“Patched” but still exposed: US federal agencies must remediate Cisco flaws (again)
CISA has ordered US federal agencies to fully address two actively exploited vulnerabilities (CVE-2025-20333, CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) and …
Rhadamanthys infostealer operation disrupted by law enforcement
The rumors were true: Operation Endgame, a joint effort between law enforcement and judicial authorities of several European countries, Australia, Canada, the UK and the US, …
Healthcare security is broken because its systems can’t talk to each other
In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With …
Wanna bet? Scammers are playing the odds better than you are
Placing a bet has never been this easy, and that’s the problem. The convenience of online gambling is the same thing scammers are cashing in on. Whether it’s a fake app, a …
Sprout: Open-source bootloader built for speed and security
Sprout is an open-source bootloader that delivers sub-second boot times and uses a clean, data-driven configuration format that works across operating systems. “We built …
Automation can’t fix broken security basics
Most enterprises continue to fall short on basic practices such as patching, access control, and vendor oversight, according to Swimlane’s Cracks in the Foundation: Why …
The browser is eating your security stack
Employees log into SaaS platforms, upload files, use AI tools, and manage customer data from a single tab. While the browser has become the enterprise’s main workspace, it …
Google adds Emerging Threats Center to speed detection and response
When a new vulnerability hits the news, security teams often scramble to find out if they are at risk. The process of answering that question can take days or weeks, involving …
UK’s new Cyber Security and Resilience Bill targets weak links in critical services
The UK government has introduced the Cyber Security and Resilience Bill, a major piece of legislation designed to boost the country’s protection against cyber threats. The new …
Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)
Microsoft has delivered a rather light load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have received a fix, among them an actively exploited Windows …
When every day is threat assessment day
In this Help Net Security interview, Paul J. Mocarski, VP & CISO at Sammons Financial Group, discusses how insurance carriers are adapting their cybersecurity strategies. …
Autonomous AI could challenge how we define criminal behavior
Whether we ever build AI that thinks like a person is still uncertain. What seems more realistic is a future with more independent machines. These systems already work across …
Featured news
Resources
Don't miss
- Building the missing layers for an internet of agents
- What security leaders should watch for when companies buy or sell a business
- Malicious Rust packages targeted Web3 developers
- Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
- Smart grids are trying to modernize and attackers are treating it like an invitation