Help Net Security

The software supply chain attack that resulted in the compromise of npm packages of Axios, an extremely popular HTTP client library, is believed to be the work of financially-motivated North Korean attackers. 🔗 Read more: https://lnkd.in/gY2pkEwZ Google - Mandiant (part of Google Cloud) - Austin Larsen - Dmitrij L. - Adrian S. - Tyler M. - Ashley Zaya - Michael Rudden - Richmond Ivann Liclican - Andres Ramos - Arctic Wolf - Ashish Kurmi - StepSecurity -Elastic - John Hammond - Huntress #Backdoor #Cybercrime #NorthKorea #SupplyChainAttacks #CyberSecurity #CyberSecurityNews #SecurityNews 

The following CIS Benchmarks and CIS Build Kits have been updated or recently released. Each Benchmark and Build Kit includes a changelog that references all changes. 🔗 Read more: https://lnkd.in/d_ezZys5 Center for Internet Security #benchmarks #cybersecurity

Generative AI tools have brought the cost of deepfake production low enough that criminals and state-sponsored actors now use them routinely against financial institutions. A joint paper from the American Bankers Association, the Better Identity Coalition, and the Financial Services Sector Coordinating Council (FSSCC) lays out the scale of the problem and calls on federal and state policymakers to act across various areas. 🔗 Read more: https://lnkd.in/deXEkM6a Jeremy Grant #AI #authentication #deepfakes #financialindustry #government #USA #cybersecurity

Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. As per usual, information about the fixed zero-day is limited, and there’s no details about the exploit (or how/if it’s being used by attackers). 🔗 Read more: https://lnkd.in/dRh_Aae8 #0day #cybersecurity

Most organizations running Microsoft 365 rely on native email controls as their primary line of defense. According to Mimecast research, 38% of organizations depend exclusively on those native controls for collaboration security, and 64% say those controls are insufficient against the threat landscape. Ranjan S., Chief Product and Technology Officer at Mimecast, outlines how the company’s API-based approach delivers protection on par with a traditional Secure Email Gateway without requiring infrastructure changes, and why that matters for stretched security teams trying to close detection gaps on BEC and credential phishing. 🔗 Read more: https://lnkd.in/dxFXd3tX #CISO #emailsecurity #cybersecurity

Machine learning models built to catch malware on Windows systems are typically evaluated on data that closely resembles their training set. In practice, the malware arriving on enterprise endpoints looks different, comes from different sources, and in many cases has been deliberately obfuscated to evade detection. A study from researchers at the Polytechnic of Porto tests what happens when that gap is made explicit, and the results have direct implications for organizations relying on static detectors as a first line of defense. 🔗 Read more: https://lnkd.in/dtF48ubx  João Vitorino - Eva Maia - Isabel Praça - César Vieira - GECAD - Research Group on Intelligent Engineering and Computing for Advanced Innovation Development - Instituto Superior de Engenharia do Porto - ESTG - Politécnico do Porto - European Union Agency for Cybersecurity (ENISA) #machinelearning #malwaredetection #cybersecurity

New research from the 2026 SANS Identity Threats & Defenses Survey shows that 55% of organizations experienced an identity-related compromise last year, while 26% reported MFA fatigue as a factor in identity attacks. 🔗 Read more: https://lnkd.in/d-cEwYav Enzoic

An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. 🔗 Read more: https://lnkd.in/deaHUE6A StepSecurity - Wiz - OpenSourceMalware #JavaScript #supplychainattacks #supplychaincompromise #cybersecurity

In this Help Net Security video, Jay Miller, MBA, MSIT, CISSP, CISO at Paessler GmbH, explains how security leaders can communicate technical risk to executives and board members in terms they understand. The focus is on business impact: financial loss, compliance fines, reputation damage, and productivity. Miller walks through three principles: describe impact in plain language, come prepared with data and a clear narrative, and be transparent about what happened and what still needs fixing. 🎥 Link in comments! #boardroom #CISO #strategy #cybersecurity

Cybersecurity has long suffered from a people problem, but not in the way we often hear about. As industry that is based on enabling communication across the globe via the internet and many types of devices, many of us practitioners are very bad at communicating to people. A primary example is the phrase “humans are the weakest link” which is well known phrase in our industry. This phrase implies that if it were not for human our systems would be fully secure, but most worryingly projects the message to non-cybersecurity people that there are inferior to us. 🔗 Read more: https://lnkd.in/djuFmQ_t Brian Honan - BH Consulting #CISO #humanerror #securityawareness #userbehavior #strategy #cybersecurity