Don’t miss

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot

bootkit, Don't miss, ESET, Hot stuff, News, Ransomware /

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot 2025-09-12 at 19:00 By Help Net Security ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from […]

React to this headline:

Loading spinner

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Read More »

CISA looks to partners to shore up the future of the CVE Program

CISA, CVE, Don't miss, Government, Hot stuff, MITRE, News, USA, vulnerability assessment /

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders

React to this headline:

Loading spinner

CISA looks to partners to shore up the future of the CVE Program Read More »

Your heartbeat could reveal your identity, even in anonymized datasets

biometrics, data security, Don't miss, Features, hardware, healthcare, Hot stuff, News, Privacy, research, wearable tech /

Your heartbeat could reveal your identity, even in anonymized datasets 2025-09-12 at 09:12 By Mirko Zorz A new study has found that electrocardiogram (ECG) signals, often shared publicly for medical research, can be linked back to individuals. Researchers were able to re-identify people in anonymous datasets with surprising accuracy, raising questions about how health data

React to this headline:

Loading spinner

Your heartbeat could reveal your identity, even in anonymized datasets Read More »

Attackers are coming for drug formulas and patient data

CISO, critical infrastructure, cyber risk, cybersecurity, Don't miss, healthcare, IBM, Internet of Things, Madaket Health, News, strategy /

Attackers are coming for drug formulas and patient data 2025-09-12 at 08:18 By Sinisa Markovic In the pharmaceutical industry, clinical trial data, patient records, and proprietary drug formulas are prime targets for cybercriminals. These high-value assets make the sector a constant focus for attacks. Disruptions to research or medicine distribution can have life-threatening consequences. “During

React to this headline:

Loading spinner

Attackers are coming for drug formulas and patient data Read More »

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls

ACSC, Australia, Don't miss, Hot stuff, News, Ransomware, Rapid7, SonicWall, vulnerability /

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira

React to this headline:

Loading spinner

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »

Default Cursor setting can be exploited to run malicious code on developers’ machines

Cursor, Don't miss, Hot stuff, News, Oasis Security, programming, software development, vulnerability /

Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is

React to this headline:

Loading spinner

Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »

When typing becomes tracking: Study reveals widespread silent keystroke interception

data collection, data security, Don't miss, Features, Hot stuff, News, Privacy, research, surveillance /

When typing becomes tracking: Study reveals widespread silent keystroke interception 2025-09-11 at 09:17 By Mirko Zorz You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence. A team of researchers from UC Davis,

React to this headline:

Loading spinner

When typing becomes tracking: Study reveals widespread silent keystroke interception Read More »

How attackers weaponize communications networks

BlackBerry, cybersecurity, data security, Don't miss, Features, Hot stuff, network, network monitoring, News, regulation, secure communications, telecommunications /

How attackers weaponize communications networks 2025-09-11 at 08:30 By Mirko Zorz In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He explains why attackers focus on these networks and how their motivations range from corporate espionage to geopolitical influence. The discussion

React to this headline:

Loading spinner

How attackers weaponize communications networks Read More »

The state of DMARC adoption: What 10M domains reveal

cybersecurity, DMARC, Don't miss, email security, Fortra, News, Video /

The state of DMARC adoption: What 10M domains reveal 2025-09-11 at 07:43 By Help Net Security In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email

React to this headline:

Loading spinner

The state of DMARC adoption: What 10M domains reveal Read More »

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday

Adobe, Adobe ColdFusion, Don't miss, Hot stuff, Immersive, magento, News, Patch Tuesday, Sansec, SAP, security update, Tenable, Trend Micro, vulnerability /

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday 2025-09-10 at 13:56 By Zeljka Zorz On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft

React to this headline:

Loading spinner

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday Read More »

Automated network pentesting uncovers what traditional tests missed

automation, cybersecurity, Don't miss, Hot stuff, network, News, patching, penetration testing, Vonahi Security /

Automated network pentesting uncovers what traditional tests missed 2025-09-10 at 11:45 By Zeljka Zorz Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000

React to this headline:

Loading spinner

Automated network pentesting uncovers what traditional tests missed Read More »

Deepfakes are rewriting the rules of geopolitics

cyber risk, cybersecurity, deepfakes, Don't miss, Entrust, Features, Government, News /

Deepfakes are rewriting the rules of geopolitics 2025-09-10 at 09:21 By Sinisa Markovic Deception and media manipulation have always been part of warfare, but AI has taken them to a new level. Entrust reports that deepfakes were created every five minutes in 2024, while the European Parliament estimates that 8 million will circulate across the

React to this headline:

Loading spinner

Deepfakes are rewriting the rules of geopolitics Read More »

Garak: Open-source LLM vulnerability scanner

Artificial Intelligence, Don't miss, GitHub, LLMs, News, open source, scanner, software /

Garak: Open-source LLM vulnerability scanner 2025-09-10 at 09:00 By Help Net Security LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks for problems like hallucinations, prompt injections, jailbreaks, and toxic outputs. By running

React to this headline:

Loading spinner

Garak: Open-source LLM vulnerability scanner Read More »

Fixing silent failures in security controls with adversarial exposure validation

Don't miss, Expert analysis, Expert corner, Hot stuff, News, Picus Security, report, security controls, Whitepapers and webinars /

Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can

React to this headline:

Loading spinner

Fixing silent failures in security controls with adversarial exposure validation Read More »

Plex tells users to change passwords due to data breach, pushes server owners to upgrade

data breach, Don't miss, Hot stuff, News, Plex Media Server, security update, streaming device, vulnerability /

Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from

React to this headline:

Loading spinner

Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »

Download: Cyber defense guide for the financial sector

Center for Internet Security, Don't miss, Hot stuff, News, Whitepapers and webinars /

Download: Cyber defense guide for the financial sector 2025-09-09 at 15:46 By Help Net Security Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s cybersecurity, you must contend with evolving regulatory obligations, outdated IT infrastructure, and other challenges. How do you

React to this headline:

Loading spinner

Download: Cyber defense guide for the financial sector Read More »

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal

Don't miss, Encryption, EU, Europe, European Commission, News, Privacy, regulation, scanning, smartphones, surveillance /

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal 2025-09-09 at 10:22 By Mirko Zorz Nearly 500 scientists and researchers have signed an open letter warning that the latest version of the EU’s Chat Control Proposal would weaken digital security while failing to deliver meaningful protection for children. The signatories represent 34 countries

React to this headline:

Loading spinner

Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Arctic Wolf Networks, data theft, Don't miss, enterprise, Hot stuff, malvertising, Malware, malware analysis, News, SMBs /

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

React to this headline:

Loading spinner

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Connected cars are racing ahead, but security is stuck in neutral

car, connected cars, cyber risk, Don't miss, Features, hardware, Hot stuff, News, supply chain /

Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential

React to this headline:

Loading spinner

Connected cars are racing ahead, but security is stuck in neutral Read More »

Scroll to Top