Product showcase: Orbot – Tor VPN for iOS 2026-01-14 at 07:43 By Anamarija Pogorelec Orbot for iOS is a free, open-source networking tool that routes supported app traffic through the Tor network. Developed by the Guardian Project, it is intended for users who want to reduce tracking and limit network-level monitoring on iPhone and iPad. […]
Product showcase: Orbot – Tor VPN for iOS Read More »
Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains 2026-01-13 at 11:04 By Anamarija Pogorelec Security teams are dealing with pressures tied to AI use, geopolitical instability, and expanding cybercrime that reach beyond technical controls, according to findings from the World Economic Forum’s Global Cybersecurity Outlook 2026. AI drives risk growth and
Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains Read More »
Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience 2026-01-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CISO and CTO at Rakuten Viber, discusses how messaging platforms have become critical infrastructure during crises and conflicts. He explains how it influences cybersecurity priorities, from encryption and abuse prevention
Turning cyber metrics into decisions leaders can act on 2026-01-13 at 09:01 By Help Net Security In this Help Net Security video, Bryan Sacks, Field CISO at Myriad360, explains how security leaders can measure cybersecurity in ways that matter to executives and boards. He argues that metrics should support decisions, not exist for reporting alone.
Turning cyber metrics into decisions leaders can act on Read More »
Teaching cybersecurity by letting students break things 2026-01-13 at 09:01 By Sinisa Markovic Cybersecurity students show higher engagement when the work feels tangible. A new study from Airbus Cybersecurity and Dauphine University describes what happens when courses move beyond lectures and place students inside structured hacking scenarios, social engineering exercises, and competitive games. From theory
Teaching cybersecurity by letting students break things Read More »
There was no data breach, Instagram says 2026-01-12 at 13:20 By Zeljka Zorz News of a possible Instagram data breach spread over the weekend after Malwarebytes reported that cybercriminals had stolen sensitive information from 17.5 million Instagram accounts, potentially leading to a surge in password reset requests. Users have been complaining last week about receiving
There was no data breach, Instagram says Read More »
Crypto crime hits record levels as state actors move billions 2026-01-12 at 11:15 By Sinisa Markovic Nation-state involvement in crypto increased in 2025, signaling a shift in how on-chain crime operates. Three waves of crypto crime (Source: Chainalysis) Research from Chainalysis shows that crypto-related crime has grown more organized over recent years, with illicit groups
Crypto crime hits record levels as state actors move billions Read More »
Rethinking OT security for project heavy shipyards 2026-01-12 at 09:09 By Mirko Zorz In this Help Net Security interview, Hans Quivooij, CISO at Damen Shipyards Group, discusses securing OT and ICS in the shipyard. He outlines how project-based operations, rotating contractors, and temporary systems expand the threat surface and complicate access control. Quivooij also covers
Rethinking OT security for project heavy shipyards Read More »
pfSense: Open-source firewall and routing platform 2026-01-12 at 08:33 By Sinisa Markovic Firewalls, VPN access, and traffic rules need steady attention, often with limited budgets and staff. In that context, the open source pfSense Community Edition (CE) continues to show up in production environments, supported by a long-standing user community. pfSense CE is the free,
pfSense: Open-source firewall and routing platform Read More »
What security teams can learn from torrent metadata 2026-01-12 at 08:10 By Mirko Zorz Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that same
What security teams can learn from torrent metadata Read More »
January 2026 Patch Tuesday forecast: And so it continues 2026-01-09 at 11:26 By Help Net Security Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and
January 2026 Patch Tuesday forecast: And so it continues Read More »
How AI agents are turning security inside-out 2026-01-09 at 09:30 By Help Net Security AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built
How AI agents are turning security inside-out Read More »
Security teams are paying more attention to the energy cost of detection 2026-01-09 at 08:02 By Anamarija Pogorelec Security teams spend a lot of time explaining why detection systems need more compute. Cloud bills rise, models retrain more often, and new analytics pipelines get added to existing stacks. Those conversations usually stay focused on coverage
Security teams are paying more attention to the energy cost of detection Read More »
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) 2026-01-08 at 16:43 By Zeljka Zorz An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) Read More »
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) 2026-01-08 at 14:08 By Zeljka Zorz Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) Read More »
Cybercriminals are scaling phishing attacks with ready-made kits 2026-01-08 at 09:10 By Anamarija Pogorelec Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks. Phishing kits grow more sophisticated and scalable Barracuda threat analysts found that in 2025
Cybercriminals are scaling phishing attacks with ready-made kits Read More »
StackRox: Open-source Kubernetes security platform 2026-01-08 at 08:31 By Anamarija Pogorelec Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open source project sits in
StackRox: Open-source Kubernetes security platform Read More »
What happens to insider risk when AI becomes a coworker 2026-01-08 at 08:04 By Help Net Security In this Help Net Security video, Ashley Rose, CEO at Living Security, discusses how AI is changing insider risk. AI is now built into daily work across departments, which shifts how risk shows up and how security teams
What happens to insider risk when AI becomes a coworker Read More »
Passwords are where PCI DSS compliance often breaks down 2026-01-08 at 07:36 By Sinisa Markovic Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the
Passwords are where PCI DSS compliance often breaks down Read More »
Voice cloning defenses are easier to undo than expected 2026-01-08 at 07:01 By Sinisa Markovic Many voice protection tools promise to block cloning by adding hidden noise to speech. Researchers at a Texas university found that widely used voice protection methods can be stripped away, restoring speaker identity and allowing fake voices to pass automated
Voice cloning defenses are easier to undo than expected Read More »