Encrypted DNS still tells an eavesdropper where to look

Encrypted DNS runs across much of the Internet. DNS over TLS, HTTPS, and QUIC keep the contents of a query away from anyone watching a network link. The encryption covers the message inside each packet. The packet still carries plaintext headers, and t… Continue reading Encrypted DNS still tells an eavesdropper where to look

Your browser tab could become encrypted storage for someone else’s files

Decentralized storage networks already hand pieces of people’s data to strangers’ machines. The lasting question across these networks is whether the machine holding the data can read it. A research paper by Gregory Magarshak, a professor a… Continue reading Your browser tab could become encrypted storage for someone else’s files

Securing digital keys when your phone unlocks the car

In this interview with Help Net Security, Alysia Johnson, President of the Car Connectivity Consortium (CCC), explains how the CCC Digital Key has grown from a single-brand feature into a standard meant to work across phones, automakers, and suppliers…. Continue reading Securing digital keys when your phone unlocks the car

What happens to oversight when AI agents write a lab’s own code

Inside the labs building frontier AI, a growing share of the coding gets done by the AI itself. These agents write, edit, and run software with light human oversight between steps, and they reach into production infrastructure, research pipelines, and … Continue reading What happens to oversight when AI agents write a lab’s own code

The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects

Chainguard launched Athena, an industry coalition that pools open source vulnerability findings and remediates them under embargo before public disclosure. The group went live with more than two dozen member organizations. Founding members include BNY,… Continue reading The Chainguard Athena coalition already shipped 2,000 patches across 500 open source projects

The SOC’s visibility gap comes down to staffing

AI has settled into security operations centers faster than any earlier wave of technology. Around four in five practitioners report reaching for AI or machine learning tools in their daily work. The catch shows up one layer down. Roughly a third of th… Continue reading The SOC’s visibility gap comes down to staffing

Reachability makes AI threat modeling worth the trust

In this interview with Help Net Security, Oscar Andersson, CTO at Oplane, explains why most scanning tools fail. They cry wolf, flagging threats that cannot run in real code. The argument centers on reachability. A finding counts only when someone walk… Continue reading Reachability makes AI threat modeling worth the trust

AI vulnerability discovery is pushing 2026 CVEs toward 66,000

Vulnerability disclosures are piling up faster in 2026 than anyone expected at the start of the year. The running count for the first few months sits well above the original projection, and the Forum of Incident Response and Security Teams (FIRST) now … Continue reading AI vulnerability discovery is pushing 2026 CVEs toward 66,000

Onspring CISO on where automated GRC systems fall short

In this interview with Help Net Security, Nichole Windholz, CISO at Onspring, talks about the limits of automated GRC systems and continuous control monitoring. She explains why color-coded dashboards can hide nuance, how teams can check the data feedi… Continue reading Onspring CISO on where automated GRC systems fall short

A hardware neural network backdoor that hides in plain sight

Deep learning systems on phones, cars, and other edge devices increasingly run on custom silicon. Specialized chips such as FPGAs and ASICs give these systems the speed and low power consumption that edge applications need. Many of these chips come fro… Continue reading A hardware neural network backdoor that hides in plain sight