Mirko Zorz
No one knows how many old shims can still bypass UEFI Secure Boot
The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …
The best defense against AI attacks turns out to be a skeptical human
Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% …
Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, …
Cynative: Open-source deep research agent
Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke …
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own …
Orbia CISO Miranda Ritchie on building security into sustainable infrastructure
In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing …
OpenAI and Anthropic are pulling in different directions
Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can …
Researchers make the case for a cybersecurity AI scientist
Autonomous AI agents have started doing real security work. Language-model agents probe software for flaws, run penetration tests, and chain together attack steps that once …
Securing the inbox: Where identity, brand and security meet
Getting a verified logo to appear next to your email has traditionally meant having to work with two separate entities. You have to work with a DMARC partner for setting up …
The endpoint recovery gap many teams discover during an incident
In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often …
Nika: Open-source code analysis tool
Many serious security bugs in web applications sit across several files at once. Request data enters through a controller, moves through data objects and service layers, and …
AI-generated code risks reach security, legal, and compliance teams
Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found …
Featured news
Resources
Don't miss
- The MDR renewal question: What changes when AI can handle the alerts
- SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
- “Context bombs” can frustrate AI-driven attacks, researchers found
- No one knows how many old shims can still bypass UEFI Secure Boot
- The best defense against AI attacks turns out to be a skeptical human