framework
Enterprise SIEMs miss 79% of known MITRE ATT&CK techniques
Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) …
How AI agents reshape industrial automation and risk management
In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity …
LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks
LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a …
Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel
In this Help Net Security video, Adam Pennington, MITRE ATT&CK Lead, breaks down what’s new in the ATT&CK v17 release. He highlights the addition of the ESXi …
Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed
The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps …
UNIDIR Intrusion Path: New framework to analyze ICT environment activities
Malicious activity in the ICT environment is growing. However, a non-technical audience often struggle to understand these threats, either because technical explanations are …
Villain: Open-source framework for managing and enhancing reverse shells
Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, …
13 core principles to strengthen AI cybersecurity
The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle …
Strategic AI readiness for cybersecurity: From hype to reality
AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious …
BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework
BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, …
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web …
Building cyber resilience in banking: Expert insights on strategy, risk, and regulation
In this Help Net Security interview, Matthew Darlage, CISO at Citizens, discusses key strategies for strengthening cyber resilience in banks. He underlines that adherence to …
Featured news
Resources
Don't miss
- AWS launches new cloud security features
- Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)
- Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security
- AI is changing cybersecurity roles, and entry-level jobs are at risk
- From cleaners to creepers: The risk of mobile privilege escalation