Category: Help Net Security

Exabeam Nova accelerates threat detection and response

Exabeam unveiled Exabeam Nova, an autonomous AI agent delivering actionable intelligence that enables security teams to respond faster to incidents, reduce investigation times by over 50%, and mitigate threats more effectively. Exabeam delivers a multi-agent experience where specialized AI components…

Your smart home may not be as secure as you think

The Internet of Things (IoT) has become a major part of daily life. Smartphones, smart thermostats, security cameras, and other connected devices make tasks easier and improve comfort, efficiency, and productivity. But as the number of devices grows, so do…

Only 1% of malicious emails that reach inboxes deliver malware

99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common pre-delivery email…

Building a reasonable cyber defense program

If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable”…

LoftLabs vNode simplifies Kubernetes operations

LoftLabs launched vNode to redefine secure tenant isolation in Kubernetes. By introducing a new layer of virtualization on the node level, vNode ensures workloads remain fully isolated, allowing platform teams to enforce stricter security boundaries while optimizing shared infrastructure. On…

Attackers are probing Palo Alto Networks GlobalProtect portals

Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise.…

Why global tensions are a cybersecurity problem for every business

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling into…

How to build an effective cybersecurity simulation

Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test…

Generative AI Is reshaping financial fraud. Can security keep up?

In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay ahead.…

Cybersecurity jobs available right now: April 1, 2025

Cloud Security Engineer Fexco | Ireland | Hybrid – View job details As a Cloud Security Engineer, you will design and implement security frameworks for cloud environments. Enforce secure access policies, MFA, and least privilege principles. Develop automated security solutions…

EU invests €1.3 billion in AI and cybersecurity

The European Commission has approved the 2025-2027 Digital Europe Programme (DIGITAL) work program, allocating €1.3 billion to advance key technologies essential for the EU’s future and technological sovereignty. DIGITAL is an EU funding initiative designed to bring digital technology closer…

Two things you need in place to successfully adopt AI

Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy AI may…

Exegol: Open-source hacking environment

Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project…

How to recognize and prevent deepfake scams

Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened. These altered clips spread…

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers (IdPs) and avoiding any…

Cybersecurity spending set to jump 12.2% in 2025

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are…

Healthcare’s alarming cybersecurity reality

89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices – which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet – on their…

Infosec products of the month: March 2025

Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, and TXOne Networks. Outpost24…

Post-quantum cryptography and the future of online safety

In this Help Net Security video, Rebecca Krauthamer, CEO of QuSecure, explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare. She breaks down the so-called “quantum threat” and explains why it’s not just theoretical.…

How to manage and protect your biometric data

Biometric data refers to unique physical or behavioral characteristics that are used to verify a person’s identity. Revoking or changing biometric data is more complicated than changing passwords. Unlike passwords, biometric identifiers like fingerprints or retina scans are unique and…

A closer look at The Ultimate Cybersecurity Careers Guide

In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and…

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant…

GetReal Security platform combats AI-fueled attacks

GetReal Security launched unified platform to help enterprises, government agencies and media organizations manage risk and mitigate threats from the growing presence of AI-fueled attacks. The platform brings together GetReal’s products and service offerings into a unified digital experience for…

Cyber insurance isn’t always what it seems

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber…

Hottest cybersecurity open-source tools of the month: March 2025

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to…

ETSI releases security standard for the quantum future

ETSI launched post-quantum security standard to guarantee the protection of critical data and communications in the future. The specification “Efficient Quantum-Safe Hybrid Key Exchanges with Hidden Access Policies” (ETSI TS 104 015) has been developed to enhance security mechanisms, ensuring…

Oscilar AI Agent improves risk analysis and fraud prevention

Oscilar launched AI Agent platform, reshaping how organizations manage online risk. Built around a network of specialized AI agents, Oscilar’s platform addresses key challenges in fraud prevention, compliance, credit underwriting, and customer verification. Unlike traditional static AI models that require…

Whitepaper: Voice of Security 2025

Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS. Understand the biggest challenges facing security teams today, and how they can stay ahead of the curve…

Concentric AI’s UBDA feature identifies unusual user activity

Concentric AI announced new, context-driven behavior analytics capabilities in its Semantic Intelligence data security governance platform, enabling organizations to identify abnormal activity at the user level. The company has also added new integrations with Google Cloud Storage, Azure Data Lake,…

Blumira introduces Microsoft 365 threat response feature

Blumira launched Microsoft 365 (M365) threat response feature to help organizations contain security threats faster by enabling direct user lockout and session revocation within M365, Azure and Entra environments. The new threat response feature integrates seamlessly with M365 environments through…

