Help Net Security
What should investing in cybersecurity look like for a technology organization?
To withstand cyberattacks, businesses must continually update internal systems and avoid hasty tech upgrades that might open the door to attackers. In this Help Net Security …
Is mandatory password expiration helping or hurting your password security?
For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and …
Incident responders increasingly seek out mental health assistance
Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility that’s increasingly challenged by the surge of disruptive attacks, …
HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)
In this Help Net Security video, Austin Jones, Principal Software Engineer at ThreatX, explains what HTTP request smuggling is, and discusses a recently uncovered HTTP request …
Financial crises boost fraud rates, making online consumers more cautious
59% of consumers are more concerned about becoming a victim of fraud now than they were in 2021, according to a research released by Paysafe. This Help Net Security video …
Researchers outline the Lazarus APT offensive toolset
ESET researchers uncovered and analyzed a set of malicious tools that were used by the Lazarus APT group in attacks during the end of 2021. The campaign started with spear …
Detecting fileless malware infections is becoming easier
For some analysts, memory analysis is only an optional step in cybersecurity investigations. Their reasons are simple. One: Handling memory and volatile data is a complex …
The impact of DevSecOps practices on software development
A trending practice for application security, DevSecOps includes integrating security early in the software development life cycle (SDLC) and enables the delivery of reliable …
Why organizations take data sovereignty seriously
According to a Vanson Bourne survey, the vast majority of organizations across France, Germany, the UK, and the US either have sovereignty regulations or policies to keep …
Many IT pros don’t think a ransomware attack can impact Microsoft 365 data
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months, according to Hornetsecurity. The 2022 Ransomware Report, which …
Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in …
The current state of cloud security
Cloud security became much more complicated as COVID-19 hit and remote/hybrid workforces emerged. Organizations are struggling to sufficiently secure new cloud environments …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)