
The future of authentication: Why passwordless is the way forward
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused. Even the most complex …

Browser extensions make nearly every employee a potential attack vector
Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT, according to LayerX. Most extensions have …

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected
American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach …

Critical flaws fixed in Nagios Log Server
The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The …

Why shorter SSL/TLS certificate lifespans matter
Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve …

Cybercriminal groups embrace corporate structures to scale, sustain operations
In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale …

94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix …

Chief Legal Officers step up in cybersecurity oversight
In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers …

Cybersecurity jobs available right now: April 15, 2025
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. CISO Department of Justice | Australia | On-site …

Package hallucination: LLMs may deliver malicious code to careless devs
LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed …

The quiet data breach hiding in AI workflows
As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use …

Tirreno: Open-source fraud prevention platform
Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, …
Featured news
Resources
Don't miss
- China-linked Murky Panda targets and moves laterally through cloud services
- Five ways OSINT helps financial institutions to fight money laundering
- DevOps in the cloud and what is putting your data at risk
- Russian threat actors using old Cisco bug to target critical infrastructure orgs
- AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged