Don’t miss

Attackers fake IT support calls to steal Salesforce data

data theft, Don't miss, enterprise, extortion, Google, Hot stuff, News, Salesforce, social engineering, vishing /

Attackers fake IT support calls to steal Salesforce data 2025-06-04 at 17:47 By Zeljka Zorz Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters […]

React to this headline:

Loading spinner

Attackers fake IT support calls to steal Salesforce data Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)

0-day, Chrome, Don't miss, Google, Hot stuff, Microsoft Edge, News /

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) 2025-06-04 at 14:17 By Zeljka Zorz Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of bounds read and write vulnerability in V8, the JavaScript and WebAssembly engine developed by Google for the Chromium

React to this headline:

Loading spinner

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419) Read More »

How to manage your cyber risk in a modern attack surface

attacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Outpost24, Risk Management /

How to manage your cyber risk in a modern attack surface 2025-06-04 at 09:01 By Help Net Security According to research, 62% of organizations said their attack surface grew over the past year. It’s no coincidence that 76% of organizations also reported a cyberattack due to an exposed asset in 2024, as expanding digital footprints

React to this headline:

Loading spinner

How to manage your cyber risk in a modern attack surface Read More »

The hidden risks of LLM autonomy

Artificial Intelligence, Cato Networks, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, LLMs, News, risk, standards /

The hidden risks of LLM autonomy 2025-06-04 at 08:42 By Help Net Security Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact with external

React to this headline:

Loading spinner

The hidden risks of LLM autonomy Read More »

Agentic AI and the risks of unpredictable autonomy

Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, policy, Thoughtworks /

Agentic AI and the risks of unpredictable autonomy 2025-06-04 at 08:00 By Mirko Zorz In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems. He explains why conventional threat modeling needs to adapt to address autonomous decision-making and

React to this headline:

Loading spinner

Agentic AI and the risks of unpredictable autonomy Read More »

Rethinking governance in a decentralized identity world

Allegro Solutions, CISO, cybersecurity, Don't miss, Features, Hot stuff, LogicGate, News, SSO, strategy, tips /

Rethinking governance in a decentralized identity world 2025-06-04 at 07:36 By Mirko Zorz Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system when no

React to this headline:

Loading spinner

Rethinking governance in a decentralized identity world Read More »

How global collaboration is hitting cybercriminals where it hurts

cybercrime, cybercriminals, cybersecurity, Don't miss, Features, Government, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, Threat Intelligence, UK /

How global collaboration is hitting cybercriminals where it hurts 2025-06-03 at 09:03 By Mirko Zorz In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends,

React to this headline:

Loading spinner

How global collaboration is hitting cybercriminals where it hurts Read More »

Vet: Open-source software supply chain security tool

DevSecOps, Don't miss, GitHub, Hot stuff, News, open source, software, supply chain /

Vet: Open-source software supply chain security tool 2025-06-03 at 08:34 By Help Net Security Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including npm,

React to this headline:

Loading spinner

Vet: Open-source software supply chain security tool Read More »

Bankers Association’s attack on cybersecurity transparency

Banks, CISO, cybersecurity, Don't miss, Expert analysis, Government, Hot stuff, News, opinion /

Bankers Association’s attack on cybersecurity transparency 2025-06-03 at 08:04 By Help Net Security A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within

React to this headline:

Loading spinner

Bankers Association’s attack on cybersecurity transparency Read More »

Attackers breached ConnectWise, compromised customer ScreenConnect instances

ConnectWise, cyber espionage, Don't miss, government-backed attacks, Hot stuff, MSP, News, remote access, tech support /

Attackers breached ConnectWise, compromised customer ScreenConnect instances 2025-06-02 at 20:19 By Zeljka Zorz A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch was released

React to this headline:

Loading spinner

Attackers breached ConnectWise, compromised customer ScreenConnect instances Read More »

Product showcase: Smarter pentest reporting and exposure management with PlexTrac

Don't miss, Hot stuff, News, penetration testing, PlexTrac, Product showcase /

Product showcase: Smarter pentest reporting and exposure management with PlexTrac 2025-06-02 at 09:03 By Help Net Security The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To

React to this headline:

Loading spinner

Product showcase: Smarter pentest reporting and exposure management with PlexTrac Read More »

