Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Review: LLM Engineer’s Handbook
For all the excitement around LLMs, practical, engineering-focused guidance remains surprisingly hard to find. LLM Engineer’s Handbook aims to fill that gap.
Vulnhuntr: Open-source tool to identify remotely exploitable vulnerabilities
Vulnhuntr is an open-source tool that finds remotely exploitable vulnerabilities. It uses LLMs and static code analysis to trace how data moves through an application, from user input to server output. This helps it spot complex, multi-step vulnerabilities that traditional tools often miss.
The legal minefield of hacking back
In this Help Net Security interview, Gonçalo Magalhães, Head of Security at Immunefi, discusses the legal and ethical implications of hacking back in cross-border cyber incidents.
Why behavioral intelligence is becoming the bank fraud team’s best friend
In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how banks are using behavioral biometrics, device fingerprinting, and network intelligence to enhance fraud prevention.
Fighting AI with AI: How Darwinium is reshaping fraud defense
In this Help Net Security interview, Alisdair Faulkner, CEO and co-founder of Darwinium, discusses two AI-powered features, Beagle and Copilot, that simulate adversarial behavior and help security teams stay ahead of threats.
Artemis: Open-source modular vulnerability scanner
Artemis is an open-source modular vulnerability scanner that checks different aspects of a website’s security and translates the results into easy-to-understand messages that can be shared with the organizations being scanned.
New AI model offers faster, greener way for vulnerability detection
A team of researchers has developed a new AI model, called White-Basilisk, that detects software vulnerabilities more efficiently than much larger systems. The model’s release comes at a time when developers and security teams face mounting pressure to secure complex codebases, often without the resources to deploy large-scale AI tools.
Review: CISA Certified Information Systems Auditor Practice Tests
CISA Certified Information Systems Auditor Practice Tests offers practical, domain-by-domain prep for the CISA exam, with hundreds of questions covering key objectives and real-world systems audit skills.
Smart steps to keep your AI future-ready
In this Help Net Security interview, Rohan Sen, Principal, Cyber, Data, and Tech Risk, PwC US, discusses how organizations can design autonomous AI agents with strong governance from day one. As AI becomes more embedded in business ecosystems, overlooking agent-level security can open the door to reputational, operational, and compliance risks.
The final frontier of cybersecurity is now in space
As the space sector becomes more commercial and military-focused, these assets are becoming attractive targets. The global space economy is booming and is expected to increase from $630 billion in 2023 to $1.8 trillion by 2035. This means the need to protect space infrastructure from cyber threats will only grow larger and more complex.
The food supply chain has a cybersecurity problem
It’s unsettling to think that our food supply chain could be targeted or that the safety of our food could be compromised. But this is exactly the challenge the agri-food sector is dealing with right now.
It’s time to sound the alarm on water sector cybersecurity
A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety consequences, and threat actors know the damage they can cause.
Your supply chain security strategy might be missing the biggest risk
Many organizations have sharpened their focus on third-party risk management, carefully vetting the security practices of their vendors. However, a critical gap remains that many organizations overlook: fourth-party risk.
Ransomware will thrive until we change our strategy
We have reached a stage where ransomware isn’t simply a cybercrime issue: it is now clearly a business disruptor, a threat to societal trust, and increasingly, a national security crisis.
Why stolen credentials remain cybercriminals’ tool of choice
Simple tools often have the longest staying power because they get the job done. Take duct tape, it wasn’t designed to be fancy, just reliable for fixing leaks or holes. Similarly, stolen credentials are an old but still effective tactic used by threat actors.
How to fight document fraud with the latest tech tools
In this Help Net Security video, Thomas Berndorfer, CEO of Connecting Software, explores cutting-edge technologies designed to detect and prevent document forgery and digital fraud.
What attackers know about your company thanks to AI
In this Help Net Security video, Tom Cross, Head of Threat Research at GetReal Security, explores how generative AI is empowering threat actors. He breaks down three key areas: how GenAI lowers the technical barrier for attackers, enables highly convincing deepfake-driven social engineering, and allows threat actors to operate.
Inside the application security crisis no one wants to talk about
Despite knowing the risks, most organizations are still shipping insecure software. That’s one of the stark findings from Cypress Data Defense’s 2025 State of Application Security report, which reveals a worsening crisis in software security.
Boards shift focus to tech and navigate cautious investors
Corporate boards are adjusting to a more uncertain proxy landscape, according to EY’s 2025 Proxy Season Review. The report highlights four key 2025 proxy season trends shaping governance this year: more oversight of technology, fewer shareholder proposals (especially on sustainability), stronger support for directors, and continued approval of executive pay packages.
AI is here, security still isn’t
Although 79% of organizations are already running AI in production, only 6% have put in place a comprehensive security strategy designed specifically for AI. As a result, most enterprises remain exposed to threats they are not yet prepared to detect or respond to, according to the SandboxAQ AI Security Benchmark Report.
Why CISOs should rethink identity risk through attack paths
Identity-based attack paths are behind most breaches today, yet many organizations can’t actually see how those paths form. The 2025 State of Attack Path Management report from SpecterOps makes the case that traditional tools like identity governance, PAM, and MFA aren’t enough.
Why rural hospitals are losing the cybersecurity battle
Cyber threats are becoming more frequent and sophisticated, and rural hospitals and clinics are feeling the pressure from all sides: tight budgets, small teams, limited training, complex technology, and vendors that do not always offer much help. Often, they are left juggling security tools without the IT support to use them effectively, according to Paubox.
Secrets are leaking everywhere, and bots are to blame
Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools, are now the fastest-growing source of security risk in enterprise environments.
AI is changing the vCISO game
Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to Cynomi’s 2025 State of the Virtual CISO report, 67% of MSPs and MSSPs now offer vCISO services, up from just 21% in 2024.
Security gaps still haunt shared mobile device use in healthcare
Shared mobile devices are becoming the standard in hospitals and health systems. While they offer cost savings and workflow improvements, many organizations are still struggling to manage the security risks that come with them, according to Imprivata’s 2025 State of Shared Mobile Devices in Healthcare report.
Cybersecurity jobs available right now: July 29, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Beyond Passwords: A Guide to Advanced Enterprise Security Protection
Enzoic’s Beyond Passwords guide shows how to shift to identity-first protection with real-time credential monitoring, policy enforcement, and automated ATO defense.
Infosec products of the month: July 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Akeyless, At-Bay, Barracuda Networks, Bitdefender, Cynomi, Darwinium, DigitalOcean, Immersive, Lepide, Malwarebytes, ManageEngine, NETSCOUT, PlexTrac, Scamnetic, Seemplicity, Socure, StealthCores, Stellar Cyber, Tosibox, Tracer AI, and Zenni Optical.
