Mirko Zorz
Security debt is becoming a governance issue for CISOs
Application security backlogs keep expanding across large development portfolios. Veracode’s 2026 State of Software Security Report puts numbers behind a familiar operational …
BlacksmithAI: Open-source AI-powered penetration testing framework
BlacksmithAI is an open-source penetration testing framework that uses multiple AI agents to execute different stages of a security assessment lifecycle. A multi-agent …
DeVry University’s CISO on higher education cybersecurity risk
In this Help Net Security interview, Fred Kwong, VP, CISO at DeVry University, outlines how the university balances academic openness with cyber risk. He describes how systems …
Industrial networks continue to leak onto the internet
Industrial operators continue to run remote access portals, building automation servers, and other operational technology services on public IP address ranges. Palo Alto …
The $19.5 million insider risk problem
Routine employee activity across corporate systems carries an average annual cost of $19.5 million per organization. That figure comes from the 2026 Cost of Insider Risks …
Open-source security debt grows across commercial software
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk …
Review: Digital Forensics, Investigation, and Response, 5th Edition
Digital Forensics, Investigation, and Response, 5th Edition presents a structured survey of the digital forensics discipline. The book spans foundational principles, platform …
AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities
In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She …
AI is becoming part of everyday criminal workflows
Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined …
The hidden security cost of treating labs like data centers
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can …
Enterprises are racing to secure agentic AI deployments
AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can …
Identity verification systems are struggling with synthetic fraud
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that …