Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Legitify
Legitify: Open-source scanner for security misconfigurations on GitHub and GitLab

Misconfigured source code management platforms remain a common entry point in software supply chain attacks, and organizations often lack visibility into which settings put …

Product showcase: Stop secrets from leaking through AI coding tools with GitGuardian

AI coding assistants are quickly becoming part of everyday development. Tools like Cursor, Claude Code, and GitHub Copilot can now do more than suggest code. They can read …

Data
Network segmentation projects fail in predictable patterns

Most enterprise networks have segmentation on the roadmap. Many have had it there for years. A survey of 400 U.S.-based network security practitioners who lived through failed …

Microsoft Office
Microsoft ends desktop detour for sensitivity labels in Office web apps

Microsoft is rolling out an update to Office for the web that removes a long-standing limitation around document protection, adding new control to browser-based apps. …

OpenSSL
OpenSSL 4.0.0 release cuts deprecated protocols and gains post-quantum support

OpenSSL 4.0.0 removes several long-deprecated features, adds support for Encrypted Client Hello, and introduces API-level changes that will require code updates for …

Anthropic
Testing reveals Claude Mythos’s offensive capabilities and limits

Could Claude Mythos Preview, Anthropic’s latest large language model, be leveraged for fully automated cyber attacks? The UK government’s AI Security Institute …

phishing
W3LL phishing service sold for $500 dismantled by the FBI

The W3LL phishing kit, a cybercrime tool used to impersonate legitimate login pages and steal usernames and passwords, has been dismantled by the FBI and Indonesian law …

email
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend

Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert …

Basic-Fit
Basic-Fit hack compromises data of up to 1 million members

Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more …

Booking.com
Booking.com data breach: Customer reservation data exposed

“Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over …

Google malicious ads
Google to penalize sites that hijack the back button

Google is broadening its spam policies to crack down on “back button hijacking,” a deceptive practice where websites interfere with browser navigation, blocking …

AI
AI adoption is outpacing the safeguards around it

AI is becoming part of professional and private life, reaching mainstream adoption faster than the personal computer or the internet. These systems are tested in reasoning, …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools