Report: The state of authentication security 2023
This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses. Key findings from the …
Released: AI security guidelines backed by 18 countries
The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems “build AI systems that function as …
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised …
OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more!
OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL …
AWS Kill Switch: Open-source incident response tool
AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda …
Why it’s the perfect time to reflect on your software update policy
The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security …
Vulnerability disclosure: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in …
Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PolarDNS: Open-source DNS server tailored for security evaluations PolarDNS …
NIS2 and its global ramifications
The Network and Information Systems Directive (NIS2), due to come into effect in October 2024, seeks to improve cyber resilience in the European Union (EU). Its effects are …
Network security tops infrastructure investments
Network security is both the top challenge and the top investment priority for enterprise IT leaders, according to ISG. Network security challenges 60% of respondents to the …
AI and contextual threat intelligence reshape defense strategies
AI continues to evolve to improve both cyber defense and cyber criminal activities, while regulatory pressures, continued consolidation, and geopolitical concerns will drive …
Cybercriminals turn to ready-made bots for quick attacks
Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These attacks comprised 73% of all website and app …
Featured news
Resources
Don't miss
- Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
- Rethinking AppSec: How DevOps, containers, and serverless are changing the rules
- Autorize: Burp Suite extension for automatic authorization enforcement detection
- RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
- Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)