Help Net Security

Chinese military-linked companies dominate US digital supply chain

March 20, 2025 add comment
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have... Read more »

70% of leaked secrets remain active two years later

March 20, 2025 add comment
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak,... Read more »

Most organizations change policies to reduce CISO liability risk

March 19, 2025 add comment
93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations... Read more »

Report: The State of Secrets Sprawl 2025

March 19, 2025 add comment
GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite... Read more »

Vanta strengthens collaboration between security and GRC teams

March 19, 2025 add comment
Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular... Read more »

1Kosmos 1Key secures shared login environments and OT systems

March 19, 2025 add comment
1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos 1Key addresses the pressing need for security, accountability, and auditability in settings where multiple users... Read more »

APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373)

March 19, 2025 add comment
State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight... Read more »

Elastic expands partnership with Tines to scale security operations

March 19, 2025 add comment
Elastic announced an expanded partnership with an integrated offering that includes Tines Workflow Automation and the Elastic Search AI Platform to simplify security and observability workflow automation. The partnership... Read more »

Cloudforce One threat events platform provides a real-time view of threat activity

March 19, 2025 add comment
Cloudflare launched the Cloudforce One threat events platform to provide real-time intelligence on cyberattacks occurring across the Internet. Based on telemetry from Cloudflare’s massive global network, Cloudforce One’s threat... Read more »

Cytex AICenturion protects against data exfiltration

March 19, 2025 add comment
Cytex launched AICenturion, a LLM Firewall with Data Loss Prevention (DLP) capabilities. GenAI’s risks intensify as LLMs prevent enterprises from directly controlling their processes and data handling. AICenturion provides... Read more »
Subscribe to our Newsletter