cybersecurity
Auto finance fraud is costing dealers up to $20,000 per incident
Auto retailers see fraud as a regular part of selling and financing vehicles, something that shows up often enough to plan around, according to Experian. Income and identity …
Why boards must prioritize non-human identity governance
Boards of Directors (BoDs) do three things exceptionally well when cyber is framed correctly. They set risk appetite, they allocate capital, and they demand evidence that the …
Product showcase: 2FAS Auth – Free, open-source 2FA for iOS
Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer …
Microsoft sets a path to switch off NTLM across Windows
Windows is shifting to a more secure authentication approach, moving away from New Technology LAN Manager (NTLM) and toward stronger, Kerberos-based options. NTLM has been …
Open-source AI pentesting tools are getting uncomfortably good
AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into …
Where NSA zero trust guidance aligns with enterprise reality
The NSA has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, providing structured guidance for organizations working to implement zero trust …
What boards need to hear about cyber risk, and what they don’t
In this Help Net Security video, Rishi Kaushal, CIO at Entrust, explains how security leaders should talk to the board about cyber risk. He focuses on what matters to board …
AI is flooding IAM systems with new identities
Most organizations view AI identities through the same lens used for other non-human identities, such as service accounts, API keys, and chatbots, according to The State of …
Security work keeps expanding, even with AI in the mix
Board attention continues to rise, and security groups now operate closer to executive decision making than in prior years, a pattern reflected the Voice of Security 2026 …
Security teams are carrying more tools with less confidence
Enterprise environments now span multiple clouds, on-premises systems, and a steady flow of new applications. Hybrid and multi-cloud setups are common across large …
New infosec products of the month: January 2026
Here’s a look at the most interesting products from the past month, featuring releases from Acronis, Booz Allen Hamilton, cside, Descope, JumpCloud, MIND, Noction, Obsidian …
Open-source malware zeroes in on developer environments
Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader …
Featured news
Resources
Don't miss
- Edge computing’s biggest lie: “We’ll patch it later”
- Cyber risk is becoming a hold-period problem for private equity firms
- Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
- 1Password open sources a benchmark to stop AI agents from leaking credentials
- Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)