New “HashJack” attack can hijack AI browsers and assistants
Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links…
Category: HelpnetSecurity
Small language models step into the fight against phishing sites
Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models…
Heineken CISO champions a new risk mindset to unlock innovation
In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than…
DeepTeam: Open-source LLM red teaming framework
Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention…
Popular code formatting sites are exposing credentials and other secrets
Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The…
Tor Project is rolling out Counter Galois Onion encryption
People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength…
Fake “Windows Update” screens fuels new wave of ClickFix attacks
A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery…
Microsoft cracks down on malicious meeting invites
Phishing is shifting into places people rarely check. Meeting invites that plant themselves on calendars can survive long after the malicious email is gone. That…
How an AI meltdown could reset enterprise expectations
In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past…
Aircraft cabin IoT leaves vendor and passenger data exposed
The expansion of IoT devices in shared, multi-vendor environments, such as aircraft cabins, has created tension between the benefits of data collaboration and the risks…
The breaches everyone gets hit by (and how to stop them)
Headlines scream about zero-days and nation-state attacks, but the reality is far less glamorous. Ross Haleliuk, from Venture in Security talks about the concept of…
Supply chain sprawl is rewriting security priorities
Organizations depend on long chains of vendors, but many cybersecurity professionals say these relationships create gaps they cannot see or control. A new ISC2 survey…