Chainguard VMs reduces risk and engineering complexity

Chainguard announced Chainguard VMs, a new product line offering minimal, zero-CVE virtual machine images built entirely from source. Purpose-built for modern, ephemeral workloads in the cloud, Chainguard VMs represent a stark contrast to the legacy, general-purpose VMs that dominate the…

Sumsub launches Reusable Digital Identity product suite

Sumsub is launching its Reusable Digital Identity product suite. It will mitigate repetitive verification and redundant Know Your Customer (KYC) checks that negatively impact user experience and conversion rates for businesses. The new offerings are set to reduce applicant onboarding…

Cyberhaven enhances Linea AI platform to improve data security

Cyberhaven announced a major enhancement to its Linea AI platform with the introduction of advanced content understanding capabilities powered by frontier AI models. This enables Linea AI to intelligently analyze and contextualize all forms of content, including complex visual data,…

Malwoverview: First response tool for threat hunting

Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to retrieve and display only relevant information.…

A CISO’s guide to securing AI models

In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns…

How does your data end up on the dark web?

The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything online that’s not indexed by…

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover

Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research…

Review: The Developer’s Playbook for Large Language Model Security

With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to…

SailPoint Harbor Pilot automates identity security tasks

SailPoint announced SailPoint Harbor Pilot, a set of AI agents designed to help identity teams work smarter, respond faster and secure their organizations more efficiently. Harbor Pilot automates identity security tasks, simplifies workflow creation, and provides AI-driven insights through conversational…

Riskonnect boosts healthcare risk management with AI-based features

Riskonnect announces new AI-based features in its Healthcare Risk & Patient Safety solution. The new AI capabilities, which are the latest innovations in the provider’s Intelligent Risk features, enable healthcare organizations to make smarter, faster decisionsand accelerate critical operations to…

BlackCloak unveils Digital Executive Protection Framework

BlackCloak has released a new framework, Digital Executive Protection: Framework & Assessment Methodology, setting the standard for digital executive protection (DEP). Recent attacks on high-profile business leaders demonstrate a continuing trend: the lines between physical safety and cybersecurity are blurring.…

NetFoundry OT security platform protects critical infrastructure

NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations. The announcement meets three customer demands: Software-only, interoperable, vendor-neutral, OT microsegmentation Secure connectivity to IT…

How AI agents could undermine computing infrastructure security

In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks. Unlike traditional software, AI agents aren’t fully deterministic, making them more vulnerable to…

Cybersecurity jobs available right now: March 25, 2025

Analyst – Cyber Threat Intelligence Adecco | UAE | On-site – View job details As an Analyst – Cyber Threat Intelligence, you will conduct threat hunting missions across multi-cloud environments and perform cyber forensics to analyze security incidents. You will…

Protecting your personal information from data brokers

How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you –…

Report: Fortune 500 employee-linked account exposure

A backbone of our economy, Fortune 500 companies employ more than 31 million people worldwide. According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts…

iProov Workforce MFA mitigates risk of account takeovers

iProov launched iProov Workforce MFA. This device-independent, FIDO Alliance-certified, biometric authentication solution helps organizations mitigate the risk of one of workforce security’s most crucial concerns: account takeover. Using biometric authentication as part of an MFA process adds an irrefutable layer…

53% of security teams lack continuous and up-to-date visibility

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security. The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving them…

AI will make ransomware even more dangerous

Ransomware is the top predicted threat for 2025, which is especially concerning given 38% of security professionals say ransomware will become even more dangerous when powered by AI, according to Ivanti. In comparison to the threat level, only 29% of…

Scammers cash in on tax season

AI-powered phishing emails, deepfake phone calls, and fake tax prep websites are making tax scams more convincing and costly than ever, according to McAfee. Cybercriminals are pulling out all the stops to trick Americans out of their hard-earned money, and…

New infosec products of the week: March 21, 2025

Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks. Keysight AI Insight Brokers accelerates threat detection and response Keysight Technologies announces the expansion of its Keysight…

Why rooting and jailbreaking make you a target

As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking mobile devices remain a powerful attack vector. Such mobile devices bypass critical security protocols, leaving organizations vulnerable to mobile malware, data breaches, and complete system compromises. Threats reported…

SlashNext’s URL analysis tool identifies malicious behavior

SlashNext launched a new advanced URL analysis feature that performs live, in-depth scanning of unknown URLs, tracking requests and following redirection to track the original link to its final destination. Developed specifically for complex attacks executed by cybercriminals who have…

RansomHub affiliate leverages multi-function Betruger backdoor

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The Betruger backdoor The malware can take screenshots, log keystroke, scan networks, dump credentials, upload files to a…