News – Help Net Security

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal is to push all users to upgrade to Windows 11, but the company understands that not everybody can do it immediately or even in the next couple of years. ESU for home users “Windows 10 launched in … More → The post Windows 10: How to get security updates for free until 2026 appeared first on Help Net Security.

XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat Friedman. This brings XBOW’s total funding to $117 million. Founded by Oege de Moor, XBOW has built an autonomous platform that continuously tests applications for vulnerabilities. Instead of relying on periodic, manual penetration tests, XBOW’s system runs nonstop, using AI to identify … More → The post XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up appeared first on Help Net Security.

Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, and logistics. Photo by Chalmers University of Technology Now, researchers at Chalmers University of Technology in Sweden have developed a new type of amplifier that only switches on when it’s reading data from qubits. Because of its smart design, it uses just one-tenth the power of the … More → The post The tiny amplifier that could supercharge quantum computing appeared first on Help Net Security.

In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data and pattern recognition. While the rest of the league fixated on batting averages, they focused on what really mattered: getting on base. Security operations centers (SOCs) are at the same crossroads, and only those who … More → The post Why the SOC needs its “Moneyball” moment appeared first on Help Net Security.

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk reduction, especially when facing legacy constraints. Looking ahead, she sees security leaders playing a bigger role in shaping infrastructure and innovation, with teams working more closely across functions as tools converge. What advice would you offer … More → The post From posture to prioritization: The shift toward unified runtime platforms appeared first on Help Net Security.

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights into their scalability, compliance advantages, and real-world deployment considerations. How do FIDO security keys differ from traditional authentication methods like passwords or SMS codes? FIDO security keys use public key cryptography to authenticate users, making them … More → The post Why should companies or organizations convert to FIDO security keys? appeared first on Help Net Security.

Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand Ransom payments and recovery costs are on the decline Despite the high percentage of companies that paid the ransom, 53% paid less than the original demand. In 71% of cases where the companies paid less, they did so through negotiation, either through their own negotiations or … More → The post Companies negotiate their way to lower ransom payments appeared first on Help Net Security.

Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited transparency and virtually no control over how their information is stored, used, or shared, according to Incogni. AI platforms trap user data in training Many of these platforms, including Google’s Gemini, Meta AI, DeepSeek, and Pi.ai, do not appear to … More → The post Users lack control as major AI platforms share personal info with third parties appeared first on Help Net Security.

Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote employees secure access to their internal networks. SonicWall does not mention how prospective victims were lured to the lookalike sites impersonating the company and offering the compromised version of NetExtender, but said that … More → The post Trojanized SonicWall NetExtender app exfiltrates VPN credentials appeared first on Help Net Security.

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised to upgrade to it as soon as possible. (The beta version is expected to be replaced by the final 7.12 release soon.) About CVE-2025-6218 WinRAR is a popular file archiver utility for Windows that’s … More → The post High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) appeared first on Help Net Security.