraud through regulation, policy-making, enforcement, and international cooperation.| Help Net Security
In addition to the substantial increase in the frequency, 56% of SMBs have already faced at least one cyberattack this year.| Help Net Security
Phishing remains one of the most significant cyber threats impacting organizations worldwide, according to SlashNext.| Help Net Security
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month to go after Microsoft 365 login credentials.| Help Net Security
CISOs prioritize visibility into employee AI use, policy enforcement, and safeguarding data, intellectual property, and confidential info.| Help Net Security
Binarly helps organizations prepare for mandatory transition to PQC standards| Help Net Security
DataDome secures MCP infrastructure for trusted agentic AI| Help Net Security
In industrial environments, AI agents enhance human oversight, operating securely via orchestration in complex, automated environments.| Help Net Security
Keycard emerged from stealth with its identity and access platform for AI agents that integrates with organizations’ existing user identity solutions. Keycard’s platform identifies AI agents, lets users assign task-based permissions and dynamically enforces policy while tracking all activity. With Keycard, organizations can deploy AI agents into production with complete trust, knowing they are only capable of performing the intended actions of their users and builders. “AI agents repres...| Help Net Security
The rapid technological advances of recent decades have transformed nearly every aspect of our lives. One major shift is that many of us now maintain extensive digital footprints, spanning countless online accounts, from email and social media to banking, investments, cloud storage, utility payments, and more. In life, we work hard to protect these accounts from others, particularly cybercriminals. Yet when death or incapacity strikes, ensuring that our loved ones have legal access to them ...| Help Net Security
OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers model and enforce fine-grained access control in their applications. At its core, OpenFGA enables teams to define who can do what within their systems. Whether you’re building a startup app or managing an enterprise platform, it delivers authorization checks in milliseconds. That level of speed allows it to scale as ...| Help Net Security
Blind and low-vision users face the same password challenges as everyone else, but the tools meant to make security easier often end up getting in the way. A study from the CISPA Helmholtz Center for Information Security and DePaul University found that poor accessibility in password managers can lead people to risky habits such as reusing passwords. Researchers spoke with blind and low-vision participants who manage passwords for both personal and work accounts. Everyone in … More → The ...| Help Net Security
In this Help Net Security video, Dustin Kirkland, SVP of Engineering at Chainguard, explores three of the most pressing DevOps security issues engineers encounter: unpatched code, legacy systems, and the rise of AI and automation. He explains how each one affects security and productivity, shares practical strategies for managing risk, and emphasizes the importance of visibility, accountability, and thoughtful modernization. Kirkland highlights how combining human judgment with automation can...| Help Net Security
51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern is that most organizations are not ready to manage AI-related risks. Few feel confident in their ability to handle generative AI securely, while most admit they still have work to do to prepare for the challenges … More → The post Companies want the benefits o...| Help Net Security
Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat data Google has launched agentic threat intelligence, a preview feature available to customers of its Threat Intelligence Enterprise and Enterprise+ products. The company describes it as an “agentic platform” that acts like a digital teammate for … More ...| Help Net Security
Illumio has released Insights Agent, a new capability within Illumio Insights, the company’s AI-driven cloud detection and response (CDR) solution. Agent is an AI-powered, persona-driven guide designed to reduce alert fatigue, accelerate threat detection, and enable containment by delivering real-time, tailored alerts and instant one-click remediation recommendations. This extension of Insights helps security teams stay focused and move quickly to contain threats before they escalate. “Se...| Help Net Security
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog, presumably based on credible reports. About CVE-2025-33073 CVE-2025-33073 allows for privilege escalation, enabling attackers to gain SYSTEM (highest) privileges on a vulnerable Windows or Windows Server system. “T...| Help Net Security
DataDome offers insights into agentic AI traffic and safeguards MCP servers from targeted threats that disrupt resources.| Help Net Security
The SaaS Security Capability Framework (SSCF) is a standard set of security controls that SaaS vendors should build into their products.| Help Net Security
Though GenAI offers financial firms remarkable cybersecurity utility, cyberthreats relating to GenAI are a consistent concern.| Help Net Security
Integrating LLMs into knowledge management systems optimizes benefits, enabling secure and seamless utilization of enterprise data.| Help Net Security
Beyond concerns around trust and accuracy, a resounding 81% of respondents believed ChatGPT could be a possible safety or security risk.| Help Net Security
SMS Stealer malware targeting Android users: Over 105,000 samples identified| Help Net Security
IT professionals are 1.4 times more likely to disengage and "quiet quit" their jobs in the next 6 months compared to other knowledge workers.| Help Net Security
IBM released its annual Cost of a Data Breach Report, showing the global average cost of a data breach reached $4.45 million in 2023.| Help Net Security
Remote shadow IT is a concern for organizations because it expands their attack surface with unknown apps and uncontrolled access.| Help Net Security
This video talks about social engineering (also known as human hacking), how can it be performed, and how can you fight against it.| Help Net Security
LastPass is notifying customers about a security incident related to the August 2022 breach, in which their corporate vault was ransacked.| Help Net Security
Week in review: Many Cisco ASA firewalls still unsecure, hackers claim Red Hat’s GitLab breach| Help Net Security
The OpenSSL Project has announced the release of OpenSSL 3.6.0, a feature update that brings functionality improvements, standards compliance.| Help Net Security
When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They| Help Net Security
AI improves phishing defense by spotting unusual behaviors and subtle threats early, helping security teams respond faster.| Help Net Security
AI systems can sometimes produce outputs that are incorrect or misleading, a phenomenon known as hallucinations. These errors can range from minor| Help Net Security
Cybersecurity Tabletop Exercises offers insights into how organizations have leveraged tabletop exercises to identify security gaps.| Help Net Security
LLMs in cybersecurity can boost decision accuracy, but uneven benefits and automation bias mean teams must verify outputs.| Help Net Security
Financial institutions must meet DORA standards by improving ICT risk, incident reporting, resilience, third-party risk, and info sharing.| Help Net Security
A comprehensive microsegmentation project involves analyzing network connections, identifying services, and enforcing hundreds of policies.| Help Net Security
To enhance cybersecurity resilience, organizations must understand both their infrastructure and the threats they face.| Help Net Security
OT/ICS cyber threats escalate as geopolitical conflicts intensify| Help Net Security
Threat modeling should be conducted alongside AI systems. As the system design evolves, the threat model should be updated accordingly.| Help Net Security
AI forces CISOs to expand beyond security, mastering data science, ML basics and AI model evaluation for risk and governance.| Help Net Security
If you’re trying to make sense of how to build AI agents, not just talk about them, AI Agents in Action might be for you—read the review.| Help Net Security
While AI adoption is widespread, its impact on productivity, trust, and team structure varies sharply by role and region.| Help Net Security
Multi-cloud security demands a new approach as organizations face complex attack surfaces, inconsistent policies, and evolving threats.| Help Net Security
Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat| Help Net Security
The complexity of machine identity management is compounded by the lack of a “single pane of glass” solution.| Help Net Security
Many organizations use AI to lighten SOC analysts' workload, but some fear AI might eventually take their jobs.| Help Net Security
The use of Chinese servers for sensitive US data has been flagged by federal agencies as a growing threat to national security.| Help Net Security
In 2024, threat actors exploited 75 zero-days - i.e., unknown vulnerabilities without an available patch - in a wide variety of attacks.| Help Net Security
This article explores the growing ransomware threat in healthcare, highlighting challenges in healthcare data protection, and more.| Help Net Security
Discover why employees may become insider threats and find out how to protect your organization from these risks.| Help Net Security
As global tensions rise, cybersecurity faces increasing growing threats from sophisticated nation-state attacks.| Help Net Security
Despite growing national security concerns, Chinese military-linked companies remain deeply embedded in the US digital supply chain.| Help Net Security
Contec CMS8000, a patient monitor manufactured by a Chinese company exfiltrates patients' data and has a dangerous backdoor.| Help Net Security
