Microsoft releases open-source toolkit to govern autonomous AI agents
AI agents can book travel, execute financial transactions, write and run code, and manage infrastructure without human intervention at each step. Frameworks ...
Help Net Security
20 articles
Which messaging app takes the most limited approach to permissions on Android?
Messaging apps handle sensitive conversations, contacts, and media, and their behavior on a device varies in ways that affect privacy. An analysis of Android...
Click, wait, repeat: Digital trust erodes one login at a time
Sign-up forms that drag on, login steps that repeat, and access requests that take longer than expected have become a normal part of using digital services. ...
New infosec products of the month: March 2026
Here’s a look at the most interesting products from the past month, featuring releases from Beazley, Bonfy.AI, Mend.
AWS, Wasabi, Cloudflare, and Backblaze go head-to-head in new cloud storage test
Cloud storage buyers rarely get vendor-provided performance data that includes the vendor’s own weak spots. Backblaze’s Q1 2026 Performance Stats report, att...
Software supply chain hacks trigger wave of intrusions, data theft
After linking the Axios npm supply chain attack to North Korean hackers, Google researchers warned that “hundreds of thousands of stolen secrets could potent...
OpenSSH 10.3 patches five security bugs and drops legacy rekeying support
OpenSSH 10.3 shipped carrying five security fixes alongside feature additions and a set of behavior changes that will break compatibility with older SSH impl...
New Red Hat subscription simplifies long-term enterprise Linux support
Red Hat has announced Red Hat Enterprise Linux Extended Life Cycle Premium, a new subscription that provides a predictable 14-year life cycle for major Red H...
DarkSword exploit forces Apple to loosen its patching policy
Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the...
TrueConf zero-day vulnerability turns its own update process into malware delivery channel
Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within gover...
Trust, friction, and ROI: A CISO’s take on making security work for the business
In this Help Net Security interview, John O’Rourke, CISO at PPG, talks about what it means for security to drive business value. He explains how mature secur...
Tracking drones with the 5G tower down the street
Drone detection in cities is expensive. Dedicated radar installations are cost-prohibitive at scale, cameras have limited range and stop working well at nigh...
Microsoft adds high-volume email sending to Exchange Online
Organizations that rely on Exchange Online for internal communications have long needed a way to send large volumes of automated messages, such as payroll no...
Your customer passed authentication. So why are they sending money to a scammer?
In this Help Net Security video, Lenny Gusel, Head of Fraud Solutions in North America at Feedzai, explains how customer identity and access management has c...
Cybercriminals take aim at Hasbro, weeks of recovery ahead
Hasbro, an American toy maker with more than 5,000 employees, confirmed a cyberattack and proactively took certain systems offline. The intrusion was detecte...
North Korean hackers linked to Axios npm supply chain compromise
The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the wo...
Exabeam expands ABA to detect AI agent threats across ChatGPT, Copilot, and Gemini
Exabeam has announced the expansion of Exabeam Agent Behavior Analytics (ABA). Without direct visibility into how employees use AI assistants, what they quer...
CIS Benchmarks March 2026 Update
The following CIS Benchmarks and CIS Build Kits have been updated or recently released. The Center for Internet Security has highlighted the major updates be...
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)
Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5...
Egnyte expands Content Cloud with AI Governance and built-in Assistant
Egnyte has announced two major additions to the Egnyte Content Cloud: AI Safeguards, which give organizations granular control over how AI interacts with sen...