NIST finalizes lightweight cryptography standard for small devices
The National Institute of Standards and Technology (NIST) has finalized a lightweight cryptography standard to protect even the smallest networked devices from cyberattacks. …
Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)
For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal …
Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)
Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About …
AWS CISO explains how cloud-native security scales with your business
In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the …
Product showcase: Apricorn Aegis NVX, a high-security, portable SSD
The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS …
How to build and grow a scalable vCISO practice as an MSP
The cybersecurity needs of small and midsize businesses have reached a critical point. Compliance mandates, increasing ransomware attacks, and cyber insurance requirements are …
Global OT cyber risk could top $329 billion, new report warns
A new study from Dragos and Marsh McLennan puts hard numbers on the global financial risk tied to OT cyber incidents. The 2025 OT Security Financial Risk Report estimates that …
CISOs face a complex tangle of tools, threats, and AI uncertainty
Most organizations are juggling too many tools, struggling with security blind spots, and rushing into AI adoption without governance, according to JumpCloud. The average …
Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)
FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting CitrixBleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC …
WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)
The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian …
APT groups are getting personal, and CISOs should be concerned
Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members …
What makes a security program mature and how to get there faster
Security leaders are flush with tools and data, but it’s not helping their programs mature. In this Help Net Security video, PlexTrac’s Dan DeCloss outlines the 3 key …
Featured news
Resources
Don't miss
- Superagent: Open-source framework for guardrails around agentic AI
- Security chaos engineering matters when nothing is broken
- Five identity-driven shifts reshaping enterprise security in 2026
- What if your face could say “don’t record me”? Researchers think it’s possible
- Conjur: Open-source secrets management and application identity