You don’t have to choose between BAS or automated pentesting, you shouldn’t
There’s a debate making the rounds in security circles that sounds reasonable on the surface but falls apart under operational scrutiny: Which is better, breach and attack …
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training …
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of …
Kali Linux 2026.1 ships BackTrack mode, eight new tools, and a kernel upgrade to 6.18
Penetration testers running Kali Linux have a new release to work with. Version 2026.1 delivers the annual theme refresh, a new BackTrack-inspired mode in kali-undercover, …
Uncle Sam closes the door on all new foreign-made routers
The US Federal Communications Commission (FCC) has imposed a ban on all new routers manufactured overseas being imported into and sold within the United States.
The AI safety conversation is focused on the wrong layer
Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that …
Critical NetScaler ADC, Gateway flaw may soon be exploited (CVE-2026-3055)
Citrix has fixed two vulnerabilities in NetScaler ADC and NetScaler Gateway, with the more serious flaw (CVE-2026-3055) potentially allowing attackers to extract active …
Mimecast expands Incydr with runtime data security for AI and human risk
Mimecast has announced a major expansion of its Incydr offering with new data security capabilities and a preview of the Agent Risk Center. These enhancements deliver runtime …
Russian initial access broker helped ransomware gangs extort millions, sentenced to 81 months
A Russian citizen, Aleksei Volkov, was sentenced to 81 months in prison for helping ransomware groups carry out attacks causing over $9 million in actual losses and over $24 …
Darktrace expands MSSP offering with AI-driven managed email security
Darktrace has launched its managed security service for MSSPs, enabling partners to deliver AI-native email security with real-time detection, investigation, and response …
Novee introduces autonomous AI red teaming to hunt LLM vulnerabilities
Novee today introduced AI Red Teaming for LLM Applications for its AI penetration testing platform, designed to uncover security vulnerabilities in LLM-powered applications …
Detectify uncovers hidden assets and risks across entire IP ranges
Detectify has launched IP Range Scanning, enabling continuous discovery and monitoring of entire IP address blocks to help security teams identify forgotten assets and hidden …
Featured news
Resources
Don't miss
- Why AI changed the threat model for travel technology
- AI red teaming agents change how LLMs get tested
- Verizon DBIR: Vulnerability exploitation is the dominant initial access vector
- TeamPCP breached GitHub’s internal codebase via poisoned VS Code extension
- Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)