Help Net Security

Traefik Labs has announced new capabilities that extend Traefik Hub’s Triple Gate architecture (API Gateway, AI Gateway, and MCP Gateway) with deeper runtime governance across the full AI workflow, including a composable multi-vendor safety pipeline with parallel guard execution, multi-provider failover routing, token-level cost controls, graceful error handling for agent-aware enforcement, IBM Granite Guardian integration, and a new Regex Guard capability that enables organizations to create custom guards. These capabilities address a growing gap. Enterprises … More →

The post Traefik Triple Gate gains parallel safety pipelines, failover routing, and AI runtime controls appeared first on Help Net Security.

Developers rely on AI coding agents to set up projects, install dependencies, and run commands by following instructions in repository README files, which provide setup guidance for software projects. New research identifies a security risk when attackers hide malicious instructions in those documents. A semantic injection attack, where injections are embedded in an installation file, leading to the unintended leakage of sensitive local files. Tests showed that hidden instructions in README files could trigger AI … More →

The post Hidden instructions in README files can make AI agents leak data appeared first on Help Net Security.

In this Help Net Security video, Arvind Parthasarathi, CEO of CYGNVS, walks through a 10-step process for handling a cybersecurity breach. The first five steps cover preparation: setting up an out-of-band communication platform, identifying internal stakeholders, selecting external providers like legal counsel and forensic firms, building cross-functional playbooks, and running tabletop exercises to test those playbooks. The second five steps address what to do once a breach is underway. These include setting up real-time dashboards, … More →

The post What to do in the first 24 hours of a breach appeared first on Help Net Security.

Application Security DevSecOps Specialist NTT DATA | Italy | On-site – View job details As an Application Security DevSecOps Specialist, you will integrate security into CI/CD pipelines using tools such as SAST, DAST, SCA, secret scanning, and container scanning to ensure secure software delivery. You will conduct code security reviews, triage findings, and collaborate with developers to remediate vulnerabilities and promote secure coding practices. CISO Somnetics | India | On-site – View job details As … More →

The post Cybersecurity jobs available right now: March 17, 2026 appeared first on Help Net Security.

Stellar Cyber has announced he general availability of version 6.4.0 of its platform. With this release, Stellar Cyber delivers new Autonomous SOC capabilities designed to reduce alert noise, accelerate investigations, and transform the day-to-day experience of security analysts. Ushering in the human-augmented Autonomous SOC Security teams are overwhelmed by escalating alert volumes and increasingly complex attack techniques. Stellar Cyber 6.4.0 introduces coordinated agentic AI reasoning embedded directly into analyst workflows, enabling AI to work with … More →

The post Stellar Cyber 6.4.0 reduces alert noise and speeds investigations with Autonomous SOC capabilities appeared first on Help Net Security.

NinjaOne has unveiled NinjaOne Vulnerability Management, a new solution that helps IT teams identify, prioritize, and remediate vulnerabilities faster, without relying on periodic scans from security teams that often lack context and connection to remediation workflows. Built natively into the NinjaOne platform, the new solution brings together AI-driven real-time vulnerability assessment, patch confidence scoring, and remediation, allowing organizations to proactively fix vulnerabilities, minimize mean time to remediate, and reduce time spent vulnerable. The traditional approach … More →

The post NinjaOne Vulnerability Management enables real-time detection and autonomous patching appeared first on Help Net Security.

Orca Security has announced major enhancements to the Orca Platform, introducing new AI-powered security agents, real-time detection of AI usage across cloud environments, remediation-focused workflows, and code reachability analysis. These innovations enable organizations to move beyond fragmented alerts toward faster investigation, clearer prioritization, and measurable risk reduction. As enterprises accelerate AI adoption and scale across multi-cloud environments, security teams are inundated with alerts yet lack the context and prioritization needed to distinguish real, business-critical risk … More →

The post Orca Platform enhancements use AI to cut cloud alert noise appeared first on Help Net Security.

Fingerprint has announced the launch of its Model Context Protocol (MCP) Server, an open-source MCP implementation for the fraud prevention space. The new server enables organizations to connect any AI assistant or agent directly to Fingerprint’s device intelligence platform, turning fraud analysis into real-time, AI-powered insights. The Fingerprint MCP Server uses a standard open protocol that allows organizations to bring their own preferred AI assistant, chatbot, or agent directly to their fraud data. This means … More →

The post Fingerprint’s MCP Server turns device intelligence into real-time AI-powered fraud insights appeared first on Help Net Security.

End-to-end encrypted messaging on Instagram will no longer be supported after May 8, 2026. Meta justified the move by saying the feature was rarely used, with only a small fraction of Instagram users enabling encryption. The company advised users seeking end-to-end encryption to switch to WhatsApp, where it is enabled by default. Unlike WhatsApp, Instagram never rolled out encryption to all users and the feature remained optional. Users with affected chats will see instructions on … More →

The post Meta ditches end-to-end encrypted messaging on Instagram appeared first on Help Net Security.

Microsoft Edge version 146 (Stable) became available on March 13, 2026, bringing updates to tracking protection, IP privacy, and enterprise network security policies. One change affects tracking prevention in InPrivate browsing. InPrivate windows use the same tracking prevention level configured for standard browsing sessions. The separate option that previously allowed a different tracking setting for private windows has been removed. The release expands Private IP, part of the Edge Secure Network capability. The feature routes … More →

The post Microsoft Edge 146 adds IP privacy and local network access controls appeared first on Help Net Security.

