Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.

News

NIST
NIST updates its DNS security guidance for the first time in over a decade

DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance …

cybersecurity week in review
Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net …

Cisco
Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a …

Android
Google slows Android sideloading to trip up scammers

Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at …

insider threat
Terminated contract led to $2.5 million cyber extortion scheme

A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international …

botnet
Authorities disrupt four IoT botnets behind record DDoS attacks

The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded.

music
Fake AI songs streamed billions of times, netting fraudster $10 million

Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments …

ScreenConnect
Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted …

Chris Thompson
Field workers don’t need more access, they need better security

In this Help Net Security interview, Chris Thompson, CISO at West Shore Home, discusses least privilege and credential hygiene for a field-based workforce. He covers access …

cloud
Cloud misconfiguration has evolved and your controls haven’t

In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the …

Infosec products of the week
New infosec products of the week: March 20, 2026

Here’s a look at the most interesting products from the past week, featuring releases from Intel 471, Kore.ai, NinjaOne, Pindrop, Secure Code Warrior, Token Security, and Xona …

llamafile
Llamafile, Mozilla’s portable LLM runner, gets GPU support and a rebuilt core

Running a large language model on a single machine without cloud access or a container runtime remains a priority for practitioners working in air-gapped or …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools