News – Help Net Security

The number of Salesforce customers affected by the recent compromise of Gainsight-published applications is yet to be publicly confirmed, but Salesforce released indicators of compromise (IoCs) and simultaneously shed some light on when the attack likely started. The provided list includes IP addresses and User Agents, showing that the first reconnaissance and unauthorized access activity started on November 8. The rest of the suspicious intrusions happened between November 16 and 23, from IP addresses associated … More → The post Gainsight breach: Salesforce details attack window, issues investigation guidance appeared first on Help Net Security.

Security researchers at Cato Networks have uncovered a new indirect prompt injection technique that can force popular AI browsers and assistants to deliver phishing links or disinformation (e.g., incorrect medicine dosage guidance or investment advice), send sensitive data to the attacker, or push users to perform risky actions. They call the technique HashJack, because it relies on malicious instructions being hidden in the #fragment of a URL that points to a legitimate (and otherwise innocuous) … More → The post New “HashJack” attack can hijack AI browsers and assistants appeared first on Help Net Security.

In this Help Net Security interview, Marina Marceta, CISO at Heineken, discusses what it takes for CISOs to be seen as business-aligned leaders rather than technical overseers. She shares how connecting security to business impact can shift perceptions and strengthen partnerships across the company. Marceta focuses on the value of a security culture that supports innovation while keeping risk in check. What mindset shifts are essential for CISOs who want to be seen as strategic … More → The post Heineken CISO champions a new risk mindset to unlock innovation appeared first on Help Net Security.

Phishing sites keep rising, and security teams are searching for ways to sort suspicious pages at speed. A recent study explores whether small language models (SLMs) can scan raw HTML to catch these threats. The work reviews a range of model sizes and tests how they handle detection tasks while keeping compute demands in check. Although LLM-based website phishing detection is still a relatively new area, it is gaining momentum. Several studies have already reported … More → The post Small language models step into the fight against phishing sites appeared first on Help Net Security.

Your inbox is probably drowning in Black Friday emails right now. Another “limited time offer” that’ll reappear next month, countdown timer creating artificial urgency. You’re right to be skeptical — most of it is noise. But buried beneath the marketing chaos, Black Friday can represent genuine opportunities to save significantly. The cybersecurity industry projects 4.8 million open positions globally in 2025, according to ISC2, with the market expected to reach $377 billion by 2028. Yet … More → The post Black Friday 2025 for InfoSec: How to spot real value and avoid the noise appeared first on Help Net Security.

Security teams are pushing large language models into products faster than they can test them, which makes any new red teaming method worth paying attention to. DeepTeam is an open-source framework built to probe these systems before they reach users, and it takes a direct approach to exposing weaknesses. The tool runs on a local machine and uses language models to simulate attacks as well as evaluate the results. It applies techniques drawn from recent … More → The post DeepTeam: Open-source LLM red teaming framework appeared first on Help Net Security.

In this Help Net Security video, Jonathan Trull, EVP & CISO at Qualys, discusses which cybersecurity metrics matter most to a board of directors. Drawing on more than two decades in the field, he explains how boards think about their duty to oversee risk and how CISOs can present information in a way that supports that duty. Jonathan outlines why boards want to understand risk appetite, how loss scenarios shape those discussions, and why no … More → The post How board members think about cyber risk and what CISOs should tell them appeared first on Help Net Security.

Widely used code formatting sites JSONFormatter and CodeBeautify are exposing sensitive credentials, API keys, private keys, configuration files and other secrets, watchTowr researchers discovered. The findings JSONFormatter and CodeBeautify are free, web-based tools/services used by developers to make messy code easily readable, to validate it, or convert it. Users can also save the output code, so they can share it with others. (If you use JSON Formatter without logging in and save the output, it … More → The post Popular code formatting sites are exposing credentials and other secrets appeared first on Help Net Security.

People who rely on Tor expect their traffic to move through the network without giving away who they are. That trust depends on the strength of the encryption that protects each hop. Tor developers are preparing a major upgrade called Counter Galois Onion, or CGO, which replaces the long-standing relay encryption method used across the network. Why Tor is changing how relays handle encryption The older tor1 relay encryption scheme has been in use for … More → The post Tor Project is rolling out Counter Galois Onion encryption appeared first on Help Net Security.

A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip past defenses. The malware delivery campaigns “Since the beginning of October, Huntress has identified multiple ClickFix lure sites that trick victims into running a malicious command, following a consistent format and leading to a unique execution … More → The post Fake “Windows Update” screens fuels new wave of ClickFix attacks appeared first on Help Net Security.