cybersecurity
Why your phishing simulations aren’t building a security culture
Security culture isn’t built by phishing simulations. In this Help Net Security video, Dan Potter, VP of Cyber Resilience at Immersive, argues that annual training …
Your security stack looks fine from the dashboard and that’s the problem
One in five enterprise endpoints is operating outside a protected and enforceable state on any given day, according to device telemetry collected across tens of millions of …
The AI safety conversation is focused on the wrong layer
Organizations have spent years accumulating fragmented identity systems: too many roles, too many credentials, too many disconnected tools. For a workforce of humans, that …
Measuring security performance in real-time, not once a quarter
Most organizations have invested heavily in security products over the past decade. The assumption embedded in that spending is that more tools equal better protection. Tim …
Attackers are handing off access in 22 seconds, Mandiant finds
Exploits remain the leading entry point for attackers for the sixth consecutive year, according to Mandiant’s M-Trends 2026 report, which draws on more than 500,000 …
Quantum threats are already active and the defense response remains fragmented
Enterprises are moving toward post-quantum security at uneven speeds, and the gap between organizations that have built crypto-agility into their infrastructure and those that …
The devices winning the race to get hacked in 2026
Enterprise networks keep adding connected devices, expanding the attack surface as threat actors target a wider range of systems, many of which are difficult to inventory, …
Your AI agents are moving sensitive data. Do you know where?
In this Help Net Security interview, Gidi Cohen, CEO at Bonfy.AI, addresses what he sees as the most pressing gap in AI agent security: data-layer risk. While the industry …
Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose …
NIST updates its DNS security guidance for the first time in over a decade
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance …
Field workers don’t need more access, they need better security
In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access …
Secure endpoint management systems immediately, CISA urges
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that the cyberattack on Stryker Corporation serves as a signal to U.S. organizations that foreign cyber …
Featured news
Resources
Don't miss
- FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
- Cisco IMC auth bypass vulnerability allows attackers to alter user passwords (CVE-2026-20093)
- Claude Code source leak exploited to spread malware
- Trivy supply chain attack enabled European Commission cloud breach
- Microsoft releases open-source toolkit to govern autonomous AI agents