Help Net Security

Week in review: Microsoft fixes wormable RCE bug on Windows, check for CitrixBleed 2 exploitation
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) For July 2025 …

Employees are quietly bringing AI to work and leaving security behind
While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI …

Open source has a malware problem, and it’s getting worse
Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the …

C-suites step up on OT cybersecurity, and it’s paying off
There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives, according to Fortinet. …

Global software supply chain visibility remains critically low
Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility …

Can your security stack handle AI that thinks for itself?
In this Help Net Security video, Art Poghosyan, CEO at Britive, explores the rise of agentic AI and its impact on identity security. As autonomous AI agents begin to think, …

July 2025 Patch Tuesday forecast: Take a break from the grind
July 2025 Patch Tuesday is now live: Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) There was a barrage of updates released the week of June 2025 Patch …

Aegis Authenticator: Free, open-source 2FA app for Android
Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to …

Cloud security maintains its position as top spending priority
While most enterprises have integrated cloud resources into their operations, many need to improve their ability to secure these environments and the data they contain, …

Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, …

NTLM relay attacks are back from the dead
NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – …

New hires, new targets: Why attackers love your onboarding process
In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboarding. He explains …