News – Help Net Security

For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these systems gain deep access to information systems, a growing concern is mounting about their excessive agency – the security risk of entrusting these tools with so much power, access, and information. Say that an LLM is granted … More → The post Excessive agency in LLMs: The growing risk of unchecked autonomy appeared first on Help Net Security.

The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. Escalation of phishing attacks While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted spear-phishing, leveraging personal information for credibility. AI-driven attacks, including deepfake scams, allow fraudsters to impersonate bank executives or customer service representatives, making detection more difficult. Voice phishing (vishing) and SMS phishing (smishing) have also risen, … More → The post Phishing, fraud, and the financial sector’s crisis of trust appeared first on Help Net Security.

In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in the cloud. Do you think the speed and scale of cloud adoption have outpaced organizations’ ability to configure and manage their environments properly? Why or why not? The speed and scale of not only cloud … More → The post Observability is security’s way back into the cloud conversation appeared first on Help Net Security.

62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber threats Recent high-profile cyberattacks by nation-state groups on water and electricity utilities underscore the vulnerability of critical infrastructure. A public utility in Littleton, MA, was recently compromised by a group linked to Volt Typhoon, the Chinese … More → The post Cyberattacks on water and power utilities threaten public safety appeared first on Help Net Security.

Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like SonarCloud and Checkmarx for secure code analysis. You will also guide developers on secure coding practices, perform code reviews, and conduct regular application security audits. Cyber and Information Security Architect Prospera Credit Union | Canada | … More → The post Cybersecurity jobs available right now: April 8, 2025 appeared first on Help Net Security.

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334 WinRAR is an extremely popular file archiver utility for Windows. It can create and view archives in RAR or ZIP file formats, as well as “unpack” archive file in other formats (ISO, JAR, TAR, … More → The post WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) appeared first on Help Net Security.

It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age of security tool sprawl. CISOs everywhere are facing platform fatigue. According to a 2023 survey by Syxsense, 68% of organizations use more than 11 tools for endpoint management and security, leading … More → The post CISOs battle security platform fatigue appeared first on Help Net Security.

In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in neutralizing AI-driven intrusions. Shrestha also offers strategic guidance for CISOs managing the adoption of AI responsibly while maintaining security and compliance. We’re seeing both attackers and defenders leverage AI. From your vantage point, how has … More → The post The shift to identity-first security and why it matters appeared first on Help Net Security.

YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of account and bucket settings that can make a S3 bucket effectively public. “We built this tool after realizing potential users needed a better way to scan their S3 resources for access and ransomware protection. We wanted to … More → The post YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection appeared first on Help Net Security.

In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather in how applications grant the LLM access to various resources. With access to business-critical data, compromised LLM-based applications could, for example, expose large amounts of personal information, disrupt essential services, or lead to unauthorized manipulations … More → The post The rise of compromised LLM attacks appeared first on Help Net Security.