Features – Help Net Security

In this Help Net Security interview, Fred Kwong, VP, CISO at DeVry University, outlines how the university balances academic openness with cyber risk. He describes how systems for students are separated from back end operations to limit exposure. Kwong also discusses how student data has changed over the past decade. Data is now centralized in learning management systems, which improves reporting but raises the stakes if a breach occurs. The interview also covers hybrid learning, … More → The post DeVry University’s CISO on higher education cybersecurity risk appeared first on Help Net Security.

In this Help Net Security interview, Joni Klippert, CEO at StackHawk, discusses what defines DAST coverage in 2026 and why scan completion does not equal security. She explains how AI-driven DAST testing automates attack surface discovery, supports business-logic testing in pre-production, and reduces the manual setup that has limited adoption. Klippert also describes how organizations can implement runtime testing without instrumenting production systems. In 2026, what does “good DAST coverage” mean, and how should teams … More → The post AI-driven DAST reduces manual setup and surfaces exploitable vulnerabilities appeared first on Help Net Security.

Underground forums include long threads about chatbots drafting phishing emails, generating code snippets, and coaching social engineering calls. A new study examined conversations captured between January 1, 2025 and July 31, 2025 across dozens of cybercrime forums to map how AI tools are entering day to day criminal operations. The dataset includes 163 discussion threads drawn from 21 forums, totaling 2,264 messages posted by 1,661 distinct contributors. Much of the activity clustered on well known … More → The post AI is becoming part of everyday criminal workflows appeared first on Help Net Security.

In this Help Net Security interview, Rich Kellen, VP, CISO at IFF, explains why security teams should not treat OT labs like IT environments. He discusses how compromise can damage scientific integrity and create safety risks that backups cannot fix. Kellen also outlines what “good enough” OT visibility looks like, why compensating controls can backfire, and how partnering with scientists improves security outcomes. Where do security teams make the most dangerous false equivalencies between OT … More → The post The hidden security cost of treating labs like data centers appeared first on Help Net Security.

In this Help Net Security interview, Paul Suarez, VP and CISO at Casey’s, explains how his team manages patching and upgrades for fuel payment systems with long hardware lifecycles. He also discusses risks tied to QR code payments and outlines why loyalty abuse can be hard to spot. Suarez shares how Casey’s monitors payment systems across stores, corporate networks, and third-party processors. How do you manage patching and modernization for fuel-related payment infrastructure that may … More → The post The CISO view of fraud risk across the retail payment ecosystem appeared first on Help Net Security.

Cyber threats against the defense industrial base (DIB) are intensifying, with adversaries shifting from traditional espionage toward operations designed to disrupt production capacity and compromise supply chains. In this Help Net Security interview, Luke McNamara, Deputy Chief Analyst, Google Threat Intelligence Group, explains how attackers target the broader defense ecosystem and why identity has become the new security boundary. At a strategic level, how do cyber operations against the defense industrial base differ from espionage … More → The post The defense industrial base is a prime target for cyber disruption appeared first on Help Net Security.

Enterprise security teams rely on open source across infrastructure, development pipelines, and production applications, even when they do not track it as a separate category of technology. Open source has become a default building block in many environments, and the operational risks now look like standard enterprise security problems: patch delays, version sprawl, and aging platforms that stay online longer than planned. TuxCare’s 2026 Open Source Landscape Report describes an open source footprint that continues … More → The post Everyone uses open source, but patching still moves too slowly appeared first on Help Net Security.

Quantum computing is often treated as a distant, theoretical cybersecurity issue. According to Ronit Ghose, Global Head, Future of Finance of Citi Institute, that mindset is already putting financial institutions at risk. The biggest misconception, he says, is that quantum threats begin on a single future Q-day, when quantum machines suddenly crack encryption. In reality, adversaries can harvest encrypted data today and decrypt it later, creating long-term exposure for banks handling sensitive identity and transaction … More → The post Your encrypted data is already being stolen appeared first on Help Net Security.

The CISO role has changed significantly over the past decade, but according to John White, EMEA Field CISO, Torq, the most disruptive shift is accountability driven by agentic AI. In this Help Net Security interview, White explains how security leaders must design and govern hybrid workforces where humans and AI agents operate side by side, making decisions and acting at scale. He notes that automation is moving beyond simple task execution into real-time insight and … More → The post Security at AI speed: The new CISO reality appeared first on Help Net Security.

GitHub Security Advisories are used to distribute vulnerability information in open-source projects and security tools. A new study finds that only a portion of those advisories ever pass through GitHub’s formal review process. A large scale view of advisory data A review of GitHub Security Advisories published between 2019 and 2025 examined 288,604 advisories. Of those, 23,563, about 8%, completed GitHub’s review process. Although most advisories remain unreviewed, reviewed entries play an outsized role in … More → The post In GitHub’s advisory pipeline, some advisories move faster than others appeared first on Help Net Security.