Help Net Security

Six months into DORA, most financial firms are still not ready
It’s been six months since the EU’s Digital Operational Resilience Act (DORA) came into effect, but a new Censuswide survey shows that nearly all financial services …

Autoswagger: Open-source tool to expose hidden API authorization flaws
Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises …

Your app is under attack every 3 minutes
Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast …

Most data breaches have unknown causes as transparency continues to fall
The Identity Theft Resource Center (ITRC) reports 1,732 publicly disclosed data breaches in H1 2025, marking a 5% increase over the same period in 2024. The ITRC could track a …

What the law says about your next data breach
In this Help Net Security video, Chad Humphries, Solution Consultant, Networks & Cyber Security at Rockwell Automation, explores how cyber risk quantification is becoming …

Enterprise printer security fails at every stage
Printer platform security is often overlooked in enterprise security strategies, creating security gaps, according to HP Wolf Security. By addressing security at every stage, …

How to land your first job in cybersecurity
According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder …

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For …

Why we must go beyond tooling and CVEs to illuminate security blind spots
In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an …

AI adoption is booming but secure scaling not so much
96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its …

Review: Passwork 7.0, self-hosted password manager for business
Over the years, the number of services we use has exploded, and so has the need to protect our credentials. Back in what I like to call “the age of innocence,” we scribbled …

Why silent authentication is the smarter way to secure BYOD
In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity …
Featured news
Resources
Don't miss
- August 2025 Patch Tuesday forecast: Try, try again
- Third-party partners or ticking time bombs?
- What GPT‑5 means for IT teams, devs, and the future of AI at work
- Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)
- SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls