Help Net Security

The post Cybersecurity jobs available right now: June 3, 2025 appeared first on Help Net Security.

A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released on April 24,” they added on Friday. The patch in question fixes CVE-2025-3935, a ViewState deserialization vulnerability affecting ScreenConnect versions 25.2.3 and earlier, which can allow attackers to inject malicious code and achieve … More →

The post Attackers breached ConnectWise, compromised customer ScreenConnect instances appeared first on Help Net Security.

Barracuda Networks unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for managed service providers (MSPs), other channel partners and end users. BarracudaONE simplifies and strengthens security operations by unifying Barracuda’s comprehensive portfolio of solutions into a single, integrated platform. It delivers layered threat protection, managed through a centralized dashboard, reducing operational complexity and improving visibility. By consolidating … More →

The post BarracudaONE boosts threat protection and cyber resilience appeared first on Help Net Security.

DoControl announced expanded capabilities that further support organizations in enforcing zero trust security strategies – without compromising business agility or user productivity. Zero trust principles dictate that no user, device, or location is inherently trusted. While this approach is essential for reducing risk, overly rigid enforcement can hinder business operations. DoControl addresses this challenge with a new capability that balances security with usability. The latest enhancement enables organizations to quarantine sensitive SaaS assets in near … More →

The post DoControl helps organizations enforce zero trust security strategies appeared first on Help Net Security.

The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To manage these exposures effectively, security teams need a streamlined way to track, prioritize, and remediate issues as they’re discovered. PlexTrac empowers offensive and defensive teams to collaborate in real time, transforming manual testing efforts into actionable insights … More →

The post Product showcase: Smarter pentest reporting and exposure management with PlexTrac appeared first on Help Net Security.

In this Help Net Security interview, Aaron McCray, Field CISO at CDW, discusses how AI is transforming the CISO role from a tactical cybersecurity guardian into a strategic enterprise risk advisor. With AI now embedded across business functions, CISOs are leading enterprise-wide governance and risk management efforts. He also shares insights on practical challenges, new skillsets, and building AI-fluent security cultures. With AI now embedded across business functions, how does a CISO’s role evolve to … More →

The post CISO 3.0: Leading AI governance and security in the boardroom appeared first on Help Net Security.

If you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how pentesters are using the tool. It mostly succeeds, with some caveats depending on your experience level and what you’re hoping to get out of it. About the authors David Kennedy, founder of Binary Defense and TrustedSec, is a cybersecurity leader who advised on the series Mr. … More →

The post Review: Metasploit, 2nd Edition appeared first on Help Net Security.

In this Help Net Security video, Mick Leach, Field CISO at Abnormal AI, explores why security awareness training (SAT) is failing to reduce human error, the top cause of cybersecurity incidents. He discusses how AI can transform SAT into a smarter, more dynamic, and personalized defense layer. From just-in-time training and role-based content to automation and adaptive phishing coaches, Leach outlines a vision for next-gen security education that changes behavior and reduces risk.

The post Security awareness training isn’t stopping breaches. Can AI help? appeared first on Help Net Security.

32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible outcome. Software compliance adoption varies across organizations While Software Bill of Material (SBOM) regulations and guidelines continue to increase, organizations vary in their level of adoption. Notably, some organizations do not have enough visibility, while others struggle with insufficient tools and processes. … More →

The post 48% of security pros are falling behind compliance requirements appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerabilities found in NASA’s open source software Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. NIST proposes new metric to gauge exploited vulnerabilities NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and … More →

The post Week in review: NIST proposes new vulnerabilities metric, flaws in NASA’s open source software appeared first on Help Net Security.

Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model that has and continues to work, but it comes with trade-offs, namely: opacity, concentration of power, and limited innovation. A new model of trust With blockchains and decentralized applications (dApps), a new model of trust has … More →

The post Why privacy in blockchain must start with open source appeared first on Help Net Security.

Phishing scams used to be filled with awkward wording and obvious grammar mistakes. Not anymore. AI is now making it harder to distinguish what is real. According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability to automate lures, spoof internal conversations, and bypass spam filters with subtle text variations. Criminals use AI algorithms to analyze large amounts of data to understand the interests, behavior, and preferences of their target. For … More →

The post Using AI to outsmart AI-driven phishing scams appeared first on Help Net Security.

82% of organizations already use AI agents, but only 44% of organizations report having policies in place to secure them, according to SailPoint. While 53% are in the process of developing such policies, the reality is that most remain exposed today. AI agents pose security risks for organizations 96% of technology professionals consider AI agents a growing risk, even as 98% of organizations plan to expand their use of them within the next year. The … More →

The post AI agents have access to key data across the enterprise appeared first on Help Net Security.

Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025. That date might seem far off, but if you’re managing email systems or Office deployments, it’s worth paying attention to now. These products will keep working past that deadline, but without security updates or tech support, they’ll be risky to keep in production. What’s ending and when? The key date to remember is October 14, 2025. On … More →

The post Exchange 2016, 2019 support ends soon: What IT should do to stay secure appeared first on Help Net Security.

Here’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint. New MCP server from groundcover redefines LLM observability A new MCP server, faster than any other on the market, has been launched from groundcover, the eBPF-driven observability platform. Developers can now enhance their AI-driven workflows with deep system context, … More →

The post Infosec products of the month: May 2025 appeared first on Help Net Security.

Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The software update orchestration platform “Today, line-of-business apps, Windows components, Visual Studio, and other products are updated independently,” says Microsoft Product Manager Angie Chen. “Updates across the Windows ecosystem can feel like a fragmented experience … More →

The post Microsoft unveils “centralized” software update tool for Windows appeared first on Help Net Security.

Resecurity has officially launched its AI-driven Compliance Manager. The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards. The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations. The platform currently supports over 20 international and regional compliance frameworks, including: GDPR (General Data Protection … More →

The post Resecurity Compliance Manager empowers cybersecurity leaders with AI-driven insights appeared first on Help Net Security.

Cisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era. Identity is a prime target for bad actors, accounting for 60% of Cisco Talos Incident Response cases in 2024, because current solutions have critical weaknesses that attackers exploit. Duo IAM offers an innovative and security-first approach, with added protection built on its globally trusted multifactor authentication (MFA). Duo IAM … More →

The post Cisco Duo IAM protects against AI-driven identity threats appeared first on Help Net Security.

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security into innovation, manage supply chain risk, and prepare both systems and people for the threats ahead. For Shetty, the idea that innovation competes with security is a false choice. “They go hand in hand,” she says. … More →

The post What CISOs can learn from the frontlines of fintech cybersecurity appeared first on Help Net Security.

Fraudsters are winning the AI arms race, first-party fraud is rising, and siloed systems are holding back defenses, according to DataVisor. Their 2025 Fraud & AML Executive Report, based on surveys of banks, fintechs, credit unions, and digital platforms, outlines clear signals for CISOs trying to build resilient, forward-looking strategies. Fraudsters have the upper hand The most urgent issue? Criminals are using AI better than most organizations. Three in four respondents said fraudsters currently have … More →

The post How CISOs can regain ground in the AI fraud war appeared first on Help Net Security.