Help Net Security

Forescout announced new Forescout eyeScope cloud visibility and monitoring solution, expanding the Forescout 4D Platform to the cloud. Forescout also announced a new, small footprint, edge data collector for enterprises that require Forescout’s asset intelligence capabilities managed from the cloud for streamlined deployment and faster time to value. Forescout’s asset intelligence and control for managed, unmanaged, and agentless devices has never been more essential. As the latest “Riskiest Connected Devices in 2025” report from Forescout … More →

The post Forescout eyeScope provides organizations with insight into their security posture appeared first on Help Net Security.

Enzoic for AD Lite Password Auditor is an innovative tool designed to integrate with an organization’s Active Directory environment seamlessly. Enzoic analyzed the 2024 AD Lite Password Auditor data to produce this report. New mandates and heightened awareness in 2024 have pushed organizations to scan an unprecedented number of AD accounts using the Enzoic AD Lite Password Auditor. Between 2020 and 2024, Enzoic AD Lite Password Auditor user scans increased 315%, highlighting the rapid increase … More →

The post Enzoic AD Lite Password Audit Report appeared first on Help Net Security.

WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that makes all WhatsApp for Windows versions prior to v2.2450.6 display sent attachments according to their MIME (media) type – i.e., the metadata that says what kind of file it is: audio, image, message, text, application, etc. – but … More →

The post WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) appeared first on Help Net Security.

Okta announced new Okta Platform capabilities to help businesses secure AI agents and other non-human identities with the same level of visibility, control, governance, and automation as human ones. The Okta Platform will now bring a unified, end-to-end identity security fabric to organizations for managing and securing all types of identities across their ecosystem, from AI agents to API keys to employees. The number of non-human identities is set to grow exponentially, with Deloitte forecasting … More →

The post Okta extends identity security fabric to non-human identities appeared first on Help Net Security.

Akamai introduced App & API Protector Hybrid. Users can now expand the critical web application firewall (WAF) capabilities of Akamai’s web application and API protection (WAAP) while consistently securing applications and APIs for multicloud, on-premises, and CDN-agnostic environments. Security leaders are increasingly tasked with protecting dispersed applications while balancing efficiency, visibility, and cost-effectiveness. With this in mind, organizations can use App & API Protector Hybrid to: Standardize WAF protections across multiple environments — ensuring a single source … More →

The post Akamai boosts WAF protections across multiple environments appeared first on Help Net Security.

A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged in attacks since March 2025. About CVE-2025-30406 CentreStack is a platform that allows managed service providers (MSPs) to offer cloud-like file services to their customers: file sharing, backup, collaboration, and remote access. CVE-2025-30406 is a deserialization vulnerability … More →

The post RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) appeared first on Help Net Security.

Furl launched AI-powered remediation platform, designed to revolutionize how security teams tackle backlog of endpoint and server vulnerabilities. By leveraging automation and AI-driven remediation, Furl enables organizations to double their productivity while reducing manual workloads and operational complexity. Addressing the vulnerability backlog crisis With an average of 85 new CVEs identified daily in 2024—a 30% increase from the previous year—security and remediation teams are under immense pressure to identify, prioritize, and patch vulnerabilities across their … More →

The post Furl introduces AI-powered remediation platform appeared first on Help Net Security.

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and tighter control over TLS behavior. Default behaviors reworked OpenSSL 3.5.0 makes several potentially incompatible changes to default settings. Notably, the default encryption cipher for the req, cms, and smime command-line utilities has changed from the aging … More →

The post OpenSSL prepares for a quantum future with 3.5.0 release appeared first on Help Net Security.

Index Engines announced CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense’s highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats and recover with confidence. With more than 1,500 global installations, CyberSense continues to lead the industry in ransomware detection. “As ransomware attacks continue to rise, organizations must ensure they have data integrity to enable fast … More →

The post Index Engines CyberSense 8.10 strengthens AI-driven cyber resilience appeared first on Help Net Security.

Fortinet has unveiled FortiAI innovations embedded across the Fortinet Security Fabric platform to enhance protection against new and emerging threats, simplify and automate security and network operations, and secure employee use of AI-enabled services. “Fortinet’s AI advantage stems from the breadth and depth of our AI ecosystem—shaped by over a decade of AI innovation and reinforced by more patents than any other cybersecurity vendor,” said Michael Xie, President, and CTO at Fortinet. “By embedding FortiAI across … More →

The post Fortinet unveils FortiAI innovations enhancing threat protection and security operations appeared first on Help Net Security.

