cybersecurity
Apple counters ClickFix attacks with macOS Terminal warning
Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, …
Why I’m done calling humans the weakest link
Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the …
The art of making technical risk make sense to executives
In this Help Net Security video, Jay Miller, CISO at Paessler, explains how security leaders can communicate technical risk to executives and board members in terms they …
Hottest cybersecurity open-source tools of the month: March 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across …
Why risk alone doesn’t get you to yes
I have been in security rooms for years, from military operations centers to corporate boardrooms. In all those years I can tell you that the hardest mission that most …
Breaking out: Can AI agents escape their sandboxes?
Container sandboxes are part of routine AI agent testing and deployment. Agents use them to run code, edit files, and interact with system resources without direct access to …
Don’t count on government guidance after a smart home breach
People are filling their homes with internet-connected cameras, speakers, locks, and routers. When one of those devices is compromised, the next steps are often unclear. …
AI frenzy feeds credential chaos, secrets leak through code, tools, and infrastructure
Code keeps moving through pipelines, and credentials continue to surface alongside it. GitGuardian’s State of Secrets Sprawl 2026 puts the count at 28.65 million new hardcoded …
Google races to secure encryption before quantum threats arrive
Google is preparing for the quantum era, a turning point in digital security, with a 2029 timeline for post-quantum cryptography (PQC) migration. Security professionals warn …
A nearly undetectable LLM attack needs only a handful of poisoned samples
Prompt engineering has become a standard part of how large language models are deployed in production, and it introduces an attack surface most organizations have not yet …
Your facilities run on fragile supply chains and nobody wants to admit it
In this Help Net Security interview, Christa Dodoo, Global Chair at IFMA, discusses how facility managers are managing supply chain risk in critical building systems. She …
Who owns AI agent access? At most companies, nobody knows
AI agents are operating across production enterprise environments at scale, and the identity infrastructure managing their access has not kept up with their deployment. A …
Featured news
Resources
Don't miss
- Hackers hijacked CPUID downloads, served STX RAT to victims
- Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
- Fixing vulnerability data quality requires fixing the architecture first
- ZeroID: Open-source identity platform for autonomous AI agents
- MITRE releases a shared fraud-cyber framework built from real attack data