Is the new OWASP API Top 10 helpful to defenders?
The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) …
Adapting authentication to a cloud-centric landscape
In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote …
Password reset woes could cost FTSE 100 companies $156 million each month
Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity …
CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie
The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s …
Are your cybersecurity investments making you less resilient?
In the past decade, digital transformation has become a buzzword in nearly every industry. Organizations have scaled down workforces in favor of automation, moved their …
Why are many businesses still not using a password manager?
Why are we still talking about passwords? We already have single sign-on (SSO), and passwordless is the new buzzword everyone is talking about, but when you put yourself in …
Account pre-hijacking attacks possible on many online services
Online accounts getting hijacked and misused is an everyday occurrence, but did you know that account pre-hijacking attacks are also possible? Inspired by previous research on …
Shadow IT is a top concern related to SaaS adoption
Torii announced a report revealing that 69% of tech executives believe shadow IT is a top concern related to SaaS – or cloud application – adoption. The majority of …
How to contain a privileged access breach and make sure it doesn’t happen again
When attackers pull off a privileged access breach, they have a beachhead into your network. Regardless of whether it’s software or users that are ill-protected, threat actors …
The importance of balancing security requirements and employee user experience
LastPass released the findings of an IDC survey which revealed that “balancing company security requirements and the employee user experience” is the number one identity …
How to ease password pains while maintaining security
As much as any industry, healthcare must deal with a security landscape that is fraught with challenges and tensions. Health delivery organizations (HDOs) operate under …
Organizations failing to give users the login experience they want
Companies often claim to be customer-centric, or even customer-obsessed, striving to offer technologies that their users demand. However, the findings of a recent global Auth0 …
Featured news
Resources
Don't miss
- What vibe hunting gets right about AI threat hunting, and where it breaks down
- Health insurance lead sites sell personal data within seconds of form submission
- Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
- Acrobat Reader zero-day exploited in the wild for many months
- AI agent intent is a starting point, not a security strategy