Laying the groundwork for zero trust in the military
In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, …
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) …
Overlooked essentials: API security best practices
In this Help Net Security interview, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID …
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than …
Cybersecurity jobs available right now: July 17, 2024
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Adversary Emulation Team Member Australian Federal …
Most GitHub Actions workflows are insecure in some way
Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose …
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to …
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: …
ChatGPTriage: How can CISOs see and control employees’ AI use?
It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise …
Managing exam pressure: Tips for certification preparation
In this Help Net Security interview, Seth Hodgson, SVP of Engineering at Udemy, discusses effective study techniques for cybersecurity certification exams. Hodgson discusses …
Firmware update hides Bluetooth fingerprints
A smartphone’s unique Bluetooth fingerprint could be used to track the device’s user–until now. A team of researchers has developed a simple firmware update that can …
Major data breaches that have rocked organizations in 2024
This article provides an overview of the major data breaches we covered in 2024 so far, highlighting incidents involving Trello, AnyDesk, France Travail, Nissan, MITRE, …
Featured news
Resources
Don't miss
- Meta open-sources AI tool to automatically classify sensitive documents
- Why SAP security updates are a struggle for large enterprises
- Attackers fake IT support calls to steal Salesforce data
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
- How to manage your cyber risk in a modern attack surface