Spotting third-party cyber risk before attackers do 2026-05-04 at 09:46 By Help Net Security In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures before attackers exploit them. He argues that businesses should move beyond a data-loss mindset toward one […]
Spotting third-party cyber risk before attackers do Read More »
A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and
A year in, Zoom’s CISO reflects on balancing security and business Read More »
Wi-Fi roaming security practices for access network providers and identity providers 2026-04-16 at 07:47 By Anamarija Pogorelec Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and
Wi-Fi roaming security practices for access network providers and identity providers Read More »
The exploit gap is closing, and your patch cycle wasn’t built for this 2026-04-15 at 10:02 By Mirko Zorz The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working exploit is shrinking fast. The briefing centers
The exploit gap is closing, and your patch cycle wasn’t built for this Read More »
Testing reveals Claude Mythos’s offensive capabilities and limits 2026-04-14 at 18:15 By Zeljka Zorz Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute (AISI) tested its capability to successfully engage in capture-the-flag (CTF) challenges and multi-step attack scenarios, and found that that
Testing reveals Claude Mythos’s offensive capabilities and limits Read More »
Zero trust at year two: What nobody planned for 2026-04-14 at 08:11 By Help Net Security In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the
Zero trust at year two: What nobody planned for Read More »
Windows Security app gets Secure Boot certificate status indicators as 2026 expiration approaches 2026-04-03 at 14:57 By Anamarija Pogorelec Microsoft’s Secure Boot certificates, issued in 2011, are approaching expiration in 2026. To help IT administrators track whether devices have received replacement certificates, Microsoft has added new status indicators to the Windows Security app, under Device
The art of making technical risk make sense to executives 2026-03-31 at 11:21 By Help Net Security In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines,
The art of making technical risk make sense to executives Read More »
Why your phishing simulations aren’t building a security culture 2026-03-25 at 08:07 By Help Net Security Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training videos and quarterly phishing tests happen in calm, controlled settings that tell us nothing
Why your phishing simulations aren’t building a security culture Read More »
What to do in the first 24 hours of a breach 2026-03-17 at 07:59 By Help Net Security In this Help Net Security video, Arvind Parthasarathi, CEO of CYGNVS, walks through a 10-step process for handling a cybersecurity breach. The first five steps cover preparation: setting up an out-of-band communication platform, identifying internal stakeholders, selecting
What to do in the first 24 hours of a breach Read More »
Passwords, MFA, and why neither is enough 2026-03-13 at 07:37 By Help Net Security Passwords weren’t enough, so we added MFA. Now MFA isn’t enough either. In this Help Net Security video, Karlo Zatylny, CTO/CISO at Portnox, walks through why each layer of identity security has failed and what comes next. SMS codes can be
Passwords, MFA, and why neither is enough Read More »
Zero trust, zero buzzwords: Here’s what it means 2026-03-11 at 09:21 By Help Net Security In this Help Net Security video, Murat Balaban, CEO of Zenarmor, breaks down zero trust and zero trust network access (ZTNA) without the buzzwords. The video covers why this approach matters, including the risk of lateral movement after a breach
Zero trust, zero buzzwords: Here’s what it means Read More »
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity 2026-03-09 at 09:01 By Mirko Zorz Stu Hirst was already a CISO when he started to go deaf. It was 2023, and the hearing loss crept in over months, enough for him to adapt, to lean on hearing aids and captions, to quietly reorganize
Decoding silence: How deaf and hard-of-hearing pros are breaking into cybersecurity Read More »
Why phishing still works today 2026-03-06 at 08:30 By Help Net Security In this Help Net Security video, Gal Livschitz, Senior Penetration Tester at Terra Security, explains how phishing has evolved and why employees still fall for it. He outlines how phishing now uses HTTPS, branded pages, and lookalike domains, making attacks harder to spot.
Why phishing still works today Read More »
When cyber threats start thinking for themselves 2026-03-02 at 07:30 By Help Net Security In this Help Net Security video, Jason Rivera, Field CISO & Head of Solution Engineering at SimSpace, discusses how autonomous AI agents are changing cyber threats. Drawing on experience in the US Army, NSA, Deloitte, and CrowdStrike, he describes how security
When cyber threats start thinking for themselves Read More »
Scattered Lapsus$ Hunters seeks women for vishing attacks 2026-02-26 at 14:55 By Zeljka Zorz The Scattered Lapsus$ Hunters (SLH) hacking collective has launched a recruitment push aimed specifically at women, offering cash payments for participating in voice-phishing (vishing) attacks. A few days ago, threat intelligence firm Dataminr detected posts on a public Telegram channel advertising
Scattered Lapsus$ Hunters seeks women for vishing attacks Read More »
The hidden cost of putting off security decisions 2026-02-06 at 08:01 By Help Net Security In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how
The hidden cost of putting off security decisions Read More »
Cybersecurity planning keeps moving toward whole-of-society models 2026-02-05 at 09:11 By Sinisa Markovic National governments already run cybersecurity through a mix of ministries, regulators, law enforcement, and private operators that own most critical systems. In that environment, guidance circulating among policymakers outlines how national cybersecurity strategies increasingly tie together risk management, workforce planning, technology standards,
Cybersecurity planning keeps moving toward whole-of-society models Read More »
Why incident response breaks down when it matters most 2026-02-04 at 07:45 By Help Net Security In this Help Net Security video, Jon David, Managing Director, NR Labs, discusses why incident response often breaks down during a breach. Drawing on years of experience watching real attackers operate across many industries, he walks through what tends
Why incident response breaks down when it matters most Read More »
ShinyHunters flip the script on MFA in new data theft attacks 2026-02-02 at 18:50 By Zeljka Zorz Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in
ShinyHunters flip the script on MFA in new data theft attacks Read More »