cybersecurity
Phishing can masquerade as emergency alerts for disasters, researchers warn
Emergency alerts for disasters like earthquakes and tsunamis are messages we hope we never see, and we trust them when they arrive. Researchers have shown that this trust can …
Can your coding style predict whether your code is vulnerable?
Developers leave fingerprints in the code they write. Naming choices, indentation patterns, preferred APIs, and the way someone structures a loop or handles a pointer all …
One in four MCP servers opens AI agent security to code execution risk
Enterprise deployments of AI agents lean on two extension mechanisms that introduce risk at different layers of the stack. MCP servers expose deterministic code functions with …
Pipelock: Open-source AI agent firewall
AI coding agents run with shell access, environment variables containing API keys, and unrestricted internet connectivity, creating a single point of failure where one …
Spotting third-party cyber risk before attackers do
In this Help Net Security video, Jeffrey Wheatman, SVP and Cyber Strategist at Black Kite, discusses how organizations can identify and manage third-party cyber exposures …
What researchers learned about building an LLM security workflow
Security operations centers are running into the same wall everywhere. Detection tools generate more alerts than analysts can work through, and the early stages of any …
Automated LLM red teaming gets a learning layer
Automated red teaming of large language models has settled into a familiar pattern over the past two years. An attacker model generates jailbreak attempts against a target …
Time to keep up with AI-driven attacks is narrowing, OpenAI says
OpenAI is outlining a plan to expand access to advanced AI tools for cybersecurity defenders, warning that attackers are already using the technology to scale operations. In …
The Exchange Online security controls organizations keep getting wrong
In this Help Net Security interview, Scott Schnoll, Microsoft MVP for Exchange, breaks down the Shared Responsibility Model, where Microsoft secures the cloud while …
Identity discovery: The overlooked lever in strategic risk reduction
If you ask a CISO what keeps them up at night, the answer usually isn’t “lack of tools.” It’s uncertainty. Uncertainty about what they don’t see. Uncertainty about how far an …
Open-source IPFire DNS Firewall blocks malware and phishing at the resolver
The IPFire project shipped Core Update 201 for its 2.29 release line, bringing DNS-layer domain blocking into the open-source firewall distribution. The update replaces two …
Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source
Researchers submit papers to arXiv every day, and most of them upload the LaTeX source files alongside the PDF. The preprint service requires source uploads when available, …
Featured news
Resources
Don't miss
- $20 per zero-day is already the WordPress plugin reality
- Deleted Google API keys keep working for up to 23 minutes, researchers warn
- Meet Fractal, an OS made for microarchitecture reverse engineering
- Microsoft open-sources tools for designing and testing AI agents
- GitHub, Grafana Labs breaches traced back to TanStack supply chain compromise