How to make developers accept DevSecOps
According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the …
Cybercriminals replace familiar tactics to exfiltrate sensitive data
Ransomware attacks are increasing again as cybercriminals’ motivation shifts to data exfiltration, according to Delinea. The familiar tactics of crippling a company and …
Database management enters a new era of complexity
Increasing complexity, the rapid adoption of emerging technologies and a growing skills gap are the biggest concerns facing IT leaders in 2024, according to Redgate. 30% of …
Self-managed GitLab installations should be patched again (CVE-2024-0402)
Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability …
Hundreds of network operators’ credentials found circulating in Dark Web
After the recent incident involving Orange España and the leakage of credentials from the RIPE NCC portal, which led to a major outage, the cybersecurity community needs to …
Great security or great UX? Both, please
A new user is signing up for a SaaS application. On the one hand, UX teams want that user to get into the app as quickly as possible. On the other hand, security teams want …
Faction: Open-source pentesting report generation and collaboration framework
Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the …
Unlocking sustainable security practices with secure coding education
Despite stringent regulations and calls for ‘security by design’, organizations are still failing to equip teams with the knowledge to secure code, according to Security …
Balancing AI benefits with security and privacy risks in healthcare
To manage an environment of increasing risks and limited resources, healthcare internal audit and compliance departments must align their risk assessments and audit work plans …
Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)
Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of …
Third-party risk management best practices and why they matter
With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party …
Prioritizing cybercrime intelligence for effective decision-making in cybersecurity
In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will …
Featured news
Resources
Don't miss
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform
- Connected homes: Is bystander privacy anyone’s responsibility?
- Google says 2026 will be the year AI supercharges cybercrime