Help Net Security
How to build and grow a scalable vCISO practice as an MSP
The cybersecurity needs of small and midsize businesses have reached a critical point. Compliance mandates, increasing ransomware attacks, and cyber insurance requirements are …
What makes a security program mature and how to get there faster
Security leaders are flush with tools and data, but it’s not helping their programs mature. In this Help Net Security video, PlexTrac’s Dan DeCloss outlines the 3 key …
EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations
EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security …
How Brandolini’s law informs our everyday infosec reality
Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude …
Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Hat USA 2025 Black Hat USA 2025 took place at the Mandalay Bay …
August 2025 Patch Tuesday forecast: Try, try again
July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed …
Third-party partners or ticking time bombs?
In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust …
Fraud controls don’t guarantee consumer trust
Over a third of companies say they are using AI, including generative AI, to fight fraud, according to Experian. As fraud threats become more complex, companies are …
Top solutions to watch after Black Hat USA 2025
Black Hat USA 2025 was packed with innovation, with companies showing off tools built to get ahead of what’s coming next. From smarter offensive security to new ways of …
Photos: Black Hat USA 2025
Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Google, Tines, …
Cybercriminals are getting personal, and it’s working
Cybercriminals are deploying unidentifiable phishing kits (58% of phishing sites) to propagate malicious campaigns at scale, indicating a trend towards custom-made or …
AI can write your code, but nearly half of it may be insecure
While GenAI excels at producing functional code, it introduces security vulnerabilities in 45 percent of cases, according to Veracode’s 2025 GenAI Code Security Report, which …
Featured news
Resources
Don't miss
- Croatian research institute confirms ransomware attack via ToolShell vulnerabilities
- Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)
- Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)
- AWS CISO explains how cloud-native security scales with your business
- Product showcase: Apricorn Aegis NVX, a high-security, portable SSD