Help Net Security

AVP, Vulnerability Management Engineer LPL Financial | USA | Hybrid – View job details As an AVP, Vulnerability Management Engineer, you will configure integrations between vulnerability management/external attack surface and issue tracking tools to most effectively communicate and track identified vulnerabilities. Perform manual testing of vulnerabilities and exploits leveraging tools such as Metasploit, NMAP, and BurpSuite to identify false positives, validate security defenses and identify risk areas. CISO Digital Edge | South Korea | On-site … More →

The post Cybersecurity jobs available right now: May 13, 2025 appeared first on Help Net Security.

US and Dutch law enforcement, with the help of Lumen researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for ad fraud and DDoS and brute-force attacks (among other things). The domain seizure notice The US Department of Justice has also unsealed an indictment against tree Russian and one Kazakhstani national, who allegedly maintained, operated, and profited from the two services. “The 5socks.net website advertised more than 7,000 proxies for … More →

The post Law enforcement takes down proxy botnets used by criminals appeared first on Help Net Security.

A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable systems,” Onapsis warned last week. The second wave of attacks CVE-2025-31324 is a vulnerability in SAP NetWeaver’s Visual Composer tool that allows unauthenticated attackers to: Upload malicious files to the host system by sending carefully crafted … More →

The post Compromised SAP NetWeaver instances are ushering in opportunistic threat actors appeared first on Help Net Security.

Hunted Labs announced Entercept, an AI-powered source code security platform that gives enterprises instant visibility into suspicious behavior from the people and code in their software supply chain. Open source code and the people who write it are the unguarded entry point for cybercriminals aiming to inject ransomware, disrupt business, or commit espionage. As the use of open source code skyrockets, development and security teams face mounting pressure to find out who’s behind their code … More →

The post Hunted Labs Entercept combats software supply chain attacks appeared first on Help Net Security.

Resecurity launched Resecurity One, the next-generation cybersecurity platform designed to improve how organizations approach cybersecurity. Resecurity One combines Digital Risk Management, Cyber Threat Intelligence, Endpoint Protection, Identity Protection, Supply Chain Risk Monitoring, and xDR capabilities into a unified solution, providing comprehensive protection against evolving cyber threats. Resecurity One is a breakthrough in cybersecurity technology that addresses the challenges faced by organizations of all sizes in managing multiple cybersecurity products. By integrating various cybersecurity functionalities into … More →

The post Resecurity One simplifies cybersecurity operations appeared first on Help Net Security.

The Bluetooth Special Interest Group has released Bluetooth 6.1, and one of the most important new features is an update to how devices manage privacy and power. The update, called Bluetooth Randomized RPA (resolvable private address) Updates, helps protect users from tracking and reduces battery drain. Better privacy Bluetooth devices often change their address to make it harder for others to track them. In Bluetooth 6.1, the timing of these changes is now randomized. This … More →

The post Bluetooth 6.1 released, enhances privacy and power efficiency appeared first on Help Net Security.

In this Help Net Security interview, Dr. Peter Garraghan, CEO of Mindgard, discusses their research around vulnerabilities in the guardrails used to protect large AI models. The findings highlight how even billion-dollar LLMs can be bypassed using surprisingly simple techniques, including emojis. To defend against prompt injection, many LLMs are wrapped in guardrails that inspect and filter prompts. But these guardrails are typically AI-based classifiers themselves, and, as Mindgard’s study shows, they are just as … More →

The post Why security teams cannot rely solely on AI guardrails appeared first on Help Net Security.

Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only if you commit and practice.” So, the first step is obvious: Quit avoiding presentations. The more you do them, the better you’ll get. Content first, delivery second We tend to focus on the performance side of presenting: … More →

The post How to give better cybersecurity presentations (without sounding like a robot) appeared first on Help Net Security.

SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). It’s a production-ready implementation of the SPIFFE APIs that handles node and workload attestation to securely issue SVIDs to workloads and verify the SVIDs of other workloads, all based on a predefined set of conditions. SPIRE architecture and components Common use cases include securing service-to-service communication in microservices architectures, enabling zero trust networking, and supporting secure multi-cloud or hybrid cloud deployments. Organizations also … More →

The post SPIRE: Toolchain of APIs for establishing trust between software systems appeared first on Help Net Security.

