Help Net Security

The UK’s phone theft crisis is a wake-up call for digital security
Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving …

Widely available AI tools signal new era of malicious bot activity
Rise in accessible AI tools significantly lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale, according to Thales. …

SafeLine Bot Management: Self-hosted alternative to Cloudflare
Modern websites are under constant pressure from automated traffic: scraping, credential stuffing, inventory hoarding, and other malicious bot behaviors. While Cloudflare Bot …

Cyber threats against energy sector surge as global tensions mount
Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which …

Microsoft vulnerabilities: What’s improved, what’s at risk
Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the …

Inside PlugValley: How this AI vishing-as-a-service group operates
In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered …

Strategic AI readiness for cybersecurity: From hype to reality
AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious …

Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques
MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive …

Browser extensions make nearly every employee a potential attack vector
Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT, according to LayerX. Most extensions have …

Why shorter SSL/TLS certificate lifespans matter
Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve …

94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix …

Chief Legal Officers step up in cybersecurity oversight
In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers …
Featured news
Resources
Don't miss
- Why we must go beyond tooling and CVEs to illuminate security blind spots
- Making security and development co-owners of DevSecOps
- Review: Passwork 7.0, self-hosted password manager for business
- What a mature OT security program looks like in practice
- Machine unlearning gets a practical privacy upgrade