Expert analysis

Why I’m done calling humans the weakest link

Why I’m done calling humans the weakest link 2026-03-31 at 11:22 By Help Net Security Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners […]

Why I’m done calling humans the weakest link Read More »

Why risk alone doesn’t get you to yes

Why risk alone doesn’t get you to yes 2026-03-30 at 09:29 By Help Net Security I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most security leaders will face is not identifying a threat, but getting

Why risk alone doesn’t get you to yes Read More »

Does Anthropic deserve the trust of the cybersecurity community?

Does Anthropic deserve the trust of the cybersecurity community? 2026-03-12 at 08:35 By Help Net Security The cybersecurity industry runs on trust. The belief that when a vendor says they will behave a certain way, they will, that critical CVEs are in fact critical, or when companies say they’re GDPR compliant, they really are. But

Does Anthropic deserve the trust of the cybersecurity community? Read More »

March 2026 Patch Tuesday forecast: Is AI security an oxymoron?

March 2026 Patch Tuesday forecast: Is AI security an oxymoron? 2026-03-06 at 10:47 By Help Net Security Developers and analysts are using more AI tools to produce code and to test both the performance and security of the finished products. They are also embedding AI functionality in their products directly. But just how secure are

March 2026 Patch Tuesday forecast: Is AI security an oxymoron? Read More »

February 2026 Patch Tuesday forecast: Lots of OOB love this month

February 2026 Patch Tuesday forecast: Lots of OOB love this month 2026-02-06 at 09:54 By Help Net Security Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 vulnerabilities in Windows

February 2026 Patch Tuesday forecast: Lots of OOB love this month Read More »

Open-source AI pentesting tools are getting uncomfortably good

Open-source AI pentesting tools are getting uncomfortably good 2026-02-02 at 09:10 By Help Net Security AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI,

Open-source AI pentesting tools are getting uncomfortably good Read More »

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever 2026-01-21 at 07:34 By Help Net Security Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting,

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever Read More »

January 2026 Patch Tuesday forecast: And so it continues

January 2026 Patch Tuesday forecast: And so it continues 2026-01-09 at 11:26 By Help Net Security Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and

January 2026 Patch Tuesday forecast: And so it continues Read More »

How AI agents are turning security inside-out

How AI agents are turning security inside-out 2026-01-09 at 09:30 By Help Net Security AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built

How AI agents are turning security inside-out Read More »

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »

December 2025 Patch Tuesday forecast: And it’s a wrap

December 2025 Patch Tuesday forecast: And it’s a wrap 2025-12-08 at 09:56 By Help Net Security It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there

December 2025 Patch Tuesday forecast: And it’s a wrap Read More »

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise 2025-11-26 at 08:09 By Help Net Security Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is

Black Friday 2025 for InfoSec: How to spot real value and avoid the noise Read More »

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL?

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? 2025-11-07 at 13:28 By Help Net Security October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? Read More »

Identifying risky candidates: Practical steps for security leaders

Identifying risky candidates: Practical steps for security leaders 2025-10-16 at 08:32 By Help Net Security Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,

Identifying risky candidates: Practical steps for security leaders Read More »

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »

Securing agentic AI with intent-based permissions

Securing agentic AI with intent-based permissions 2025-10-10 at 08:31 By Help Net Security When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate

Securing agentic AI with intent-based permissions Read More »

4 ways to use time to level up your security monitoring

4 ways to use time to level up your security monitoring 2025-10-03 at 09:09 By Help Net Security SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity

4 ways to use time to level up your security monitoring Read More »

GPT needs to be rewired for security

GPT needs to be rewired for security 2025-10-02 at 09:18 By Help Net Security LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high

GPT needs to be rewired for security Read More »

How attackers poison AI tools and defenses

How attackers poison AI tools and defenses 2025-09-29 at 09:06 By Help Net Security Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and

How attackers poison AI tools and defenses Read More »

What could a secure 6G network look like?

What could a secure 6G network look like? 2025-09-15 at 08:47 By Help Net Security The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised

What could a secure 6G network look like? Read More »

Scroll to Top