Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack
A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The …
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents
All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira …
GitHub adds post-quantum protection for SSH access
GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. …
Building security that protects customers, not just auditors
In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading …
Google introduces VaultGemma, a differentially private LLM built for secure data handling
Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent …
AI video surveillance could end privacy as we know it
AI-powered video surveillance brings up big questions about privacy. On one hand, it can make us feel safer, but on the other, it can easily cross the line into intrusion. The …
Product showcase: Clean Links exposes what’s hiding behind a QR code
Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams …
OT security needs continuous operations, not one-time fixes
Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, …
Cybersecurity jobs available right now: September 16, 2025
CISO Haier Europe | Italy | On-site – View job details As a CISO, you will develop an information security strategy aligned with organizational priorities, secure …
Phishing campaign targets Rust developers
Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm …
Most enterprise AI use is invisible to security teams
Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks …
Arkime: Open-source network analysis and packet capture system
Arkime is an open-source system for large-scale network analysis and packet capture. It works with your existing security tools to store and index network traffic in standard …