Why incident response breaks down when it matters most
In this Help Net Security video, Jon David, Managing Director, NR Labs, discusses why incident response often breaks down during a breach. Drawing on years of experience …
ShinyHunters flip the script on MFA in new data theft attacks
Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in …
Where NSA zero trust guidance aligns with enterprise reality
The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust …
A practical take on cyber resilience for CISOs
In this Help Net Security video, Shebani Baweja, CISO, Wealth and Retail Banking & Markets at Standard Chartered, explains how security leaders should think about cyber …
A new framework helps banks sort urgent post-quantum crypto work from the rest
Financial institutions now have a concrete method for deciding where post-quantum cryptography belongs on their security roadmaps. New research coordinated by Europol sets out …
The NSA lays out the first steps for zero trust adoption
Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting …
Turning plain language into firewall rules
Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into …
NIST issues guidance on securing smart speakers
Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal …
LLMs work better together in smart contract audits
Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models …
Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method …
The soft underbelly of space isn’t in orbit, it’s on the ground
In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why …
Why vulnerability reports stall inside shared hosting companies
Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what …
Featured news
Resources
Don't miss
- The SOC’s visibility gap comes down to staffing
- Microsoft AntiSSRF open-source library helps block server-side request forgery
- The checklist problem behind critical infrastructure cyber safety
- Attackers are exploiting FortiSandbox vulnerabilities
- SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)