Sanctions won’t stop cyberattacks, but they can still “bite”
Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a …
Python Foundation rejects US government grant earmarked for security improvements
The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its …
AI agents can leak company data through simple web searches
When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how …
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening …
Product showcase: Syteca – The human-centric insider threat management platform
Most organizations think the greatest danger lurks outside their walls. But statistics keep proving otherwise. According to Verizon’s 2025 Data Breach Investigation …
Scammers target international students by threatening their visa status
In 2025, the U.S. government revoked thousands of visas from international students, often without warning or explanation. According to a newly released study, this opened a …
Proximity: Open-source MCP security scanner
Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can …
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache …
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver …
Managing legacy medical devices that can no longer be patched
In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in …
Chain of security weaknesses found in smart air compressor model
Contractors and workshops often rely on air compressors to power their tools and keep projects running. But when those compressors are connected to the internet, convenience …
Review: The Wireless Cookbook
The Wireless Cookbook is a project-centered guide to working with Wi-Fi, Bluetooth, and LoRa, written with the Raspberry Pi as the main platform. It is aimed at people who …
Featured news
Resources
Don't miss
- Five identity-driven shifts reshaping enterprise security in 2026
- What if your face could say “don’t record me”? Researchers think it’s possible
- Conjur: Open-source secrets management and application identity
- Counterfeit defenses built on paper have blind spots
- Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits