January 2026 Patch Tuesday forecast: And so it continues 2026-01-09 at 11:26 By Help Net Security Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and […]
January 2026 Patch Tuesday forecast: And so it continues Read More »
How AI agents are turning security inside-out 2026-01-09 at 09:30 By Help Net Security AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built
How AI agents are turning security inside-out Read More »
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »
December 2025 Patch Tuesday forecast: And it’s a wrap 2025-12-08 at 09:56 By Help Net Security It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there
December 2025 Patch Tuesday forecast: And it’s a wrap Read More »
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise 2025-11-26 at 08:09 By Help Net Security Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise Read More »
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? 2025-11-07 at 13:28 By Help Net Security October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? Read More »
Identifying risky candidates: Practical steps for security leaders 2025-10-16 at 08:32 By Help Net Security Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,
Identifying risky candidates: Practical steps for security leaders Read More »
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »
Securing agentic AI with intent-based permissions 2025-10-10 at 08:31 By Help Net Security When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate
Securing agentic AI with intent-based permissions Read More »
4 ways to use time to level up your security monitoring 2025-10-03 at 09:09 By Help Net Security SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity
4 ways to use time to level up your security monitoring Read More »
GPT needs to be rewired for security 2025-10-02 at 09:18 By Help Net Security LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high
GPT needs to be rewired for security Read More »
How attackers poison AI tools and defenses 2025-09-29 at 09:06 By Help Net Security Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and
How attackers poison AI tools and defenses Read More »
What could a secure 6G network look like? 2025-09-15 at 08:47 By Help Net Security The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised
What could a secure 6G network look like? Read More »
Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can
Fixing silent failures in security controls with adversarial exposure validation Read More »
Cyber defense cannot be democratized 2025-09-08 at 08:14 By Help Net Security The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt
Cyber defense cannot be democratized Read More »
September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator
September 2025 Patch Tuesday forecast: The CVE matrix Read More »
Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that
Detecting danger: EASM in the modern security stack Read More »
Five ways OSINT helps financial institutions to fight money laundering 2025-08-22 at 09:31 By Help Net Security Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies
Five ways OSINT helps financial institutions to fight money laundering Read More »
Password crisis in healthcare: Meeting and exceeding HIPAA requirements 2025-08-20 at 19:25 By Help Net Security In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders
Password crisis in healthcare: Meeting and exceeding HIPAA requirements Read More »
The 6 challenges your business will face in implementing MLSecOps 2025-08-20 at 09:04 By Help Net Security Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps addresses this critical gap in security perimeters by combining AI
The 6 challenges your business will face in implementing MLSecOps Read More »