Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Apple
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. …

password
Is your password manager truly GDPR compliant?

Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security …

Google Play
Google Play Store’s privacy practices still confuse Android users

Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play Store, those privacy sections often leave people …

code
BlueCodeAgent helps developers secure AI-generated code

When AI models generate code, they deliver power and risk at the same time for security teams. That tension is at the heart of the new tool called BlueCodeAgent, designed to …

hand
The confidence trap holding security back

Security leaders often feel prepared for a major cyber incident, but performance data shows a different reality. Teams continue to miss key steps during practice scenarios, …

industry
When IT fails, OT pays the price

State groups, criminal crews, and hybrid operators are all using familiar IT entry points to reach systems that support industrial processes, according to the latest …

7-zip
Public PoC exploit for 7-Zip vulnerability is available (CVE-2025-11001)

NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by …

ISC2
Exam prep hacked: Study tips and tricks that really work

Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your …

Fortinet
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 …

danger
Threat group reroutes software updates through hacked network gear

Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked …

mobile
The long conversations that reveal how scammers work

Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the …

Arm Metis
Metis: Open-source, AI-driven tool for deep security code review

Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools