Why your security team feels stuck 2025-07-09 at 08:44 By Mirko Zorz Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and […]
React to this headline:
Why your security team feels stuck Read More »
It’s time to give AI security its own playbook and the people to run it 2025-07-09 at 08:04 By Mirko Zorz In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents.
React to this headline:
It’s time to give AI security its own playbook and the people to run it Read More »
Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different
React to this headline:
Kanvas: Open-source incident response case management tool Read More »
6 eye-opening books on AI’s rise, risks, and realities 2025-07-09 at 07:02 By Anamarija Pogorelec AI is changing how we detect, prevent, and respond to cyber threats. From traditional networks to emerging spaces, it is shaping security operations, identity management, and threat response. This collection of AI books offers diverse perspectives, including practical implementations, strategic
React to this headline:
6 eye-opening books on AI’s rise, risks, and realities Read More »
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) 2025-07-08 at 18:32 By Zeljka Zorz With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway instances have been probed and compromised by attackers.
React to this headline:
Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) Read More »
Exposure management is the answer to: “Am I working on the right things?” 2025-07-08 at 09:07 By Mirko Zorz In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment
React to this headline:
Exposure management is the answer to: “Am I working on the right things?” Read More »
Cyberattacks are changing the game for major sports events 2025-07-08 at 08:32 By Sinisa Markovic Sports fans and cybercriminals both look forward to major sporting events, but for very different reasons. Fake ticket sites, stolen login details, and DDoS attacks are common ways criminals try to make money or disrupt an event. Why are sports
React to this headline:
Cyberattacks are changing the game for major sports events Read More »
Can your security stack handle AI that thinks for itself? 2025-07-08 at 08:03 By Help Net Security In this Help Net Security video, Art Poghosyan, CEO at Britive, explores the rise of agentic AI and its impact on identity security. As autonomous AI agents begin to think, act, and interact more like humans, traditional identity
React to this headline:
Can your security stack handle AI that thinks for itself? Read More »
July 2025 Patch Tuesday forecast: Take a break from the grind 2025-07-07 at 09:33 By Help Net Security There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple of weeks. The news
React to this headline:
July 2025 Patch Tuesday forecast: Take a break from the grind Read More »
AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also
React to this headline:
AI built it, but can you trust it? Read More »
Aegis Authenticator: Free, open-source 2FA app for Android 2025-07-07 at 08:34 By Help Net Security Aegis Authenticator is an open-source 2FA app for Android that helps you manage login codes for your online accounts. The app features strong encryption and the ability to back up your data. It supports both HOTP and TOTP, so it
React to this headline:
Aegis Authenticator: Free, open-source 2FA app for Android Read More »
Review: Attack Surface Management 2025-07-07 at 08:04 By Mirko Zorz Attack Surface Management (ASM) has become one of those buzzwords that gets used a lot but rarely explained in detail. The authors of this book offer a practical guide that aims to change that. About the authors Ron Eddings is the Executive Producer at Hacker
React to this headline:
Review: Attack Surface Management Read More »
New technique detects tampering or forgery of a PDF document 2025-07-07 at 07:37 By Sinisa Markovic Researchers from the University of Pretoria presented a new technique for detecting tampering in PDF documents by analyzing the file’s page objects. The technique employs a prototype that can detect changes to a PDF document, such as changes made
React to this headline:
New technique detects tampering or forgery of a PDF document Read More »
NTLM relay attacks are back from the dead 2025-07-04 at 09:32 By Help Net Security NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are
React to this headline:
NTLM relay attacks are back from the dead Read More »
Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future 2025-07-04 at 08:38 By Help Net Security While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social
React to this headline:
Google open-sources privacy tech for age verification 2025-07-03 at 18:47 By Sinisa Markovic Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID or birthdate, which raises privacy and security concerns. In response, Google has open-sourced a cryptographic solution that
React to this headline:
Google open-sources privacy tech for age verification Read More »
You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code 2025-07-03 at 16:03 By Zeljka Zorz Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew
React to this headline:
Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) 2025-07-03 at 14:19 By Zeljka Zorz Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and
React to this headline:
Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) Read More »
GitPhish: Open-source GitHub device code flow security assessment tool 2025-07-03 at 09:30 By Help Net Security GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an authentication server, automated landing page deployment, and an administrative management interface. GitPhish can be accessed via a
React to this headline:
GitPhish: Open-source GitHub device code flow security assessment tool Read More »
Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also
React to this headline:
Healthcare CISOs must secure more than what’s regulated Read More »