Help Net Security

The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list includes IP addresses and User Agents, showing that the first reconnaissance and unauthorized access activity started on November 8. The rest of the suspicious intrusions happened between November 16 and 23, from IP addresses associated … More → The post Gainsight breach: Salesforce details attack window, issues investigation guidance appeared first on Help Net Security.

Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the attacker, or push users to perform risky actions. They call the technique HashJack, because it relies on malicious instructions being hidden in the #fragment of a URL that points to a legitimate (and otherwise innocuous) … More → The post New “HashJack” attack can hijack AI browsers and assistants appeared first on Help Net Security.

Vectra AI announced Vectra AI Shield for Microsoft, a purpose-built solution that enables channel partners and MSSPs to deliver unified visibility and control across Microsoft Entra ID, Microsoft 365, Copilot for M365, and Azure Cloud in a single AI-powered platform. Closing the Microsoft visibility gap While Microsoft’s native tools provide broad coverage, many organizations — and the partners that protect them — still face blind spots across hybrid and identity-based attacks. Fragmented products, inconsistent alerts, … More → The post Vectra AI unifies threat visibility across Microsoft environments appeared first on Help Net Security.

Ostorlab introduced the AI Pentesting Engine for Mobile Applications, bringing automated, AI‑driven penetration testing to mobile security. The new engine helps security teams and developers uncover, validate, and safely exploit vulnerabilities that tools miss or bury in noise, so they can prioritize fixes with confidence. Behind the scenes, the AI engine learns complex app behaviors, navigates authentication and session constraints, and confirms exploitability with proof‑of‑concept evidence. The result is a concise, verified list of issues … More → The post Ostorlab brings automated, proof-backed mobile app security testing appeared first on Help Net Security.

In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and strengthen partnerships across the company. Marceta focuses on the value of a security culture that supports innovation while keeping risk in check. What mindset shifts are essential for CISOs who want to be seen as strategic … More → The post Heineken CISO champions a new risk mindset to unlock innovation appeared first on Help Net Security.

Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range of model sizes and tests how they handle detection tasks while keeping compute demands in check. Although LLM-based website phishing detection is still a relatively new area, it is gaining momentum. Several studies have already reported … More → The post Small language models step into the fight against phishing sites appeared first on Help Net Security.

Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is noise. But buried beneath the marketing chaos, Black Friday can represent genuine opportunities to save significantly. The cybersecurity industry projects 4.8 million open positions globally in 2025, according to ISC2, with the market expected to reach $377 billion by 2028. Yet … More → The post Black Friday 2025 for InfoSec: How to spot real value and avoid the noise appeared first on Help Net Security.

Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes a direct approach to exposing weaknesses. The tool runs on a local machine and uses language models to simulate attacks as well as evaluate the results. It applies techniques drawn from recent … More → The post DeepTeam: Open-source LLM red teaming framework appeared first on Help Net Security.

In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains how boards think about their duty to oversee risk and how CISOs can present information in a way that supports that duty. Jonathan outlines why boards want to understand risk appetite, how loss scenarios shape those discussions, and why no … More → The post How board members think about cyber risk and what CISOs should tell them appeared first on Help Net Security.

Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The findings JSONFormatter and CodeBeautify are free, web-based tools/services used by developers to make messy code easily readable, to validate it, or convert it. Users can also save the output code, so they can share it with others. (If you use JSON Formatter without logging in and save the output, it … More → The post Popular code formatting sites are exposing credentials and other secrets appeared first on Help Net Security.