Geopolitical cyber threats are turning HR into a security front line

In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors tha… Continue reading Geopolitical cyber threats are turning HR into a security front line

What a financial planner taught me about cybersecurity

When I spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience really engaged with the subject. As happens at conferences the world over, people often come up to speakers to ask follow-up questions, or just… Continue reading What a financial planner taught me about cybersecurity

Getting boards to fund ERM means speaking their currency

In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for. Drawing on nearly four decades in cybersecurity, including time as a CISO an… Continue reading Getting boards to fund ERM means speaking their currency

Week in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploited

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Encrypted DNS still tells an eavesdropper where to look Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of… Continue reading Week in review: Fortibleed campaign’s impact on orgs, Cisco Unified CM flaw exploited

Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads

The Agentic SOC market is loud. Dozens of vendors promise to take alert triage, investigation, and response off your analysts’ plates, but most claims have never been tested in production. The hard part is separating operational improvement from … Continue reading Product showcase: How to evaluate AI SOC platforms and where Prophet AI leads

23 ClawHub plugins squatting official scopes expose AI registry security gaps

Plugin registries for AI agents use npm-style scopes like @openclaw/ and @clawhub/ to signal who published a package. But on ClawHub, a registry whose plugins run with Claude, OpenClaw, and other agents, those official scopes weren’t reserved to … Continue reading 23 ClawHub plugins squatting official scopes expose AI registry security gaps

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A hardware neural network backdoor that hides in plain sight Deep learning systems on edge devices often rely on third-party-designed FPGAs and ASICs for … Continue reading Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

How security teams are getting credential visibility into developer endpoints

As we noted in our earlier analysis, attackers already know secrets are on your developers’ machines, the only question is whether security teams do. The supply chain attack calendar of 2026 has been relentless. Megalodon backdoored 5,500 GitHub … Continue reading How security teams are getting credential visibility into developer endpoints

Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure

In this Help Net Security video, Rick Goud, Global Field CTO at Kiteworks, discusses how to handle SEC, NIS2, and DORA disclosure timelines during a security incident. He opens with a 3.47 a.m. call: the team cannot confirm whether customer data left t… Continue reading Navigating SEC, NIS2, and DORA incident disclosure timelines under pressure