CISO 3.0: Leading AI governance and security in the boardroom

Artificial Intelligence, boardroom, CDW, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, tips, training /

CISO 3.0: Leading AI governance and security in the boardroom 2025-06-02 at 08:50 By Mirko Zorz In this Help Net Security interview, Aaron McCray, Field CISO at CDW, discusses how AI is transforming the CISO role from a tactical cybersecurity guardian into a strategic enterprise risk advisor. With AI now embedded across business functions, CISOs

React to this headline:

Loading spinner

CISO 3.0: Leading AI governance and security in the boardroom Read More »

Review: Metasploit, 2nd Edition

Binary Defense, book, Don't miss, Metasploit, News, OffSec, Rapid7, Review, Reviews, TrustedSec /

Review: Metasploit, 2nd Edition 2025-06-02 at 08:18 By Mirko Zorz If you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how pentesters are using the tool. It mostly succeeds, with some caveats depending on your experience level

React to this headline:

Loading spinner

Review: Metasploit, 2nd Edition Read More »

Security awareness training isn’t stopping breaches. Can AI help?

Abnormal AI, Don't miss, how-to, human error, News, security awareness, skill development, strategy, tips, training, Video /

Security awareness training isn’t stopping breaches. Can AI help? 2025-06-02 at 07:31 By Help Net Security In this Help Net Security video, Mick Leach, Field CISO at Abnormal AI, explores why security awareness training (SAT) is failing to reduce human error, the top cause of cybersecurity incidents. He discusses how AI can transform SAT into

React to this headline:

Loading spinner

Security awareness training isn’t stopping breaches. Can AI help? Read More »

Why privacy in blockchain must start with open source

blockchain, code, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, open source, Privacy, Zama /

Why privacy in blockchain must start with open source 2025-05-30 at 09:02 By Help Net Security Traditionally, trust came from centralized institutions. Banks, payment networks, and clearinghouses are closed systems. Users cannot see the inner workings, but they rely on external audits, government regulation, and long histories of compliance to feel secure. It’s a model

React to this headline:

Loading spinner

Why privacy in blockchain must start with open source Read More »

Microsoft unveils “centralized” software update tool for Windows

backup, Don't miss, enterprise, Hot stuff, Microsoft, News, orchestration, SMBs, Windows /

Microsoft unveils “centralized” software update tool for Windows 2025-05-29 at 14:49 By Zeljka Zorz Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The

React to this headline:

Loading spinner

Microsoft unveils “centralized” software update tool for Windows Read More »

What CISOs can learn from the frontlines of fintech cybersecurity

CISO, conferences, cybersecurity, Don't miss, Features, Hot stuff, Mastercard, News, opinion, Span, strategy, tips /

What CISOs can learn from the frontlines of fintech cybersecurity 2025-05-29 at 09:03 By Mirko Zorz At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard. Our conversation cut through the hype and focused on what CISOs deal with every day: how to embed security

React to this headline:

Loading spinner

What CISOs can learn from the frontlines of fintech cybersecurity Read More »

How to threat hunt Living Off The Land binaries

cybersecurity, Don't miss, News, strategy, threat hunting, tips, Video /

How to threat hunt Living Off The Land binaries 2025-05-29 at 07:32 By Help Net Security In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins). These are legitimate tools built into operating systems, such as

React to this headline:

Loading spinner

How to threat hunt Living Off The Land binaries Read More »

Review: Cybersecurity For Dummies, 3rd Edition

books, cybersecurity, Don't miss, Hot stuff, News, Review, Reviews, skill development /

Review: Cybersecurity For Dummies, 3rd Edition 2025-05-29 at 07:01 By Mirko Zorz If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point. It’s written with beginners in mind and assumes you know how

React to this headline:

Loading spinner

Review: Cybersecurity For Dummies, 3rd Edition Read More »

Attackers hit MSP, use its RMM software to deliver ransomware to clients

Don't miss, Hot stuff, MSP, News, Ransomware, remote management, SimpleHelp, SMBs, Sophos, vulnerability /

Attackers hit MSP, use its RMM software to deliver ransomware to clients 2025-05-28 at 14:36 By Zeljka Zorz A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium

React to this headline:

Loading spinner

Attackers hit MSP, use its RMM software to deliver ransomware to clients Read More »

Scroll to Top