Collaborate Disseminate
Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open so… Continue reading Open-source security debt grows across commercial software
Digital Forensics, Investigation, and Response, 5th Edition presents a structured survey of the digital forensics discipline. The book spans foundational principles, platform specific analysis, specialized branches, and incident response integration. A… Continue reading Review: Digital Forensics, Investigation, and Response, 5th Edition
In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports bus… Continue reading AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities
Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined conversations captured between January 1, 2025 and July 31, 2025 across dozens of cyb… Continue reading AI is becoming part of everyday criminal workflows
In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can damage scientific integrity and create safety risks that backups cannot fix. K… Continue reading The hidden security cost of treating labs like data centers
AI assistants are tied into ticketing systems, source code repositories, chat platforms, and cloud dashboards across many enterprises. In some environments, these systems can open pull requests, query internal databases, book services, and trigger auto… Continue reading Enterprises are racing to secure agentic AI deployments
Fake and expired IDs keep showing up in routine customer transactions, from alcohol purchases to credit card applications. The problem shows up most often in industries that depend on fast onboarding and remote transactions, where identity checks rely … Continue reading Identity verification systems are struggling with synthetic fraud
In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware lifecycles. He also discusses risks tied to QR code payments and outlines why loya… Continue reading The CISO view of fraud risk across the retail payment ecosystem
Attackers often gain access through routine workflows like email logins, browser sessions, and SaaS integrations. A single stolen credential can give them a quick path to move across systems when access permissions are broad and visibility is fragmente… Continue reading One stolen credential is all it takes to compromise everything
Cyber threats against the defense industrial base (DIB) are intensifying, with adversaries shifting from traditional espionage toward operations designed to disrupt production capacity and compromise supply chains. In this Help Net Security interview, … Continue reading The defense industrial base is a prime target for cyber disruption