Your critical infrastructure is running out of time
Cyber attackers often succeed not because they are inventive, but because the systems they target are old. A new report by Cisco shows how unsupported…
Category: HelpnetSecurity
Hottest cybersecurity open-source tools of the month: November 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Heisenberg: Open-source software supply chain health check…
The identity mess your customers feel before you do
Customer identity has become one of the most brittle parts of the enterprise security stack. Teams know authentication matters, but organizations keep using methods that…
Criminal networks industrialize payment fraud operations
Fraud operations are expanding faster than payment defenses can adjust. Criminal groups function like coordinated businesses that develop tools, automate tasks, and scale attacks. New…
Gainsight breach: Salesforce details attack window, issues investigation guidance
The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise…
New “HashJack” attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links…
Small language models step into the fight against phishing sites
Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models…
Heineken CISO champions a new risk mindset to unlock innovation
In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than…
DeepTeam: Open-source LLM red teaming framework
Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention…
Popular code formatting sites are exposing credentials and other secrets
Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The…
Tor Project is rolling out Counter Galois Onion encryption
People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength…
Fake “Windows Update” screens fuels new wave of ClickFix attacks
A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery…