Don’t miss

How a noisy ransomware intrusion exposed a long-term espionage foothold

APT, cyber espionage, cybercriminals, Don't miss, Hot stuff, News, Positive Technologies, Ransomware, threat detection /

How a noisy ransomware intrusion exposed a long-term espionage foothold 2025-12-02 at 15:15 By Zeljka Zorz Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might […]

How a noisy ransomware intrusion exposed a long-term espionage foothold Read More »

Creative cybersecurity strategies for resource-constrained institutions

collaboration, Compliance, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Innovation, News, RTI International, security controls, strategy /

Creative cybersecurity strategies for resource-constrained institutions 2025-12-02 at 09:33 By Mirko Zorz In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses the tension between open research and the need to protect sensitive information, noting that

Creative cybersecurity strategies for resource-constrained institutions Read More »

Product showcase: UserLock IAM for Active Directory

Don't miss, Hot stuff, identity management, IS Decisions, News, Product showcase /

Product showcase: UserLock IAM for Active Directory 2025-12-02 at 08:34 By Help Net Security UserLock brings modern identity and access management (IAM) to Active Directory, adding granular multi-factor authentication (MFA), contextual access controls, single sign-on (SSO) and real-time session management. It helps AD-first teams secure logons and govern access to network and SaaS resources without

Product showcase: UserLock IAM for Active Directory Read More »

Cryptomixer crypto laundering service taken down by law enforcement

Cryptocurrency, cybercrime, Don't miss, EU, Eurojust, Europol, Germany, Hot stuff, News, Switzerland /

Cryptomixer crypto laundering service taken down by law enforcement 2025-12-01 at 16:57 By Zeljka Zorz German and Swiss law enforcement agencies have taken down Cryptomixer, an illegal cryptocurrency mixer service, and have confiscated over 25 million euros (approximately $29 million) in Bitcoin. The Cryptomixer seizure banner As part of Operation Olympia, and with support from

Cryptomixer crypto laundering service taken down by law enforcement Read More »

Treating MCP like an API creates security blind spots

API security, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, identity management, MCP Manager, News, security controls, servers /

Treating MCP like an API creates security blind spots 2025-12-01 at 09:06 By Mirko Zorz In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how

Treating MCP like an API creates security blind spots Read More »

Offensive cyber power is spreading fast and changing global security

China, CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, NATO, News, report, research, Risk Management, Russian Federation, strategy, threats /

Offensive cyber power is spreading fast and changing global security 2025-12-01 at 08:36 By Sinisa Markovic Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief

Offensive cyber power is spreading fast and changing global security Read More »

Enterprise password audits made practical for busy security teams

auditing, Don't miss, enterprise, Hot stuff, News, password management, Passwork /

Enterprise password audits made practical for busy security teams 2025-12-01 at 08:36 By Sinisa Markovic Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others

Enterprise password audits made practical for busy security teams Read More »

What zero trust looks like when you build it step by step

access control, authentication, cybersecurity, Don't miss, identity management, KeyData Cyber, News, security metrics, Video, zero trust /

What zero trust looks like when you build it step by step 2025-12-01 at 08:36 By Help Net Security In this Help Net Security video, Jonathan Edwards, Managing Director at KeyData Cyber, walks us through what practical zero trust adoption looks like in stages. He explains why he dislikes the term itself, then shifts to

What zero trust looks like when you build it step by step Read More »

Social data puts user passwords at risk in unexpected ways

authentication, cyber risk, Don't miss, Facebook, Hot stuff, Instagram, LinkedIn, LLMs, News, passwords, Privacy, research, social media, tips /

Social data puts user passwords at risk in unexpected ways 2025-11-28 at 09:08 By Anamarija Pogorelec Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how

Social data puts user passwords at risk in unexpected ways Read More »

New observational auditing framework takes aim at machine learning privacy leaks

cybersecurity, Don't miss, Features, Hot stuff, machine learning, Meta, News, Privacy, research, security auditing /

