Help Net Security

Plumber: Open-source scanner of GitLab CI/CD pipelines for compliance gaps

March 23, 2026 add comment
GitLab CI/CD pipelines often accumulate configuration decisions that drift from security baselines over time. Container images get pinned to mutable tags, branches lose protection settings, and required templates go... Read more »

NIST updates its DNS security guidance for the first time in over a decade

March 23, 2026 add comment
DNS infrastructure underpins nearly every network connection an organization makes, yet security configurations for it have gone largely unrevised at the federal guidance level for more than twelve years.... Read more »

Week in review: ScreenConnect servers open to attack, exploited Microsoft SharePoint flaw

March 22, 2026 add comment
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What smart factories keep getting wrong about cybersecurity In this Help Net Security interview,... Read more »

Cisco FMC flaw was exploited by Interlock weeks before patch (CVE-2026-20131)

March 20, 2026 add comment
A critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) that Cisco disclosed and patched in early March 2026 has been exploited as a zero-day by the Interlock... Read more »

Google slows Android sideloading to trip up scammers

March 20, 2026 add comment
Google’s advanced flow for Android changes how apps from unverified developers are installed, adding steps to reduce scam-driven sideloading. The feature is aimed at experienced users and allows sideloading... Read more »

Terminated contract led to $2.5 million cyber extortion scheme

March 20, 2026 add comment
A federal jury convicted Cameron Curry, 27, a Charlotte resident, of carrying out an extensive cyber extortion scheme targeting a Washington, D.C.-based international technology company. He faces up to... Read more »

Rapid7 enhances Exposure Command with runtime validation and DSPM for risk analysis

March 20, 2026 add comment
Rapid7 has unveiled new cloud security capabilities within Exposure Command. The introduction of runtime validation and Data Security Posture Management (DSPM) enables organizations to identify, validate, and prioritize exploitable... Read more »

Authorities disrupt four IoT botnets behind record DDoS attacks

March 20, 2026 add comment
The U.S. Justice Department and international partners have disrupted four IoT botnets linked to DDoS attacks that reached 30 terabits per second, among the largest ever recorded. The post... Read more »

Fake AI songs streamed billions of times, netting fraudster $10 million

March 20, 2026 add comment
Michael Smith, 54, of Cornelius, North Carolina, has pleaded guilty in federal court to running a scheme that exploited music streaming platforms and diverted royalty payments from artists. He... Read more »

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

March 20, 2026 add comment
ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote... Read more »
Subscribe to our Newsletter