Session tokens give attackers a shortcut around MFA 2025-12-22 at 07:45 By Help Net Security In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often […]
Session tokens give attackers a shortcut around MFA Read More »
India Criminalizes Tampering with Telecommunication Identifiers and Unauthorized Radio Equipment Under the Telecommunications Act 2025-12-19 at 10:38 By Ashish Khaitan The Indian government has introduced explicit legal provisions under subsection 42(3)(c) and subsection 42(3)(f) of the Telecommunications Act, 2023, formally classifying the tampering with telecommunication identifiers and the willful possession of radio equipment using unauthorized
AI isn’t one system, and your threat model shouldn’t be either 2025-12-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters,
AI isn’t one system, and your threat model shouldn’t be either Read More »
LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of
LLMs work better together in smart contract audits Read More »
Identity risk is changing faster than most security teams expect 2025-12-19 at 07:35 By Anamarija Pogorelec Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered
Identity risk is changing faster than most security teams expect Read More »
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »
More than half of public vulnerabilities bypass leading WAFs 2025-12-18 at 13:42 By Help Net Security Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven
More than half of public vulnerabilities bypass leading WAFs Read More »
The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He
The soft underbelly of space isn’t in orbit, it’s on the ground Read More »
What cybersecurity leaders are reading to stay ahead 2025-12-18 at 07:33 By Anamarija Pogorelec If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on your list is exploring cybersecurity, AI, engineering, or career development, these titles offer something useful for
What cybersecurity leaders are reading to stay ahead Read More »
Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders 2025-12-17 at 15:44 By Ashish Khaitan The Australian Cyber Security Centre (ACSC) has published a new guide, Quantum Technology Primer: Overview, aimed at helping organizations understand the field of quantum technologies for cybersecurity. The publication is part of a bigger effort to raise awareness and preparedness
Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders Read More »
Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research
Why vulnerability reports stall inside shared hosting companies Read More »
How exposure management changes cyber defense 2025-12-17 at 07:36 By Help Net Security In this Help Net Security video, Larry Slusser, VP of Strategy at SixMap, explains why endpoint detection and response is only part of the security story. Drawing on his work as an incident responder, engagement manager, and ransomware negotiator, he describes EDR
How exposure management changes cyber defense Read More »
AI breaks the old security playbook 2025-12-17 at 07:06 By Anamarija Pogorelec AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core infrastructure. Some AI tools reach hundreds of millions of users each week. Inference costs have fallen 280 fold, but overall spending is
AI breaks the old security playbook Read More »
The messy data trails of telehealth are becoming a security nightmare 2025-12-16 at 09:24 By Mirko Zorz In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems
The messy data trails of telehealth are becoming a security nightmare Read More »
AI might be the answer for better phishing resilience 2025-12-16 at 08:44 By Sinisa Markovic Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked at whether LLMs can produce training that helps people spot
AI might be the answer for better phishing resilience Read More »
Passwordless is finally happening, and users barely notice 2025-12-16 at 07:32 By Anamarija Pogorelec Security teams know the strain that comes from tightening authentication controls while keeping users productive. A new report from Okta suggests this strain is easing. Stronger authentication methods are gaining traction, and many of them let users move through sign in
Passwordless is finally happening, and users barely notice Read More »
How researchers are teaching AI agents to ask for permission the right way 2025-12-15 at 09:06 By Mirko Zorz People are starting to hand more decisions to AI agents, from booking trips to sorting digital files. The idea sounds simple. Tell the agent what you want, then let it work through the steps. The hard
How researchers are teaching AI agents to ask for permission the right way Read More »
Prometheus: Open-source metrics and monitoring systems and services 2025-12-15 at 08:43 By Anamarija Pogorelec Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs, and
Prometheus: Open-source metrics and monitoring systems and services Read More »
Manufacturing is becoming a test bed for ransomware shifts 2025-12-15 at 07:12 By Anamarija Pogorelec Manufacturing leaders may feel that ransomware risk has settled, but new data shows the threat is shifting in ways that require attention, according to a Sophos report. A global survey of 332 IT and security leaders outlines how attackers are
Manufacturing is becoming a test bed for ransomware shifts Read More »
Ransomware keeps widening its reach 2025-12-12 at 08:21 By Anamarija Pogorelec Ransomware keeps shifting into new territory, pulling in victims from sectors and regions that once saw fewer attacks. The latest Global Threat Briefing for H2 2025 from CyberCube shows incidents spreading in ways that make it harder for security leaders to predict where threats
Ransomware keeps widening its reach Read More »