
Online fraud peaks as breaches rise
Data breaches played a key role in significant financial losses faced by consumers due to fraud. In this Help Net Security video, Steve Yin, Global Head of Fraud at …

Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis …

Photos: RSAC 2025
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The second gallery is …

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities
Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise …

Download: Edgescan 2025 Vulnerability Statistics Report
Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that …

Property renters targeted in simple BEC scam
Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam …

Product showcase: Ledger Flex secure crypto wallet
The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it …

Mobile security is a frontline risk. Are you ready?
The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For …

Villain: Open-source framework for managing and enhancing reverse shells
Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, …

Securing the invisible: Supply chain security trends
Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a …

Why cyber resilience must be part of every organization’s DNA
As AI brings about excitement and transformative potential, the report reveals that organizations are forging ahead with innovations despite increased security concerns, …

44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)