remediation
What the Fortibleed campaign means for organizations running FortiGate firewalls
A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, …
China-linked spies backdoored authentication stack to stay hidden for years
A China-linked cyber espionage group known as Velvet Ant spent nearly a decade inside the internal network of an unnamed organization without being detected, according to the …
Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
Once a secret enters Git, it’s expensive to remediate. But the real problem runs deeper than cost. Grégory Maitrallain, Solution Architect at Orange Business, discovered …
The 2026 State of Pentesting: Why delivery and follow-through matter more than ever
Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is …
Downtime pushes resilience planning into security operations
CISOs describe a shift in how they define success. New research from Absolute Security shows broad agreement that resilience outweighs security goals centered on prevention …
Fragmented tooling slows vulnerability management
Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new …
Financial services can’t shake security debt
In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” …
Exposed and unaware? Smart buildings need smarter risk controls
75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty.
Developing an effective cyberwarfare response plan
In this Help Net Security interview, Nadir Izrael, CTO at Armis, discusses how AI has transformed cyberwarfare by amplifying attacks’ scale and sophistication. Izrael …
Detecting vulnerable code in software dependencies is more complex than it seems
In this Help Net Security interview, Henrik Plate, CISSP, security researcher, Endor Labs, discusses the complexities AppSec teams face in identifying vulnerabilities within …
How to make Infrastructure as Code secure by default
Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through …
Strategies for preventing AI misuse in cybersecurity
As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing …
Featured news
Resources
Don't miss
- Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)
- 5,811 arrests, $293 million seized over social engineering scams
- Your coding agent says no in chat and yes in the code
- Malicious AI agent skills can slip past the scanners built to stop them
- The fake report message that ends with a stolen Reddit account