How state-sponsored attackers hijacked Notepad++ updates
UPDATE: Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by …
Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been …
Open-source AI pentesting tools are getting uncomfortably good
AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into …
Where NSA zero trust guidance aligns with enterprise reality
The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust …
Pompelmi: Open-source secure file upload scanning for Node.js
Software teams building services in JavaScript are adding more layers of defense to handle untrusted file uploads. An open-source project called Pompelmi aims to insert …
What boards need to hear about cyber risk, and what they don’t
In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board …
AI is flooding IAM systems with new identities
Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of …
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security …
Microsoft sets new timeline for Sentinel transition to Defender portal
Microsoft has updated the timeline for transitioning the Microsoft Sentinel experience from the Azure portal to the Microsoft Defender portal from July 1, 2026 to March 31, …
Ex-Google engineer found guilty of stealing AI secrets
A federal jury in California convicted former Google software engineer Linwei Ding, also known as Leon Ding, on seven counts of economic espionage and seven counts of theft of …
EFF calls out major tech companies on encryption promises
The Electronic Frontier Foundation (EFF) has introduced a new campaign called Encrypt It Already, focused on expanding the use of end-to-end encryption in consumer technology …
Apple’s new privacy feature limits how precisely carriers track your location
Apple users are already accustomed to managing app-level location permissions, and a new privacy feature in iOS 26.3 extends that control to cellular networks. Called Limit …
Featured news
Resources
Don't miss
- How AI is reshaping attack path analysis
- What happens when cybersecurity knowledge walks out the door
- AI-driven scams are eroding trust in calls, messages, and meetings
- Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
- European Commission hit by cyberattackers targeting mobile management platform