Don’t miss

NTLM relay attacks are back from the dead

NTLM relay attacks are back from the dead 2025-07-04 at 09:32 By Help Net Security NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are […]

React to this headline:

Loading spinner

NTLM relay attacks are back from the dead Read More »

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future 2025-07-04 at 08:38 By Help Net Security While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social

React to this headline:

Loading spinner

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future Read More »

Google open-sources privacy tech for age verification

Google open-sources privacy tech for age verification 2025-07-03 at 18:47 By Sinisa Markovic Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic solution that

React to this headline:

Loading spinner

Google open-sources privacy tech for age verification Read More »

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code 2025-07-03 at 16:03 By Zeljka Zorz Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew

React to this headline:

Loading spinner

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code Read More »

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) 2025-07-03 at 14:19 By Zeljka Zorz Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and

React to this headline:

Loading spinner

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) Read More »

GitPhish: Open-source GitHub device code flow security assessment tool

GitPhish: Open-source GitHub device code flow security assessment tool 2025-07-03 at 09:30 By Help Net Security GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a

React to this headline:

Loading spinner

GitPhish: Open-source GitHub device code flow security assessment tool Read More »

Healthcare CISOs must secure more than what’s regulated

Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also

React to this headline:

Loading spinner

Healthcare CISOs must secure more than what’s regulated Read More »

Qantas data breach could affect 6 million customers

Qantas data breach could affect 6 million customers 2025-07-02 at 14:04 By Zeljka Zorz Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said that

React to this headline:

Loading spinner

Qantas data breach could affect 6 million customers Read More »

Cybersecurity essentials for the future: From hype to what works

Cybersecurity essentials for the future: From hype to what works 2025-07-02 at 09:03 By Mirko Zorz Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s easy to get distracted. But at the end of the day, the goal stays

React to this headline:

Loading spinner

Cybersecurity essentials for the future: From hype to what works Read More »

How FinTechs are turning GRC into a strategic enabler

How FinTechs are turning GRC into a strategic enabler 2025-07-02 at 08:36 By Mirko Zorz In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to tighter regulations and global growth. He discusses the impact of frameworks

React to this headline:

Loading spinner

How FinTechs are turning GRC into a strategic enabler Read More »

Secretless Broker: Open-source tool connects apps securely without passwords or keys

Secretless Broker: Open-source tool connects apps securely without passwords or keys 2025-07-02 at 08:01 By Mirko Zorz Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like databases, web services, SSH endpoints, or other TCP-based systems. Secretless Broker features “We created Secretless Broker

React to this headline:

Loading spinner

Secretless Broker: Open-source tool connects apps securely without passwords or keys Read More »

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC 2025-07-02 at 07:31 By Anamarija Pogorelec The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging from 4GB to 512GB and holds FIPS 140-2 Level 3 validation. The device

React to this headline:

Loading spinner

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC Read More »

Microsoft introduces protection against email bombing

Microsoft introduces protection against email bombing 2025-07-01 at 18:54 By Zeljka Zorz By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique that results in

React to this headline:

Loading spinner

Microsoft introduces protection against email bombing Read More »

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) 2025-07-01 at 16:11 By Zeljka Zorz If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in Unix-like

React to this headline:

Loading spinner

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) Read More »

Google patches actively exploited Chrome (CVE‑2025‑6554)

Google patches actively exploited Chrome (CVE‑2025‑6554) 2025-07-01 at 13:15 By Zeljka Zorz Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554

React to this headline:

Loading spinner

Google patches actively exploited Chrome (CVE‑2025‑6554) Read More »

Federal Reserve System CISO on aligning cyber risk management with transparency, trust

Federal Reserve System CISO on aligning cyber risk management with transparency, trust 2025-07-01 at 09:08 By Mirko Zorz In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven strategy. She explains how the Fed assesses potential disruptions to financial stability and

React to this headline:

Loading spinner

Federal Reserve System CISO on aligning cyber risk management with transparency, trust Read More »

How cybercriminals are weaponizing AI and what CISOs should do about it

How cybercriminals are weaponizing AI and what CISOs should do about it 2025-07-01 at 08:31 By Mirko Zorz In a recent case tracked by Flashpoint, a finance worker at a global firm joined a video call that seemed normal. By the end of it, $25 million was gone. Everyone on the call except the employee

React to this headline:

Loading spinner

How cybercriminals are weaponizing AI and what CISOs should do about it Read More »

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics 2025-07-01 at 07:34 By Help Net Security This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted

React to this headline:

Loading spinner

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics Read More »

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

CitrixBleed 2 might be actively exploited (CVE-2025-5777) 2025-06-30 at 15:47 By Zeljka Zorz While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in

React to this headline:

Loading spinner

CitrixBleed 2 might be actively exploited (CVE-2025-5777) Read More »

RIFT: New open-source tool from Microsoft helps analyze Rust malware

RIFT: New open-source tool from Microsoft helps analyze Rust malware 2025-06-30 at 13:01 By Mirko Zorz Microsoft’s Threat Intelligence Center has released a new tool called RIFT to help malware analysts identify malicious code hidden in Rust binaries. While Rust is becoming more popular for its speed and memory safety, those same qualities make malware

React to this headline:

Loading spinner

RIFT: New open-source tool from Microsoft helps analyze Rust malware Read More »

Scroll to Top