Don’t miss

Building a healthcare cybersecurity strategy that works

Artificial Intelligence, cybersecurity, Don't miss, Features, healthcare, Hot stuff, News, Ochsner Health, regulation, strategy /

Building a healthcare cybersecurity strategy that works 2025-10-13 at 09:41 By Mirko Zorz In this Help Net Security interview, Wayman Cummings, CISO at Ochsner Health, talks about building a healthcare cybersecurity strategy, even when resources are tight. He explains how focusing on areas like vulnerability management and network segmentation can make the biggest difference. Cummings […]

React to this headline:

Loading spinner

Building a healthcare cybersecurity strategy that works Read More »

AI-generated images have a problem of credibility, not creativity

cybersecurity, Don't miss, generative AI, News, strategy /

AI-generated images have a problem of credibility, not creativity 2025-10-13 at 08:34 By Sinisa Markovic GenAI simplifies image creation, yet it creates hard problems around intellectual property, authenticity, and accountability. Researchers at Queen’s University in Canada examined watermarking as a way to tag AI images so origin and integrity can be checked. Watermarking scenario overview

React to this headline:

Loading spinner

AI-generated images have a problem of credibility, not creativity Read More »

The five-minute guide to OT cyber resilience

critical infrastructure, cyber resilience, cybersecurity, Don't miss, e2e-assure, Hot stuff, ICS/SCADA, News, remote access, Video /

The five-minute guide to OT cyber resilience 2025-10-13 at 08:19 By Help Net Security In this Help Net Security video, Rob Demain, CEO of e2e-assure, explains the essentials of OT cybersecurity resilience. He discusses the importance of understanding remote access points, supply chain connections, and the need for specialized sensors to monitor OT networks that

React to this headline:

Loading spinner

The five-minute guide to OT cyber resilience Read More »

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)

CVE, Don't miss, Hot stuff, News, Oracle, vulnerability /

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) 2025-10-12 at 13:18 By Zeljka Zorz Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884). About CVE-2025-61884 CVE-2025-61884 is a vulnerability in the Runtime user interface in the Oracle Configurator product of Oracle E-Business Suite (EBS). Like CVE-2025-61882 before

React to this headline:

Loading spinner

Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884) Read More »

Apple offers $2 million for zero-click exploit chains

apple, bug bounty, Don't miss, Hot stuff, News /

Apple offers $2 million for zero-click exploit chains 2025-10-10 at 16:16 By Zeljka Zorz Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more

React to this headline:

Loading spinner

Apple offers $2 million for zero-click exploit chains Read More »

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)

0-day, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News, remote access, SMBs /

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) 2025-10-10 at 13:40 By Zeljka Zorz CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a

React to this headline:

Loading spinner

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) Read More »

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes

React to this headline:

Loading spinner

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »

From theory to training: Lessons in making NICE usable

CISA, CISO, CXO, cybersecurity, Daon, Don't miss, Features, framework, Hot stuff, News, NICE, research, Risk Management, SMBs, strategy, tips /

From theory to training: Lessons in making NICE usable 2025-10-10 at 09:02 By Mirko Zorz SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and

React to this headline:

Loading spinner

From theory to training: Lessons in making NICE usable Read More »

Securing agentic AI with intent-based permissions

access management, agentic AI, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, Token Security, zero trust /

Securing agentic AI with intent-based permissions 2025-10-10 at 08:31 By Help Net Security When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate

React to this headline:

Loading spinner

Securing agentic AI with intent-based permissions Read More »

Nagios: Open-source monitoring solution

Don't miss, GitHub, monitoring, News, open source, software /

Nagios: Open-source monitoring solution 2025-10-10 at 08:19 By Anamarija Pogorelec Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT infrastructure, covering everything from websites and DNS to servers, routers, switches, workstations, and critical services. It helps organizations proactively

React to this headline:

Loading spinner

Nagios: Open-source monitoring solution Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

React to this headline:

Loading spinner

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

React to this headline:

Loading spinner

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Behind the screens: Building security customers appreciate

access control, Artificial Intelligence, authentication, CISO, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, PRA Group, strategy, tips /

Behind the screens: Building security customers appreciate 2025-10-09 at 08:03 By Mirko Zorz In this Help Net Security interview, Jess Vachon, CISO at PRA Group, discusses the company’s multi-layered defense against fraud and its commitment to protecting customer trust. Vachon explains how PRA Group balances identity verification with a seamless customer experience. Vachon also reflects

React to this headline:

Loading spinner

Behind the screens: Building security customers appreciate Read More »

Turning the human factor into your strongest cybersecurity defense

burnout, cybersecurity, Don't miss, Hot stuff, human error, News, training, Upwind, Video /

Turning the human factor into your strongest cybersecurity defense 2025-10-09 at 07:30 By Help Net Security In this Help Net Security video, Jacob Martens, Field CISO at Upwind Security, explores one of cybersecurity’s most enduring challenges: the human factor behind breaches. Despite advances in technology, most attacks still begin with people, not code. He explains

React to this headline:

Loading spinner

Turning the human factor into your strongest cybersecurity defense Read More »

Researchers uncover ClickFix-themed phishing kit

Don't miss, Hot stuff, News, Palo Alto Networks, phishing, social engineering /

Researchers uncover ClickFix-themed phishing kit 2025-10-08 at 16:26 By Zeljka Zorz Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing

React to this headline:

Loading spinner

Researchers uncover ClickFix-themed phishing kit Read More »

North Korean hackers stole over $2 billion in cryptocurrency this year

Cryptocurrency, Cryptocurrency Exchange, Don't miss, Elliptic, Hot stuff, News, North Korea, social engineering, theft /

North Korean hackers stole over $2 billion in cryptocurrency this year 2025-10-08 at 14:49 By Zeljka Zorz North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on

React to this headline:

Loading spinner

North Korean hackers stole over $2 billion in cryptocurrency this year Read More »

Rethinking AI security architectures beyond Earth

aerospace, Artificial Intelligence, AWS, CISO, cybersecurity, data center, Don't miss, Features, Google Cloud, Hot stuff, NASA, News, One Identity, research, security telemetry /

Rethinking AI security architectures beyond Earth 2025-10-08 at 09:39 By Mirko Zorz If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that must stay secure while communicating through long, delay-prone links. A new study explores how AI could automate security

React to this headline:

Loading spinner

Rethinking AI security architectures beyond Earth Read More »

DefectDojo: Open-source DevSecOps platform

DevSecOps, Don't miss, GitHub, News, open source, software /

DefectDojo: Open-source DevSecOps platform 2025-10-08 at 09:39 By Anamarija Pogorelec DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track and remove duplicate findings, handle remediation, and generate reports. Whether you’re a solo security practitioner or a CISO managing multiple teams, DefectDojo helps

React to this headline:

Loading spinner

DefectDojo: Open-source DevSecOps platform Read More »

New system aims to keep people connected when networks fail

Bluetooth, communication, cybersecurity, Don't miss, emergency alert systems, networking, News, research, smartphones, software, wireless /

New system aims to keep people connected when networks fail 2025-10-08 at 07:32 By Sinisa Markovic When disaster strikes, communication often fails. Cell towers can go offline, internet connections can disappear, and people are left without a way to share information or ask for help. A new research project looks at how to keep people

React to this headline:

Loading spinner

New system aims to keep people connected when networks fail Read More »

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)

BSI, Don't miss, Hot stuff, News, Redis, vulnerability, Wiz /

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) 2025-10-07 at 16:36 By Zeljka Zorz Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth

React to this headline:

Loading spinner

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) Read More »

Scroll to Top