Fastly announced key updates to Fastly DDoS Protection that deliver visibility into attack mitigation. Fastly DDoS Protection can mitigate attacks in seconds. Now with Fastly DDoS Protection’s Attack Insights, security teams gain real-time insights into DDoS events, empowering them to validate mitigation actions and confidently protect applications and APIs from DDoS attacks. DDoS, or Distributed Denial of Service attacks, can quickly disrupt services with distributed attacks against applications and APIs, causing costly downtime and requiring … More →

The post Fastly DDoS Attack Insights helps reveal and explain the unfolding of a DDoS attack appeared first on Help Net Security.

Tufin releases Tufin Orchestration Suite (TOS) R25-1, bringing expanded device coverage, deeper visibility, and stronger cloud security to today’s modern hybrid and multi-cloud networks. As enterprises expand their networks across multiple cloud platforms and vendors, maintaining security, visibility, and compliance becomes increasingly complex. TOS R25-1 addresses these challenges by: Providing deeper visibility across hybrid environments with Arista, Zscaler, and VMware NSX-T Gateway Firewall support. Expanding automation to streamline security policy changes with Meraki, Microsoft Azure … More →

The post Tufin Orchestration Suite R25-1 brings expanded device coverage and boosts cloud security appeared first on Help Net Security.

Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting, exposing gaps and showing what needs work. It’s a practical way to strengthen response plans before a real attack hits. Budgets are up, and so is pressure A recent survey by Hack The Box shows … More →

The post Why CISOs are doubling down on cyber crisis simulations appeared first on Help Net Security.

In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise risk framework? At Ecolab, we don’t approach cyber risk in isolation. Instead, it’s positioned as an integral component of our overall enterprise risk management framework. We define cyber risk as the potential for … More →

The post Transforming cybersecurity into a strategic business enabler appeared first on Help Net Security.

APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the tool. APTRS features “APTRS is the only tool specifically focused on pentest reporting combined with project and client management. It’s designed to give clients real-time visibility and control over their penetration tests,” Sourav … More →

The post APTRS: Open-source automated penetration testing reporting system appeared first on Help Net Security.

AI-powered cyberattacks are becoming powerful new weapons. Organizations need to act fast to close the gap between today’s defenses and tomorrow’s threats. These attacks are only going to grow. New data from Armis Labs shows that the threat of AI in cyberwarfare is growing. Its third annual global report finds rising concern among organizations and governments worldwide. 73% of IT leaders worry that nation-states are using AI to launch smarter, more targeted attacks. “AI is … More →

The post AI is challenging the geopolitical status quo appeared first on Help Net Security.

April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be – and is being – exploited by attackers to elevate their privileges to SYSTEM on previously compromised Windows machines. “CLFS is no stranger to Patch Tuesday – since 2022, Microsoft has patched 32 CLFS vulnerabilities, averaging … More →

The post Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) appeared first on Help Net Security.

Jit has launched its new AI agents to offload specific and tedious tasks from AppSec teams such as creating risk assessments, threat models, and compliance reports; while making it easy to take action on mitigating security risk. As a result, AppSec teams can keep pace with the risks that are being introduced faster than ever due to AI code-generation tools. “With the rise of AI coding assistants accelerating development speed — security teams simply can’t … More →

The post Jit launches AI agents to ease AppSec workload appeared first on Help Net Security.

Cybersecurity is inextricably tied to the technology it protects. Just as technology continues to grow in variety, quantity, and presence in all of our lives, so too does cybersecurity and our personal responsibility for it. You might be wondering how you can best act on this responsibility. The answer? Strengthen your cyber defense at home and at work. Provided below are 11 steps that you can use to get started. 1. Set cyber defense priorities … More →

The post 11 cyber defense tips to stay secure at work and home appeared first on Help Net Security.

Netskope announced Netskope One DLP On Demand, the newest component in its unified Netskope One Data Security service. Netskope One DLP On Demand enables new data protection integrations for Netskope technology alliance partners, on-premises support for customers, and significant enhancements to further unify Netskope’s data security capabilities. With this launch, Netskope’s data security posture management (DSPM) now includes all of the market-leading and patented capabilities of Netskope One DLP. Netskope’s unified data security helps organizations … More →

The post Netskope One DLP On Demand enhances data security capabilities appeared first on Help Net Security.