Poland’s National Centre for Nuclear Research (NCBJ) thwarted a cyberattack targeting its IT infrastructure. The attempted intrusion was detected and blocked before attackers could compromise systems or disrupt operations. “No production, operational, or research processes were disrupted, and the MARIA reactor is operating safely and smoothly, at full power,” said Prof. Jakub Kupecki, Director of the National Centre for Nuclear Research. The National Centre for Nuclear Research is one of the largest scientific institutes in … More →

The post Hackers tried to breach Poland’s nuclear research centre appeared first on Help Net Security.

KEEQuant has announced its commercial chip-scale QKD technology, marking an advance in quantum-secure communications. The system replaces bulky optical assemblies with photonic integration, lowering the cost and complexity of quantum key distribution and making quantum-safe key exchange a practical upgrade for telecom operators, data center providers, and critical infrastructure organizations. The result is smaller, more scalable systems that remain compatible with existing fiber environments and encryption solutions, making adoption more practical for organizations preparing their … More →

The post KEEQuant advances chip-scale QKD for telecom, data centers, and critical infrastructure appeared first on Help Net Security.

An international law enforcement operation has taken down more than 45,000 malicious IP addresses and servers linked to phishing, malware, and ransomware activity. The action was carried out as part of Operation Synergia III, an investigation that ran from July 18, 2025 to January 31, 2026. According to INTERPOL, the operation resulted in 94 arrests, while 110 additional suspects remain under investigation. Authorities also seized 212 electronic devices and servers linked to the criminal networks. … More →

The post 45,000 malicious IP addresses taken down, 94 suspects arrested appeared first on Help Net Security.

JSOC IT has announced the launch of AUTOPSY, a security verification platform that investigates an organization’s security stack through live API integrations before a breach occurs, rather than after one forces the conversation. The platform’s flagship product, READY, is a security assessment that replaces self-reported questionnaires with API-verified telemetry across an organization’s security stack, including endpoint detection, identity and access management, backup and recovery, vulnerability management, and more than 24 integrated security platforms. The launch … More →

The post JSOC IT’s AUTOPSY platform puts security stacks under live API verification appeared first on Help Net Security.

The push for shorter TLS certificate lifespans has been building for years. It started with Google’s internal push toward 90-day certificates, which gained traction inside the industry before resistance from enterprise customers slowed things down. Then Apple proposed 47-day certificates, which reignited the debate and ultimately forced the CA/Browser Forum to set a formal schedule. The timeline that came out of those discussions moves certificate validity from one year down to 200 days, then 100, … More →

The post Certificate lifespans are shrinking and most organizations aren’t ready appeared first on Help Net Security.

In this Help Net Security interview, Packsize CSO Troy Rydman breaks down the biggest vulnerabilities in smart factory environments today, from IoT devices and legacy systems to human error. He explains how unmanaged devices, from sensors to robotic components, often go unpatched and become entry points for attackers. Legacy infrastructure is frequently overlooked as organizations move to cloud and SaaS platforms, leaving outdated systems exposed. Employees remain a persistent weak point, not because of negligence, … More →

The post What smart factories keep getting wrong about cybersecurity appeared first on Help Net Security.

Binarly has published VulHunt Community Edition, making the core scanning engine from Binarly’s commercial Transparency Platform available to independent researchers and practitioners. What VulHunt does VulHunt Community Edition is a framework for detecting vulnerabilities in compiled software. It operates against multiple binary representations simultaneously, working across disassembly, an intermediate representation layer, and decompiled code. Targets include POSIX executables and UEFI firmware modules. The detection logic is expressed in Lua rules. Each rule specifies metadata such … More →

The post VulHunt: Open-source vulnerability detection framework appeared first on Help Net Security.

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Turning expertise into opportunity for women in cybersecurity Speaker diversity in cybersecurity has been a talking point for over a decade, with panels, pledges, and dedicated conference tracks failing to produce change. Stages still skew heavily male, even as women represent millions of qualified professionals in the field. SheSpeaksCyber, a free and open directory launched by the Women4Cyber Foundation, aims … More →

The post Week in review: AiTM phishing kit used to hijack AWS accounts, year-long malware campaign targets HR appeared first on Help Net Security.

Accertify has announced the launch of Attack State, a new capability in its Account Protection solution designed to help organizations detect and respond to coordinated login attacks and other automated threats targeting customer accounts. Attack State analyzes login activity continuously and compares it to the organization’s broader traffic patterns to determine when a client’s environment may be under active attack. By comparing expected network behavior with real-time activity, the capability identifies anomalies associated with bot-driven … More →

The post Accertify’s Attack State targets credential stuffing and ATO attacks appeared first on Help Net Security.

The European Parliament has voted to extend a temporary exemption to EU privacy legislation that allows online platforms to voluntarily detect child sexual abuse material (CSAM). The extension prolongs a derogation from the EU’s ePrivacy Directive, which was set to expire on 3 April 2026, until 3 August 2027. Lawmakers say the additional time will allow the EU to negotiate and adopt a permanent legal framework to prevent and combat child sexual abuse online. Members … More →

The post EU Parliament backs extension of CSAM detection rules until 2027 appeared first on Help Net Security.