In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often overlook the security risks associated with properly offboarding workers, especially when offboarding happens in mass and unexpectedly. The process of offboarding can be complex and urgent, often requiring IT teams to act quickly to deactivate access. However, many security teams are already stretched … More →

The post Layoffs pose a cybersecurity risk: Here’s why offboarding matters appeared first on Help Net Security.

Ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack, according to Coalition. 60% of 2024 claims originated from BEC and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF. BEC claims severity increased 23% year-over-year (YoY) to an average loss of $35,000, primarily driven by a spike in the latter half of 2024. FTF claims frequency decreased 2% YoY in 2024 to 0.44% and has … More →

The post Despite drop in cyber claims, BEC keeps going strong appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For many cybersecurity professionals, the CVE program is the foundation for hands-on cybersecurity practice and crucial benchmarking of security preparedness. May 2025 Patch Tuesday forecast: Panic, change, and hope A bit of chaos ensued in the following weeks with the announcement that MITRE would no longer be supporting the CVE Program … More →

The post Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast appeared first on Help Net Security.

A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but as content / output created by a legitimate-looking AI tool. AI as a social engineering lure “As AI surges into mainstream adoption, millions of users turn daily to AI-powered tools for content creation,” Morphisec security … More →

The post Fake AI platforms deliver malware diguised as video content appeared first on Help Net Security.

The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate panel (Source: Help Net Security) The breach has been confirmed by LockBitSupp – the creator, developer and administator of the LockBit ransomware group – who downplayed the attack by saying that decryptors, stolen company data, and the ransomware … More →

The post LockBit hacked: What does the leaked data show? appeared first on Help Net Security.

Chrome and Safari are the most popular browser apps, accounting for 90% of the mobile browsers market share, according to Surfshark. They also collect the most data. Chrome: the most data-hungry browser (Source: Surfshark) The most data-hungry browsers Chrome collects 20 different types of data, including contact information, financial details, location, browsing and search history, user content, identifiers, usage data, diagnostics, and more. It is also the only browser app that collects financial information, such … More →

The post What your browser knows about you, from contacts to card numbers appeared first on Help Net Security.

VicOne announced xAurient, a new automotive threat intelligence platform that enables streamlined threat response by delivering early threat intelligence tailored to the particular manufacturing environment of an original equipment manufacturer (OEM) or Tier 1 supplier. xAurient illuminates the how and why of developing threats, delivers precise insights into attack paths and enables proactive, prioritized countermeasures to ensure product security for software-defined vehicles (SDVs). VicOne’s new xAurient goes beyond gathering fragmented global threat data to define … More →

The post VicOne xAurient accelerates threat response for automakers appeared first on Help Net Security.

Coro unveiled its Security Awareness Training (SAT) module. A purpose-built solution, SAT helps SMBs reduce human error, defend against phishing attacks, and demonstrate compliance without adding new tools to manage. As part of Coro’s modular cybersecurity platform, the new Security Awareness Training module delivers maximum protection with minimal complexity. “Over 90% of breaches start with human error,” said Coro’s CEO, Guy Moskowitz. “AI has made phishing attacks more convincing than ever, which is why our … More →

The post Coro SAT module defends against phishing attacks appeared first on Help Net Security.

BigID announced Privacy Executive Console, a transformative capability within the BigID Next platform designed to empower privacy leaders with a centralized, up-to-date view of their privacy program’s performance, risk posture, and compliance status in a single, intuitive interface. As regulatory scrutiny intensifies and board-level accountability for data privacy grows, organizations can no longer rely on static reports, disconnected tools, and fragmented insights. BigID’s Privacy Executive Console sets a new standard by providing an identity-aware, AI-powered … More →

The post BigID Privacy Executive Console delivers proactive risk intelligence appeared first on Help Net Security.

April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with 84 in Windows 11 and 87 in Windows 10 and all their related servers. There was only one known-exploited exploited vulnerability, CVE-2025-29824, which allowed elevation of privilege but it was present in all operating systems. Overall, a pretty typical monthly … More →

The post May 2025 Patch Tuesday forecast: Panic, change, and hope appeared first on Help Net Security.

If you’re trying to make sense of how to actually build AI agents, not just talk about them, AI Agents in Action might be for you. About the author Michael Lanham, Lead AI Developer at Brilliant Harvest, is a seasoned software and technology innovator with more than 25 years of industry experience. He is the author of 10 books, including Evolutionary Deep Learning. Inside the book Micheal Lanham’s latest book is not an abstract discussion … More →

The post Review: AI Agents in Action appeared first on Help Net Security.