Reachability makes AI threat modeling worth the trust 2026-06-16 at 09:00 By Mirko Zorz In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walks […]
Reachability makes AI threat modeling worth the trust Read More »
The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers
The exploit gap is closing, and your patch cycle wasn’t built for this Read More »
The art of making technical risk make sense to executives 2026-03-31 at 11:21 By Help Net Security In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines,
The art of making technical risk make sense to executives Read More »
NIST updates its DNS security guidance for the first time in over a decade 2026-03-23 at 09:18 By Mirko Zorz DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years. NIST published SP 800-81r3, the Secure
NIST updates its DNS security guidance for the first time in over a decade Read More »
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity 2026-03-09 at 09:01 By Mirko Zorz Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity Read More »
Cybersecurity planning keeps moving toward whole-of-society models 2026-02-05 at 09:11 By Sinisa Markovic National governments already run cybersecurity through a mix of ministries, regulators, law enforcement, and private operators that own most critical systems. In that environment, guidance circulating among policymakers outlines how national cybersecurity strategies increasingly tie together risk management, workforce planning, technology standards,
Cybersecurity planning keeps moving toward whole-of-society models Read More »
Where NSA zero trust guidance aligns with enterprise reality 2026-02-02 at 09:10 By Sinisa Markovic The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust cybersecurity practices. The documents are part of a larger series designed to support adoption of
Where NSA zero trust guidance aligns with enterprise reality Read More »
The NSA lays out the first steps for zero trust adoption 2026-01-15 at 07:28 By Anamarija Pogorelec Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting out what they own, how access works, and where authority
The NSA lays out the first steps for zero trust adoption Read More »
Turning plain language into firewall rules 2026-01-06 at 09:00 By Sinisa Markovic Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule
Turning plain language into firewall rules Read More »
Radio signals could give attackers a foothold inside air-gapped devices 2025-12-30 at 09:25 By Sinisa Markovic Air-gapped systems are meant to stay quiet. Remove network ports, lock down inputs, and the device should have nothing to hear. A new study shows that this breaks down when software control is lost. Embedded devices with no radios
Radio signals could give attackers a foothold inside air-gapped devices Read More »
NIST issues guidance on securing smart speakers 2025-12-22 at 07:02 By Sinisa Markovic Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to this use,
NIST issues guidance on securing smart speakers Read More »
Life, death, and online identity: What happens to your online accounts after death? 2025-10-22 at 15:13 By Zeljka Zorz The rapid technological advances of recent decades have transformed nearly every aspect of our lives. One major shift is that many of us now maintain extensive digital footprints, spanning countless online accounts, from email and social
Life, death, and online identity: What happens to your online accounts after death? Read More »
How to succeed at cybersecurity job interviews 2025-10-06 at 09:06 By Sinisa Markovic Imagine this: you’ve made it through the résumé screen, your skills look solid on paper, and now it’s interview day. The next hour will decide whether you move forward or go back to the job boards. What separates the candidates who land
How to succeed at cybersecurity job interviews Read More »
Behind the scenes of cURL with its founder: Releases, updates, and security 2025-09-18 at 09:01 By Mirko Zorz In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of
Behind the scenes of cURL with its founder: Releases, updates, and security Read More »
Cybersecurity research is getting new ethics rules, here’s what you need to know 2025-09-08 at 09:01 By Mirko Zorz Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such
Cybersecurity research is getting new ethics rules, here’s what you need to know Read More »
AI isn’t taking over the world, but here’s what you should worry about 2025-08-29 at 10:03 By Help Net Security In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own. He explains how large language models actually work,
AI isn’t taking over the world, but here’s what you should worry about Read More »
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies 2025-08-25 at 07:50 By Mirko Zorz Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare. It’s essentially a walkthrough of offensive and defensive approaches to AI security. About the author John Sotiropoulos is the Head Of AI
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies Read More »
iOS security features you should use to protect your privacy 2025-08-20 at 07:11 By Sinisa Markovic iOS 18 comes with several privacy and security features that many iPhone users overlook. Knowing how to use them can help you protect your personal information and control which apps can access your data. USB Accessories Lock iOS 18
iOS security features you should use to protect your privacy Read More »
New NIST guide explains how to detect morphed images 2025-08-18 at 18:00 By Sinisa Markovic Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo
New NIST guide explains how to detect morphed images Read More »
APT groups are getting personal, and CISOs should be concerned 2025-08-12 at 14:42 By Mirko Zorz Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store
APT groups are getting personal, and CISOs should be concerned Read More »