Don’t miss

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models […]

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Chrome, computer forensics, DNS, Don't miss, GitHub, News, open source, software /

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

React to this headline:

Loading spinner

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

How to use Hide My Email to protect your inbox from spam

apple, Don't miss, email security, how-to, News, Privacy /

How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email

React to this headline:

Loading spinner

How to use Hide My Email to protect your inbox from spam Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

DeepSeek’s popularity exploited by malware peddlers, scammers

Artificial Intelligence, China, consumer, data security, DeepSeek, Don't miss, enterprise, Hot stuff, KELA, LLMs, Malware, News, Privacy, threat /

DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they

React to this headline:

Loading spinner

DeepSeek’s popularity exploited by malware peddlers, scammers Read More »

How Lazarus Group built a cyber espionage empire

cyber attribution, cybersecurity, Don't miss, News, North Korea, report, SecurityScorecard, supply chain compromise /

How Lazarus Group built a cyber espionage empire 2025-01-29 at 11:04 By Help Net Security Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis,

React to this headline:

Loading spinner

How Lazarus Group built a cyber espionage empire Read More »

Preparing financial institutions for the next generation of cyber threats

cybersecurity, Data Protection, Don't miss, Features, financial industry, fraud, Hot stuff, News, opinion, regulation, threats, Visa /

Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial

React to this headline:

Loading spinner

Preparing financial institutions for the next generation of cyber threats Read More »

SEC and FCA fines: Issues jump

communication, Compliance, cybersecurity, Don't miss, financial industry, Hot stuff, MirrorWeb, Video /

SEC and FCA fines: Issues jump 2025-01-29 at 06:33 By Help Net Security The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of unconventional platforms, such as Snapchat, used for business operations. In this Help Net Security video, David Clee,

React to this headline:

Loading spinner

SEC and FCA fines: Issues jump Read More »

Europeans targeted with new Tor-using backdoor and infostealers

Cisco, Don't miss, Europe, Hot stuff, Malware, News, phishing /

Europeans targeted with new Tor-using backdoor and infostealers 2025-01-28 at 15:04 By Zeljka Zorz A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The attacker sends out fake money transfer confirmations

React to this headline:

Loading spinner

Europeans targeted with new Tor-using backdoor and infostealers Read More »

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 2025-01-28 at 13:18 By Zeljka Zorz Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of

React to this headline:

Loading spinner

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Read More »

BloodyAD: Open-source Active Directory privilege escalation framework

Active Directory, Don't miss, GitHub, News, open source, software /

BloodyAD: Open-source Active Directory privilege escalation framework 2025-01-28 at 07:00 By Mirko Zorz BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features “I created this tool because I do a lot of internal testing

React to this headline:

Loading spinner

BloodyAD: Open-source Active Directory privilege escalation framework Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Bishop Fox, CVE, Don't miss, enterprise, Hot stuff, News, security update, SMBs, SonicWall, vulnerability /

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

React to this headline:

Loading spinner

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

AI security posture management will be needed before agentic AI takes hold

Artificial Intelligence, authentication, bot, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, framework, IBS Software, News, opinion /

AI security posture management will be needed before agentic AI takes hold 2025-01-27 at 07:40 By Help Net Security As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing AI bot frameworks for enterprise

React to this headline:

Loading spinner

AI security posture management will be needed before agentic AI takes hold Read More »

Don’t let these open-source cybersecurity tools slip under your radar

Android, cybersecurity, Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, software, Windows /

Don’t let these open-source cybersecurity tools slip under your radar 2025-01-27 at 07:07 By Help Net Security This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I

React to this headline:

Loading spinner

Don’t let these open-source cybersecurity tools slip under your radar Read More »

Cyber trends set to influence business strategies

boardroom, cyber risk, cybersecurity, data security, Diligent, Don't miss, fraud, generative AI, Hot stuff, predictions, strategy, Video /

Cyber trends set to influence business strategies 2025-01-27 at 06:42 By Help Net Security Diligent convened a group of 65 board members, C-suite executives, and leading subject matter experts to explore topics shaping the future of business: generative AI, cybersecurity and data privacy, geopolitical risk, and financial fraud and abuse. In this Help Net Security

React to this headline:

Loading spinner

Cyber trends set to influence business strategies Read More »

How to use Apple’s App Privacy Report to monitor data tracking

apple, cybersecurity, Don't miss, how-to, News, Privacy /

How to use Apple’s App Privacy Report to monitor data tracking 2025-01-27 at 06:03 By Help Net Security The App Privacy Report, which Apple introduced in iOS 15.2, allows users to monitor how apps access data and interact with third-party services. The report provides an in-depth analysis of the types of sensitive data accessed by

React to this headline:

Loading spinner

How to use Apple’s App Privacy Report to monitor data tracking Read More »

North Korean IT workers are extorting employers, FBI warns

data theft, Don't miss, enterprise, extortion, Hot stuff, News, North Korea, USA /

North Korean IT workers are extorting employers, FBI warns 2025-01-24 at 16:48 By Zeljka Zorz The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In

React to this headline:

Loading spinner

North Korean IT workers are extorting employers, FBI warns Read More »

GUI frontends for GnuPG, the free implementation of the OpenPGP standard

Don't miss, Encryption, GitHub, Linux, News, open source, software /

GUI frontends for GnuPG, the free implementation of the OpenPGP standard 2025-01-24 at 07:20 By Help Net Security GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and support for public key directories. While primarily a command-line tool, GnuPG

React to this headline:

Loading spinner

GUI frontends for GnuPG, the free implementation of the OpenPGP standard Read More »

Juniper enterprise routers backdoored via “magic packet” malware

backdoor, Don't miss, enterprise, Hot stuff, Juniper Networks, Linux, Lumen, Malware, News, router /

Juniper enterprise routers backdoored via “magic packet” malware 2025-01-23 at 20:05 By Zeljka Zorz A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse shell when instructed to do so. “Our telemetry indicates the J-magic campaign

React to this headline:

Loading spinner

Juniper enterprise routers backdoored via “magic packet” malware Read More »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco, Don't miss, Hot stuff, News, PoC, security update, video conferencing, vulnerability /

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 2025-01-23 at 15:03 By Zeljka Zorz Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint

React to this headline:

Loading spinner

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Read More »

Scroll to Top