Help Net Security
5 pitfalls that can delay cyber incident response and recovery
The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises …
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to …
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, …
Most organizations change policies to reduce CISO liability risk
93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two …
Report: The State of Secrets Sprawl 2025
GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% …
Dependency-Check: Open-source Software Composition Analysis (SCA) tool
Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool …
The rise of DAST 2.0 in 2025
Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to …
How AI and automation are reshaping security leadership
The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, …
Hackers target AI and crypto as software supply chain risks grow
The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns …
Pay, fight, or stall? The dilemma of ransomware negotiations
Ransomware negotiations are a high-stakes game where every decision matters. In this Help Net Security video, Kurtis Minder, CEO at GroupSense, takes us inside the world of …
Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, …
Top 5 threats keeping CISOs up at night in 2025
Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing …
Featured news
Resources
Don't miss
- Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools
- iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
- Unpacking the security complexity of no-code development platforms
- Researchers warn of ongoing Entra ID account takeover campaign
- LockBit panel data leak shows Chinese orgs among the most targeted