Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
door
Prompt injection is becoming the XSS of the web agent era

Autonomous web agents read whatever a page displays, and much of that content comes from strangers. Product reviews, seller listings, and advertisements sit beside trusted …

Voice
The script, not the voice, is what makes AI voice phishing work

The call comes in at 4:40 on a Friday. The voice belongs to a senior manager, or sounds close enough, and she needs a password reset before a flight. She is polite, she is in …

open source
What public money does to open-source projects

Most of the software running inside a typical company was written by volunteers the company never paid. Open-source code sits under web apps, build pipelines, and the machine …

Robot
An AI overthinking attack can tie a robot up for over a minute

Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text …

bomb
“Context bombs” can frustrate AI-driven attacks, researchers found

A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable …

open vault
No one knows how many old shims can still bypass UEFI Secure Boot

The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and …

cyber threat
New tutorials on underground hacking forums have roughly doubled

Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card …

smart home
Fake smart home residents could stand in for real ones in security research

Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house …

Chip
A hardware security AI assistant that checks chips for hidden backdoors

Chip designers license blocks of circuitry from outside vendors and drop them into larger products. A single processor can carry components from a range of suppliers, each …

open source
The open source library holding up your stack might have one maintainer

Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, …

data request
Most data brokers won’t tell you what happened to your deletion request

Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government …

yes no
Your coding agent says no in chat and yes in the code

Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools