Don’t miss

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221)

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) 2025-05-02 at 16:18 By Zeljka Zorz Attackers have been using two previously known vulnerabilities (CVE-2024-38475, CVE-2023-44221) to compromise Sonicwall secure mobile access devices, the vendor has confirmed by updating the associated advisories. CISA has added the two flaws to its Known Exploited Vulnerabilities catalog, […]

React to this headline:

Loading spinner

Attackers exploited old flaws to breach SonicWall SMA appliances (CVE-2024-38475, CVE-2023-44221) Read More »

Why SMEs can no longer afford to ignore cyber risk

Why SMEs can no longer afford to ignore cyber risk 2025-05-01 at 09:32 By Mirko Zorz In this Help Net Security interview, Steven Furnell, Professor of Cyber Security at the University of Nottingham, illustrates how small and medium-sized businesses (SMEs) must reassess their risk exposure and prioritize resilience to safeguard their long-term growth and stability.

React to this headline:

Loading spinner

Why SMEs can no longer afford to ignore cyber risk Read More »

Preparing for the next wave of machine identity growth

Preparing for the next wave of machine identity growth 2025-05-01 at 09:21 By Mirko Zorz Machine identities are multiplying fast, and many organizations are struggling to keep up. In this Help Net Security interview, Wendy Wu, CMO at SailPoint, explains why machine identity security matters, where most companies go wrong, how automation can help, and

React to this headline:

Loading spinner

Preparing for the next wave of machine identity growth Read More »

Hottest cybersecurity open-source tools of the month: April 2025

Hottest cybersecurity open-source tools of the month: April 2025 2025-05-01 at 08:36 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. GoSearch: Open-source OSINT tool for uncovering digital footprints GoSearch is an open-source OSINT tool built to uncover digital footprints linked to

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: April 2025 Read More »

Top solutions to watch after RSAC 2025

Top solutions to watch after RSAC 2025 2025-05-01 at 08:03 By Help Net Security RSAC 2025 showcased a wave of innovation, with vendors unveiling technologies poised to redefine cybersecurity. From AI-powered defense to breakthroughs in identity protection, this year’s conference delivered a glimpse into the future. Here are the most interesting products that caught our

React to this headline:

Loading spinner

Top solutions to watch after RSAC 2025 Read More »

Online fraud peaks as breaches rise

Online fraud peaks as breaches rise 2025-05-01 at 07:31 By Help Net Security Data breaches played a key role in significant financial losses faced by consumers due to fraud. In this Help Net Security video, Steve Yin, Global Head of Fraud at TransUnion, and Brad Daughdrill, VP, Data Science, Head of Global Fraud Analytics, TransUnion,

React to this headline:

Loading spinner

Online fraud peaks as breaches rise Read More »

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities 2025-04-30 at 16:31 By Zeljka Zorz Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies. “Because AirPlay is a fundamental piece of software for Apple

React to this headline:

Loading spinner

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities Read More »

Download: Edgescan 2025 Vulnerability Statistics Report

Download: Edgescan 2025 Vulnerability Statistics Report 2025-04-30 at 16:03 By Help Net Security Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that automated tools consistently miss, and evaluates the real-world effectiveness of leading vulnerability scoring methodologies, including EPSS, CISA KEV, CVSS, and our proprietary EVSS system.

React to this headline:

Loading spinner

Download: Edgescan 2025 Vulnerability Statistics Report Read More »

Property renters targeted in simple BEC scam

Property renters targeted in simple BEC scam 2025-04-30 at 14:32 By Zeljka Zorz Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam preying on renters “Most campaigns are sent from compromised mailboxes belonging to educational institutions in

React to this headline:

Loading spinner

Property renters targeted in simple BEC scam Read More »

Product showcase: Ledger Flex secure crypto wallet

Product showcase: Ledger Flex secure crypto wallet 2025-04-30 at 09:02 By Sinisa Markovic The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it suitable for both beginners and more experienced users. Ledger Flex stores your private keys offline. This

React to this headline:

Loading spinner

Product showcase: Ledger Flex secure crypto wallet Read More »

Villain: Open-source framework for managing and enhancing reverse shells

Villain: Open-source framework for managing and enhancing reverse shells 2025-04-30 at 08:04 By Mirko Zorz Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, Villain enhances these shells with added functionality, offering commands and utilities, and allowing for shell sessions sharing across

React to this headline:

Loading spinner

Villain: Open-source framework for managing and enhancing reverse shells Read More »

Securing the invisible: Supply chain security trends

Securing the invisible: Supply chain security trends 2025-04-30 at 07:34 By Anamarija Pogorelec Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses by weaponizing

React to this headline:

Loading spinner

Securing the invisible: Supply chain security trends Read More »

Why cyber resilience must be part of every organization’s DNA

Why cyber resilience must be part of every organization’s DNA 2025-04-30 at 07:05 By Help Net Security As AI brings about excitement and transformative potential, the report reveals that organizations are forging ahead with innovations despite increased security concerns, according to LevelBlue’s 2025 Futures Report. In fact, just 29% of executives surveyed say they are

React to this headline:

Loading spinner

Why cyber resilience must be part of every organization’s DNA Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

React to this headline:

Loading spinner

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

CISA warns about actively exploited Broadcom, Commvault vulnerabilities

CISA warns about actively exploited Broadcom, Commvault vulnerabilities 2025-04-29 at 15:47 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT admins

React to this headline:

Loading spinner

CISA warns about actively exploited Broadcom, Commvault vulnerabilities Read More »

Marks & Spencer cyber incident linked to ransomware group

Marks & Spencer cyber incident linked to ransomware group 2025-04-29 at 14:18 By Zeljka Zorz The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted. The Telegraph’s sources say ransomware was deployed by a unnamed criminal gang. Bleeping Computer’s

React to this headline:

Loading spinner

Marks & Spencer cyber incident linked to ransomware group Read More »

Eyes, ears, and now arms: IoT is alive

Eyes, ears, and now arms: IoT is alive 2025-04-29 at 09:36 By Help Net Security I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now,

React to this headline:

Loading spinner

Eyes, ears, and now arms: IoT is alive Read More »

What’s worth automating in cyber hygiene, and what’s not

What’s worth automating in cyber hygiene, and what’s not 2025-04-29 at 09:05 By Mirko Zorz Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. Teams are scattered. Some machines haven’t been rebooted in months. Automation can help. But

React to this headline:

Loading spinner

What’s worth automating in cyber hygiene, and what’s not Read More »

Want faster products and stronger trust? Build security in, not bolt it on

Want faster products and stronger trust? Build security in, not bolt it on 2025-04-29 at 08:42 By Mirko Zorz In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He explains why security must be embedded across IT, business lines, and product development, how

React to this headline:

Loading spinner

Want faster products and stronger trust? Build security in, not bolt it on Read More »

Scroll to Top