The ongoing evolution of the CIS Critical Security Controls
For decades, the CIS Critical Security Controls (CIS Controls) have simplified enterprises’ efforts to strengthen their cybersecurity posture by prescribing prioritized …
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating …
Sara: Open-source RouterOS security inspector
Sara is an open-source tool designed to analyze RouterOS configurations and identify security vulnerabilities on MikroTik hardware. Sara’s main feature is using regular …
Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd
As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working …
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
NEW STORY: Thursday, January 9, 07:30 ET Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti …
The U.S. Cyber Trust Mark set to launch
The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. “The …
Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers
CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. …
Why an “all gas, no brakes” approach for AI use won’t work
Machine learning and generative AI are changing the way knowledge workers do their jobs. Every company is eager to be “an AI company,” but AI can often seem like a black box, …
Scaling penetration testing through smart automation
In this Help Net Security interview, Marko Simeonov, CEO of Plainsea, discusses how organizations can move beyond compliance-driven penetration testing toward a more …
The top target for phishing campaigns
Despite organizations’ repeated attempts at security awareness training, with a particular emphasis on how employees can avoid being phished, in 2024 enterprise users …
Cybersecurity jobs available right now: January 8, 2025
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. AI Penetration Tester Microsoft | Canada | Remote …
UN aviation agency investigating possible data breach
The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information …
Featured news
Resources
Don't miss
- Deploying AI at the edge: The security trade-offs and how to manage them
- Cybercrime forums Cracked and Nulled seized, operators arrested
- SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs
- Zscaler CISO on balancing security and user convenience in hybrid work environments
- ExtensionHound: Open-source tool for Chrome extension DNS forensics