Help Net Security
Average company with data in the cloud faces $28 million in data-breach risk
Hard-to-control collaboration, complex SaaS permissions, and risky misconfigurations — such as admin accounts without multi-factor authentication (MFA) — have left a dangerous …
When transparency is also obscurity: The conundrum that is open-source security
Open-source software (OSS) has a lot of advocates. After all, why would we continuously try and write code that solves problems that others have already solved? Why not share …
Why digital trust is the bedrock of business relationships
In this Help Net Security video, David Samuelson, CEO at ISACA, talks about how enterprises approach digital trust. While nearly 98% of respondents to an ISACA survey say that …
What should investing in cybersecurity look like for a technology organization?
To withstand cyberattacks, businesses must continually update internal systems and avoid hasty tech upgrades that might open the door to attackers. In this Help Net Security …
Is mandatory password expiration helping or hurting your password security?
For decades cybersecurity professionals held tight to the idea that passwords needed to be changed on a regular basis. In recent years, however, organizations such as NIST and …
Incident responders increasingly seek out mental health assistance
Incident responders are primarily driven by a strong sense of duty to protect others. This responsibility that’s increasingly challenged by the surge of disruptive attacks, …
HTTP request smuggling vulnerability in Node.js (CVE-2022-35256)
In this Help Net Security video, Austin Jones, Principal Software Engineer at ThreatX, explains what HTTP request smuggling is, and discusses a recently uncovered HTTP request …
Financial crises boost fraud rates, making online consumers more cautious
59% of consumers are more concerned about becoming a victim of fraud now than they were in 2021, according to a research released by Paysafe. This Help Net Security video …
Researchers outline the Lazarus APT offensive toolset
ESET researchers uncovered and analyzed a set of malicious tools that were used by the Lazarus APT group in attacks during the end of 2021. The campaign started with spear …
Detecting fileless malware infections is becoming easier
For some analysts, memory analysis is only an optional step in cybersecurity investigations. Their reasons are simple. One: Handling memory and volatile data is a complex …
The impact of DevSecOps practices on software development
A trending practice for application security, DevSecOps includes integrating security early in the software development life cycle (SDLC) and enables the delivery of reliable …
Why organizations take data sovereignty seriously
According to a Vanson Bourne survey, the vast majority of organizations across France, Germany, the UK, and the US either have sovereignty regulations or policies to keep …
Featured news
Resources
Don't miss
- CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
- Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
- Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
- Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
- Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)