Mirko Zorz
The exploit gap is closing, and your patch cycle wasn’t built for this
The Cloud Security Alliance has published a briefing on what it calls a turning point in the threat landscape: the time between a vulnerability being discovered and a working …
Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what …
Network segmentation projects fail in predictable patterns
Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed …
Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready
In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an …
Review: The Psychology of Information Security
Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it …
Fixing vulnerability data quality requires fixing the architecture first
In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The …
ZeroID: Open-source identity platform for autonomous AI agents
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution …
MITRE releases a shared fraud-cyber framework built from real attack data
Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible …
Bringing governance and visibility to machine and AI identities
In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began …
To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled …
Little Snitch for Linux shows what your apps are connecting to
Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were …
What vibe hunting gets right about AI threat hunting, and where it breaks down
In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts …
Featured news
Resources
Don't miss
- Webinar: The IT Leader’s Guide to AI Governance
- OpenAI expands its cyber defense program with GPT-5.4-Cyber for vetted researchers
- The exploit gap is closing, and your patch cycle wasn’t built for this
- Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time
- Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab