Help Net Security

The post Cybersecurity jobs available right now in Europe: February 27, 2025 appeared first on Help Net Security.

While cybersecurity pros spend much of their time immersed in technical reports, risk assessments, and policy documents, fiction offers a refreshing perspective on security and hacking. Great cyber-themed novels can teach lessons on human psychology, cyber warfare, and the ethics of technology while also entertaining and thought-provoking. Here are eight fiction books that every cybersecurity leader should consider adding to their reading list. Daemon – Daniel Suarez Why read it? → Explores the potential dangers … More →

The post What cybersecurity pros read for fun appeared first on Help Net Security.

For the second time since the start of 2025, a huge number of login credentials extracted from infostealer logs has been added to the database powering the HaveIBeenPwned (HIBP) site and breach notification service. In January 2025, HIBP’s creator Troy Hunt added 71 million email addresses to the database. This time around, Hunt has loaded 284 million unique email addresses, alongside the websites they were entered into and the passwords used, as well as 244 … More →

The post Is your email or password among the 240+ million compromised by infostealers? appeared first on Help Net Security.

Fortanix announced new capabilities to its data encryption and key management platform. Even as organizations struggle to manage the rising costs and complexity of data security, advances in AI and quantum computing will render current protections obsolete. Quantum computers will be able to break most widely used public key cryptographic algorithms, putting long-term sensitive data at risk, and recent innovations in the field signal it could happen sooner than expected—customer information, PII, employee records, and … More →

The post Fortanix protects enterprises from AI and quantum computing threats appeared first on Help Net Security.

Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first verifying whether it’s malicious. “Over the course of the GitVenom campaign, the threat actors behind it have created hundreds of repositories on GitHub that contain fake projects with malicious code – for example, an automation instrument for interacting with Instagram accounts, a Telegram bot allowing to manage Bitcoin wallets, and … More →

The post Hundreds of GitHub repos served up malware for years appeared first on Help Net Security.

Pentera has unveiled Cyber Pulse, a new mechanism to update the Pentera platform with the latest vulnerabilities and attack techniques from the Pentera research team. Cyber Pulse delivers a continuous stream of new cyber exposure validation capabilities, enabling organizations to identify and mitigate new threats and vulnerabilities before they can be exploited. The MITRE ATT&CK catalog grew by over 30 new tactics, techniques, and procedures (TTPs) in the past year alone, while CISA’s Known Exploited … More →

The post Pentera Cyber Pulse identifies new threats and vulnerabilities appeared first on Help Net Security.

Red Hat announced Red Hat OpenShift 4.18, the latest version of the hybrid cloud application platform powered by Kubernetes. Red Hat OpenShift 4.18 introduces new features and capabilities designed to streamline operations and security across IT environments and deliver greater consistency to all applications, from cloud-native and AI-enabled to virtualized and traditional. According to the Gartner press release Top Trends Impacting Infrastructure and Operations for 2025, revirtualization/devirtualization is one of the top I&O trends for … More →

The post Red Hat OpenShift 4.18 enhances security across IT environments appeared first on Help Net Security.

Seal Security launched Seal OS, a solution designed to automatically fix vulnerabilities in both Linux operating systems and application code. Seal OS delivers long-term support for a wide range of Linux distributions, encompassing Red Hat Enterprise Linux, CentOS, Oracle Linux, Debian, Ubuntu, Alpine and more. This support extends to various deployment models, including containers, virtual machines, and bare metal installations. By addressing 99% of Linux vulnerabilities and application code issues, Seal OS provides a solution … More →

The post Seal OS fixes vulnerabilities in Linux operating systems appeared first on Help Net Security.

For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? Many organizations focus on checking the compliance box rather than ensuring their controls are effective. The problem isn’t compliance itself, it’s the mindset. Too often, security teams scramble to pass an audit, only to return to business … More →

The post The compliance illusion: Why your company might be at risk despite passing audits appeared first on Help Net Security.

DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. “The uniqueness of Dalfox lies in its speed and ability to easily integrate into pipelines. When designing Dalfox, my primary focus was reducing unnecessary requests to save time for testers and minimize server load. This approach has proven to be a significant … More →

The post Dalfox: Open-source XSS scanner appeared first on Help Net Security.

In this Help Net Security video, Nataraj Nagaratnam, an IBM Fellow and CTO for Cloud Security, discusses enterprises’ steps to lay a secure foundation for agentic AI deployments. Recent research from IBM and Morning Consult shows that 99% of developers explore or develop AI agents, but this technology heightens cybersecurity and regulatory compliance concerns. Enterprises underestimate the complexity of the AI stack and development lifecycle. Underneath every sleek, intuitive AI application is a complex and … More →

The post How enterprise leaders can secure and govern agentic AI appeared first on Help Net Security.

DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise of personal and financial information of over 3.3 million individuals. What is known about the breach? DISA discovered the breach on April 22, 2024, and the subsequent investigation revealed that an unauthorized third party accessed … More →

The post Background check, drug testing provider DISA suffers data breach appeared first on Help Net Security.

Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows text editor (EmEditor), and system drivers and utilities. The ValleyRAT malware How the malware gets served to users is unknown. In previous attacks attributed to Silver Fox, the group has used SEO poisoning and / … More →

The post China-based Silver Fox spoofs healthcare app to deliver malware appeared first on Help Net Security.

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to spark endless debates. That might have been understandable back in the 1990s when key security roles like the CISO were still being ironed out. But these days, it should be a serious red flag. Security … More →

The post Cybersecurity needs a leader, so let’s stop debating and start deciding appeared first on Help Net Security.

Halcyon announced Halcyon Ransomware Detection and Recovery (RDR), a no-cost integrated service that is now included with every deployment of the Halcyon Anti-Ransomware Platform. Most 24/7 threat monitoring and response services are not included with software platform purchases and are instead only offered at a significant additional cost. Halcyon offers 24/7 ransomware protection from a team of experts who investigate and respond to every single alert triggered in the Halcyon platform at no additional cost. … More →

The post Halcyon RDR boosts ransomware protection for organizations appeared first on Help Net Security.

Netskope announced enhancements to its Netskope One Enterprise Browser. By delivering Enterprise Browser fully integrated with the Netskope One platform’s Security Service Edge (SSE) capabilities, Netskope enables organizations to increase productivity and streamline the security of how unmanaged devices and temporary workers connect to web sites, applications, and other resources. Bring-your-own device (BYOD) policies and the temporary work requirements of contractors are two of many use cases that can create security risks for businesses based … More →

The post Netskope One Enterprise Browser enhancements secure access for unmanaged devices appeared first on Help Net Security.

Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub 10, Nextcloud demonstrates that open source is a viable alternative for secure, enterprise-grade collaboration. What’s new in Nextcloud Hub 10 The new release improves integration, security, and performance, offering organizations a self-hosted alternative. Hub 10 introduces a range of improvements across the … More →

The post Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy appeared first on Help Net Security.

By providing full context around both the application and the development environment, Legit’s ASPM platform empowers CISOs and their team to find, fix, and prevent the application vulnerabilities driving the greatest business risk. The release of Legit context follows on the January 2025 release of root cause remediation, which enables customers to take one practical remediation step to address multiple AppSec issues. “Organizations are challenged by an overwhelming number of vulnerabilities and very little actionable … More →

The post Legit context turns raw data into actionable insights appeared first on Help Net Security.

OwnID announced an addition to its platform: AI-native identity support for AI Agents. With browser-using AI Agents – such as ChatGPT Operator and other autonomous digital assistants becoming an integral part of customer interactions, businesses require a secure, scalable way to manage their identities. In response, OwnID introduces Customer and Agent Identity Management (CAIM) – a new category designed to seamlessly authenticate, authorize, and audit AI Agents operating on behalf of users. “AI Agents are … More →

The post OwnID introduces AI-native identity support for AI Agents appeared first on Help Net Security.

In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked threats that can put organizations at risk.

The post Avoiding vendor lock-in when using managed cloud security services appeared first on Help Net Security.