Mirko Zorz
Reading between the lines of a cyber insurance policy
Enterprises in regulated industries often carry cyber insurance policies because contracts require it or boards ask for documented risk transfer. The global market for these …
What public money does to open-source projects
Most of the software running inside a typical company was written by volunteers the company never paid. Open-source code sits under web apps, build pipelines, and the machine …
Ransom demands are down, email is the top way attackers get in
An employee opens an email that looks like any other, clicks a link, and gives up a password without noticing. A stolen login opens a door deeper in the network. Files stop …
Companies keep getting breached by vulnerabilities they already knew about
Scanning tools have gotten good at their work. Organizations now find more weaknesses across more of their systems than at any earlier point in the industry’s history. A …
GPT-Red beat human red teamers on a prompt injection test
GPT-Red is an automated red-teaming model that OpenAI trains to find prompt injection weaknesses. It works the way a human red-teamer does. It sends a prompt, watches how a …
No one knows how many old shims can still bypass UEFI Secure Boot
The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …
The best defense against AI attacks turns out to be a skeptical human
Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% …
Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, …
Cynative: Open-source deep research agent
Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke …
Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own …
Orbia CISO Miranda Ritchie on building security into sustainable infrastructure
In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing …
OpenAI and Anthropic are pulling in different directions
Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can …
Featured news
Resources
Don't miss
- Prompt injection is becoming the XSS of the web agent era
- The script, not the voice, is what makes AI voice phishing work
- The five step plan that cuts security budget waste
- CISA folds its own hard-won lessons into coordinated vulnerability disclosure guidance
- Romania’s land registry hit by cyber attack, data allegedly for sale