Help Net Security

In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities if not properly reviewed. What security risks do AI code assistants pose that developers and organizations might overlook? While AI code assistants enhance developer productivity, they introduce significant and often overlooked security risks across multiple … More → The post Why AI code assistants need a security reality check appeared first on Help Net Security.

Cyberstalkers are increasingly turning to cheap GPS trackers to secretly monitor people in real time. These devices, which often cost less than $30 and run on 4G LTE networks, are small, easy to hide under a bumper or in a glovebox, and can go undetected for months. A new paper from researchers at NYU, You Can Drive But You Cannot Hide, presents an affordable, practical method for detecting these hidden cellular GPS trackers using off-the-shelf … More → The post GPS tracker detection made easy with off-the-shelf hardware appeared first on Help Net Security.

A recent study by researchers at the University of Padova reveals that despite the rise in car thefts involving Remote Keyless Entry (RKE) systems, the auto industry has made little progress in strengthening security. Since RKE’s introduction in the early 1980s, automakers have worked to improve security by adding features such as immobilizers, which prevent the engine from starting without proper authentication. Vehicle remote entry technologies and evolution Over the past year, new web and … More → The post Thieves don’t need your car keys, just a wireless signal appeared first on Help Net Security.

Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false positives. The Exorcising the SAST Demons report comes from Ghost Security, which scanned public GitHub projects in Go, Python, and PHP. The study focused on three vulnerability types commonly found in real-world apps: SQL injection, command injection, … More → The post 91% noise: A look at what’s wrong with traditional SAST tools appeared first on Help Net Security.

As companies accelerate towards technology-driven business models, the tech C-suite is embracing new skills, greater influence, and a unified approach to business transformation, according to Deloitte. Top priorities for tech leaders (Source: Deloitte) With insights from a range of C-level tech leaders, including more than 600 US CIOs, CTOs, CDAOs and CISOs, the Deloitte survey found that evolving roles and responsibilities, the rise of AI, and an imperative for cross-functional collaboration are providing a new … More → The post How C-suite roles are shaping the future of tech leadership appeared first on Help Net Security.

Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root users’s accounts with multi-factor authentication. AWS Shield network security director (Preview) AWS Shield, the managed DDoS protection service that protects applications running on AWS, is gaining the ability to pinpoint network issues … More → The post AWS launches new cloud security features appeared first on Help Net Security.

Cloudflare announced Cloudflare Log Explorer to help give businesses instant access to critical security and performance insights across their IT environments. Now, customers can analyze, investigate, and monitor for security attacks with log line level insights across their entire business–natively within the Cloudflare Dashboard–eliminating the need to forward logs to third party security analysis tools, saving security teams time and reducing overall cost. Security and operations teams rely on logs for critical insights, which enables … More → The post Cloudflare Log Explorer detects security and performance issues appeared first on Help Net Security.

Bitdefender announced it has agreed to acquire Mesh Security Limited (Mesh), a provider of email security solutions. Through the acquisition, Mesh’s email security technology and capabilities will be integrated into Bitdefender’s extended detection and response (XDR) platform and managed detection and response (MDR) services. The transaction is subject to customary closing conditions, including regulatory approvals. Email remains the most exploited attack vector and serves as an entry point for ransomware, phishing, and business email compromise … More → The post Bitdefender acquires Mesh to boost email protection for businesses and MSPs appeared first on Help Net Security.

Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable Authentication Modules (PAM) configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15, and allows an unprivileged local attacker – for example, an attacker who logs in via a remote SSH session – to gain the “allow_active” privileges … More → The post Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) appeared first on Help Net Security.

Jumio launched Jumio Liveness Premium with advanced deepfake detection, the company’s most advanced biometric liveness detection solution to date. Jumio’s premium solution leverages a patented Jumio technology, combining randomized color sequences and AI-driven analysis to confirm human presence in real time, effectively stopping spoofing attacks before they impact businesses. With this release, Jumio adds another layer of security to the recently launched Jumio Liveness, an advanced, in-house liveness detection technology that expands beyond traditional presentation … More → The post Jumio Liveness Premium combats deepfakes and injection attacks appeared first on Help Net Security.