Healthcare leaders must prioritize cybersecurity as an essential aspect of their mission to provide safe, high-quality patient care.| Help Net Security
75% of external relationships that enabled third-party breaches involved software or other technology products and services.| Help Net Security
Fraudsters behind €460 million crypto scam arrested in Spain| Help Net Security
Explore how the cURL project keeps billions of devices secure, from vulnerability handling to best practices and updates.| Help Net Security
SentinelOne to acquire Observo AI, enhancing SIEM and security operations| Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected| Help Net Security
Awareness of generative AI and deepfakes among consumers is high, and 52% of consumers believe they could detect a deepfake video.| Help Net Security
Advanced identity fraud is not only about a deepfake. 46% of global organizations experienced synthetic identity fraud in the past year.| Help Net Security
Malicious individuals are using stolen PII and voice and video deepfakes to try to land remote IT, programming, and software-related jobs.| Help Net Security
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
ScamAgent study reveals how AI agents simulate scam calls, bypass safety guardrails, adapt across conversations, exploit text-to-speech.| Help Net Security
Cybersecurity news with a focus on enterprise security. Discover what matters in the world of information security today.| Help Net Security
Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report.| Help Net Security
The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for| Help Net Security
Shadow AI includes AI products and platforms used within your organization without department knowledge, posing risks.| Help Net Security
As the AI threat landscape evolves daily, certain LLM vulnerabilities pose significant risks to enterprise operations.| Help Net Security
Adversaries can intentionally mislead or "poison" AI systems, causing them to malfunction, and developers have yet to find an infallible defense against| Help Net Security
AI security researchers have designed a technique that can speedily jailbreak large language models (LLMs) in an automated fashion.| Help Net Security
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making.| Help Net Security
As businesses adopt AI-enabled interfaces, ransomware actors use them to expand, increase profits, and enhance successful attacks.| Help Net Security
85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023.| Help Net Security
The emergence of new AI technology and large language models have made it easier for cybercriminals to generate phishing campaigns.| Help Net Security
Virtual patching is a security technique that uses rules on WAF to block known vulnerabilities in an app or system without modifying code.| Help Net Security
Security issues in the cloud can be avoided. By employing the necessary systems at the same time as cloud adoption, enterprises can reap the benefits.| Help Net Security
Matter 1.4.2 strengthens the standard by adding improvements in security, certification, infrastructure.| Help Net Security
Why privacy in blockchain must start with open source| Help Net Security
Researchers have witnessed an increase in ransomware attacks occurring when criminals know IT staff won’t be around, mostly night time.| Help Net Security
Companies must expand their “assume breach” mindset to prepare for multiple and even simultaneous attacks.| Help Net Security
Major regional and global events – such as military exercises, political or economic summits, and elections – drove cyber threat activities.| Help Net Security
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts| Help Net Security
Security awareness goes by other names: security culture, training, education, etc. But they are all involve managing human risk.| Help Net Security
Organizations should consider three-factor authentication (3FA), but the new device can't be used to authenticate from a foreign device.| Help Net Security
In this video for Help Net Security, Dan Lohrmann talks about MFA and how everyone should consider it to protect their identity and accounts.| Help Net Security
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using MFA.| Help Net Security
Selfie spoofing entails taking a picture of an image from a screen, from a piece of paper or even of a headshot on an identity document.| Help Net Security
Learn more about AI data regulations, their implications for public and private sectors, and their role in shaping future privacy practices.| Help Net Security
Companies are struggling to get visibility into the operations of their AI programs, potentially reducing productivity while creating risks.| Help Net Security
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense.| Help Net Security
There has been a 44% increase in organized ID fraud in North America. This upsurge is believed to be driven by the ongoing economic recovery.| Help Net Security
