The identity mess your customers feel before you do 2025-11-27 at 07:55 By Anamarija Pogorelec Customer identity has become one of the most brittle parts of the enterprise security stack. Teams know authentication matters, but organizations keep using methods that frustrate users and increase risk. New research from Descope shows how companies manage customer identity […]
The identity mess your customers feel before you do Read More »
Handala’s Latest Publication Targets Israeli High-Tech Specialists 2025-11-26 at 20:39 By Arthur Erzberger The Handala hacker group has recently published a list of Israeli high-tech and aerospace professionals, accompanied by aggressive, misleading descriptions labeling them as criminals. Most of the data appears to have been scraped from LinkedIn, with no evidence of wrongdoing by the
Handala’s Latest Publication Targets Israeli High-Tech Specialists Read More »
Gainsight breach: Salesforce details attack window, issues investigation guidance 2025-11-26 at 16:30 By Zeljka Zorz The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list
Gainsight breach: Salesforce details attack window, issues investigation guidance Read More »
New “HashJack” attack can hijack AI browsers and assistants 2025-11-26 at 14:18 By Zeljka Zorz Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the
New “HashJack” attack can hijack AI browsers and assistants Read More »
Heineken CISO champions a new risk mindset to unlock innovation 2025-11-26 at 09:16 By Mirko Zorz In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and
Heineken CISO champions a new risk mindset to unlock innovation Read More »
Small language models step into the fight against phishing sites 2025-11-26 at 08:31 By Sinisa Markovic Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range
Small language models step into the fight against phishing sites Read More »
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise 2025-11-26 at 08:09 By Help Net Security Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise Read More »
DeepTeam: Open-source LLM red teaming framework 2025-11-26 at 07:37 By Sinisa Markovic Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes
DeepTeam: Open-source LLM red teaming framework Read More »
How board members think about cyber risk and what CISOs should tell them 2025-11-26 at 07:11 By Help Net Security In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains
How board members think about cyber risk and what CISOs should tell them Read More »
Popular code formatting sites are exposing credentials and other secrets 2025-11-25 at 19:02 By Zeljka Zorz Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The findings JSONFormatter and CodeBeautify are free, web-based tools/services used by developers to make messy
Popular code formatting sites are exposing credentials and other secrets Read More »
Tor Project is rolling out Counter Galois Onion encryption 2025-11-25 at 17:04 By Sinisa Markovic People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength of the encryption that protects each hop. Tor developers are preparing a major upgrade called
Tor Project is rolling out Counter Galois Onion encryption Read More »
Fake “Windows Update” screens fuels new wave of ClickFix attacks 2025-11-25 at 15:02 By Zeljka Zorz A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip
Fake “Windows Update” screens fuels new wave of ClickFix attacks Read More »
Microsoft cracks down on malicious meeting invites 2025-11-25 at 12:39 By Sinisa Markovic Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That leaves a quiet opening for attackers. Microsoft has updated Defender for Office 365 so that security teams
Microsoft cracks down on malicious meeting invites Read More »
How an AI meltdown could reset enterprise expectations 2025-11-25 at 09:02 By Mirko Zorz In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once
How an AI meltdown could reset enterprise expectations Read More »
Aircraft cabin IoT leaves vendor and passenger data exposed 2025-11-25 at 08:34 By Sinisa Markovic The expansion of IoT devices in shared, multi-vendor environments, such as aircraft cabins, has created tension between the benefits of data collaboration and the risks to passenger privacy, vendor intellectual property, and regulatory compliance. A new study finds that even
Aircraft cabin IoT leaves vendor and passenger data exposed Read More »
The breaches everyone gets hit by (and how to stop them) 2025-11-25 at 08:11 By Help Net Security Headlines scream about zero-days and nation-state attacks, but the reality is far less glamorous. Ross Haleliuk, from Venture in Security talks about the concept of humans being wired to overweight rare, dramatic events and underweight the everyday
The breaches everyone gets hit by (and how to stop them) Read More »
Supply chain sprawl is rewriting security priorities 2025-11-25 at 07:32 By Anamarija Pogorelec Organizations depend on long chains of vendors, but many cybersecurity professionals say these relationships create gaps they cannot see or control. A new ISC2 survey of more than 1,000 cybersecurity professionals shows that supply chain risk sits near the top of their
Supply chain sprawl is rewriting security priorities Read More »
Cybersecurity jobs available right now: November 25, 2025 2025-11-25 at 07:02 By Anamarija Pogorelec Associate Director, Cybersecurity Specialist HSBC | India | Remote – View job details As an Associate Director, Cybersecurity Specialist, you will lead the Cyber Professional Testing Practice, setting direction, mentoring teams, and planning resources to support organisation-wide adoption. You will define
Cybersecurity jobs available right now: November 25, 2025 Read More »
Black Friday 2025 cybersecurity deals to explore 2025-11-24 at 15:30 By Help Net Security Black Friday 2025 is shaping up to be a good moment for anyone thinking about tightening their cybersecurity. A few solid deals are popping up that make it easier to improve protection for systems and data without stretching your budget. If
Black Friday 2025 cybersecurity deals to explore Read More »
Quantum encryption is pushing satellite hardware to its limits 2025-11-24 at 09:11 By Mirko Zorz In this Help Net Security interview, Colonel Ludovic Monnerat, Commander Space Command, Swiss Armed Forces, discusses how securing space assets is advancing in response to emerging quantum threats. He explains why satellite systems must move beyond traditional cryptography to remain
Quantum encryption is pushing satellite hardware to its limits Read More »