tips

Coinflow CISO on crypto payments security under AI pressure

Coinflow CISO on crypto payments security under AI pressure 2026-05-27 at 09:24 By Mirko Zorz Crypto payment firms sit near the top of the target list for advanced persistent threat groups, and the workload on their security leaders keeps growing. Malcolm Portelli, CISO at Coinflow, runs the company’s security program from Malta. Coinflow is headquartered […]

Coinflow CISO on crypto payments security under AI pressure Read More »

The alert economy is driving security analyst burnout

The alert economy is driving security analyst burnout 2026-05-27 at 09:24 By Help Net Security In this Help Net Security video, Ido Livneh, CEO of Jazz, explains why security analysts burn out and what leaders can do about it. The cause, he argues, is not long hours but meaningless work. Analysts spend their days closing

The alert economy is driving security analyst burnout Read More »

Boards want cyber risk in dollars, not CVE counts

Boards want cyber risk in dollars, not CVE counts 2026-05-25 at 08:11 By Help Net Security In this Help Net Security video, Ziv Levi, SVP of Technology at CYE, explains why translating cyber risk into dollars is one of the most pressing tasks for security leaders. Boards and executives want cyber exposure described in business

Boards want cyber risk in dollars, not CVE counts Read More »

Why AI changed the threat model for travel technology

Why AI changed the threat model for travel technology 2026-05-21 at 09:16 By Mirko Zorz In this Help Net Security interview, Devon Bryan, SVP, Global CSO at Booking Holdings, reflects on his path from Air Force network security engineer to global CSO across financial services, hospitality, and travel technology. He discusses why the travel industry’s

Why AI changed the threat model for travel technology Read More »

Communicating cyber risk in dollars boards understand

Communicating cyber risk in dollars boards understand 2026-05-20 at 09:34 By Mirko Zorz In this Help Net Security interview, Nick Nieuwenhuis, Cybersecurity Architect at Nedscaper, explains why cybersecurity has not delivered the resilience that decades of investment have promised. He argues that spending has leaned too heavily on technical controls while neglecting people, processes, and

Communicating cyber risk in dollars boards understand Read More »

What happens when your identity provider becomes the kill chain

What happens when your identity provider becomes the kill chain 2026-05-20 at 09:34 By Help Net Security In this Help Net Security video, Colin Constable, CTO at Atsign, explains why your identity provider (IdP) has become the kill chain in cyberattacks. Attackers steal session cookies, tokens, or consent grants you’ve already issued and walk in

What happens when your identity provider becomes the kill chain Read More »

Closing the AI governance gap in your enterprise

Closing the AI governance gap in your enterprise 2026-05-14 at 08:00 By Help Net Security In this Help Net Security video, Casey Bleeker, CEO at SurePath AI, talks about the AI governance gap that exists in almost every organization. Drawing from three years of conversations with IT, business, and security leaders, Casey explains why AI

Closing the AI governance gap in your enterprise Read More »

What Mozilla learned running an AI security bug hunting pipeline on Firefox

What Mozilla learned running an AI security bug hunting pipeline on Firefox 2026-05-08 at 01:14 By Mirko Zorz Over the past several months, Mozilla ran an agentic harness powered by Claude Mythos Preview across Firefox’s source code, identifying 271 security bugs that were fixed in Firefox 150, with additional fixes shipped in versions 149.0.2 and

What Mozilla learned running an AI security bug hunting pipeline on Firefox Read More »

Spotting third-party cyber risk before attackers do

Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one

Spotting third-party cyber risk before attackers do Read More »

A year in, Zoom’s CISO reflects on balancing security and business

A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and

A year in, Zoom’s CISO reflects on balancing security and business Read More »

Wi-Fi roaming security practices for access network providers and identity providers

Wi-Fi roaming security practices for access network providers and identity providers 2026-04-16 at 07:47 By Anamarija Pogorelec Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and

Wi-Fi roaming security practices for access network providers and identity providers Read More »

The exploit gap is closing, and your patch cycle wasn’t built for this

The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers

The exploit gap is closing, and your patch cycle wasn’t built for this Read More »

Testing reveals Claude Mythos’s offensive capabilities and limits

Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that

Testing reveals Claude Mythos’s offensive capabilities and limits Read More »

Zero trust at year two: What nobody planned for

Zero trust at year two: What nobody planned for 2026-04-14 at 08:11 By Help Net Security In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the

Zero trust at year two: What nobody planned for Read More »

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device

Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches Read More »

The art of making technical risk make sense to executives

The art of making technical risk make sense to executives 2026-03-31 at 11:21 By Help Net Security In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines,

The art of making technical risk make sense to executives Read More »

Why your phishing simulations aren’t building a security culture

Why your phishing simulations aren’t building a security culture 2026-03-25 at 08:07 By Help Net Security Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing

Why your phishing simulations aren’t building a security culture Read More »

What to do in the first 24 hours of a breach

What to do in the first 24 hours of a breach 2026-03-17 at 07:59 By Help Net Security In this Help Net Security video, Arvind Parthasarathi, CEO of CYGNVS, walks through a 10-step process for handling a cybersecurity breach. The first five steps cover preparation: setting up an out-of-band communication platform, identifying internal stakeholders, selecting

What to do in the first 24 hours of a breach Read More »

Passwords, MFA, and why neither is enough

Passwords, MFA, and why neither is enough 2026-03-13 at 07:37 By Help Net Security Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next. SMS codes can be

Passwords, MFA, and why neither is enough Read More »

Zero trust, zero buzzwords: Here’s what it means

Zero trust, zero buzzwords: Here’s what it means 2026-03-11 at 09:21 By Help Net Security In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach

Zero trust, zero buzzwords: Here’s what it means Read More »

Scroll to Top