New observational auditing framework takes aim at machine learning privacy leaks 2025-11-28 at 08:34 By Sinisa Markovic Machine learning (ML) privacy concerns continue to surface, as audits show that models can reveal parts of the labels (the user’s choice, expressed preference, or the result of an action) used during training. A new research paper explores

New observational auditing framework takes aim at machine learning privacy leaks Read More »

Why password management defines PCI DSS success

authentication, Compliance, Don't miss, Hot stuff, News, password management, Passwork /

Why password management defines PCI DSS success 2025-11-28 at 08:03 By Sinisa Markovic Most CISOs spend their days dealing with noisy dashboards and vendor pitches that all promise a shortcut to compliance. It can be overwhelming to sort out what matters. When you dig into real incidents involving payment data, a surprising number come down to

Why password management defines PCI DSS success Read More »

Hottest cybersecurity open-source tools of the month: November 2025

cybersecurity, Don't miss, GitHub, News, open source, software /

Hottest cybersecurity open-source tools of the month: November 2025 2025-11-27 at 09:00 By Anamarija Pogorelec This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Heisenberg: Open-source software supply chain health check tool Heisenberg is an open-source tool that checks the health of a software supply chain.

Hottest cybersecurity open-source tools of the month: November 2025 Read More »

Gainsight breach: Salesforce details attack window, issues investigation guidance

data theft, Don't miss, Gainsight, Hot stuff, Mandiant, News, Palo Alto Networks, SaaS, Salesforce, supply chain compromise /

Gainsight breach: Salesforce details attack window, issues investigation guidance 2025-11-26 at 16:30 By Zeljka Zorz The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list

Gainsight breach: Salesforce details attack window, issues investigation guidance Read More »

New “HashJack” attack can hijack AI browsers and assistants

AI, browser, Chrome, Comet, data theft, Don't miss, Edge, Google, Hot stuff, Microsoft, News, Perplexity, phishing /

New “HashJack” attack can hijack AI browsers and assistants 2025-11-26 at 14:18 By Zeljka Zorz Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the

New “HashJack” attack can hijack AI browsers and assistants Read More »

Heineken CISO champions a new risk mindset to unlock innovation

boardroom, CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Heineken, Hot stuff, News, Risk Management, strategy, tips /

Heineken CISO champions a new risk mindset to unlock innovation 2025-11-26 at 09:16 By Mirko Zorz In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and

Heineken CISO champions a new risk mindset to unlock innovation Read More »

Small language models step into the fight against phishing sites

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, phishing, research /

Small language models step into the fight against phishing sites 2025-11-26 at 08:31 By Sinisa Markovic Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range

Small language models step into the fight against phishing sites Read More »

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise

Don't miss, Expert analysis, Expert corner, Hot stuff, News, Passwork /

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise 2025-11-26 at 08:09 By Help Net Security Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise Read More »

DeepTeam: Open-source LLM red teaming framework

Don't miss, framework, GitHub, LLMs, News, open source, prompt injection, red team, software /

DeepTeam: Open-source LLM red teaming framework 2025-11-26 at 07:37 By Sinisa Markovic Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes

DeepTeam: Open-source LLM red teaming framework Read More »

How board members think about cyber risk and what CISOs should tell them

boardroom, CISO, cyber risk, cybersecurity, Don't miss, News, Qualys, security metrics, strategy, Video /

How board members think about cyber risk and what CISOs should tell them 2025-11-26 at 07:11 By Help Net Security In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains

How board members think about cyber risk and what CISOs should tell them Read More »

Popular code formatting sites are exposing credentials and other secrets

Data leak, Don't miss, Hot stuff, News, WatchTowr /

Popular code formatting sites are exposing credentials and other secrets 2025-11-25 at 19:02 By Zeljka Zorz Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The findings JSONFormatter and CodeBeautify are free, web-based tools/services used by developers to make messy

Popular code formatting sites are exposing credentials and other secrets Read More »

Scroll to Top