Expert Analysis – Help Net Security

SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity remains expensive, forcing teams to choose between visibility and budget. With AI making the threat landscape more complex and the government issuing mandates requiring companies to report incidents quickly, defenders need tools that help them spot and interpret … More → The post 4 ways to use time to level up your security monitoring appeared first on Help Net Security.

LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high precision and consistent execution across massive, real-time data streams. Until we close this reliability gap at scale, LLMs alone won’t automate the majority of SOC tasks. Humans excel at framing ambiguous problems, making risk-aware … More → The post GPT needs to be rewired for security appeared first on Help Net Security.

Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and the University of Chicago studied malicious email traffic collected over three years. Barracuda Research has also tracked attackers exploiting weaknesses in AI assistants and tampering with AI-driven security tools. AI in email-based attacks Messages … More → The post How attackers poison AI tools and defenses appeared first on Help Net Security.

The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised and make sure to build it with a secure-by-design approach. Telecom industry leaders need to anticipate novel vulnerabilities and attacks specific for 6G. Unlike the previous generation of wireless, 6G will expand to even more … More → The post What could a secure 6G network look like? appeared first on Help Net Security.

Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can be deceiving. And deception can be devastating. Picus Security’s Blue Report 2025 shows that even well-configured environments continue to miss a substantial portion of attacks. In fact, across more than 160 million attack simulations, Picus Labs found … More → The post Fixing silent failures in security controls with adversarial exposure validation appeared first on Help Net Security.

The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it’s created a dynamic in which security is still accountable for risk but has … More → The post Cyber defense cannot be democratized appeared first on Help Net Security.

September 2025 Patch Tuesday is now live: Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator and associated parameters. It’s these parameters, type, severity, publicly disclosed, known exploited, CVSS, etc. that are used … More → The post September 2025 Patch Tuesday forecast: The CVE matrix appeared first on Help Net Security.

In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats, it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that attackers use to target your organization. Effective solutions provide crucial information on the vulnerabilities of organizational assets and cloud services that are visible in the public domain. In practice, EASM can refer to a range of … More → The post Detecting danger: EASM in the modern security stack appeared first on Help Net Security.

Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies to mask the true ultimate beneficial owner (UBO) of a company. Without technology, the manual process of trying to understand ownership and identify UBOs can be very time-consuming and inefficient – insights can even be missed altogether. … More → The post Five ways OSINT helps financial institutions to fight money laundering appeared first on Help Net Security.

In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders (52%) expect their IT budgets to grow in 2025. Notably, 55% of health systems plan to invest specifically in cybersecurity: strengthening tools, updating policies, and expanding IT teams. The root causes are mostly the same: poor … More → The post Password crisis in healthcare: Meeting and exceeding HIPAA requirements appeared first on Help Net Security.