Don't miss - Security Ticks

Microsoft boosts default security of Windows 365 Cloud PCs

cloud computing, Don't miss, Hot stuff, hybrid workforce, Microsoft 365, News, remote working, virtualization, Windows / SecurityTicks

Microsoft boosts default security of Windows 365 Cloud PCs 2025-06-20 at 15:05 By Zeljka Zorz Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as […]

React to this headline:

Microsoft boosts default security of Windows 365 Cloud PCs Read More »

Strategies to secure long-life IoT devices

Artificial Intelligence, authentication, CISO, cybersecurity, Don't miss, Features, Hot stuff, IoT, network, News, Signify / SecurityTicks

Strategies to secure long-life IoT devices 2025-06-20 at 09:07 By Mirko Zorz In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges

React to this headline:

Strategies to secure long-life IoT devices Read More »

Why AI code assistants need a security reality check

Artificial Intelligence, code, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, News, Sonar / SecurityTicks

Why AI code assistants need a security reality check 2025-06-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities

React to this headline:

Why AI code assistants need a security reality check Read More »

GPS tracker detection made easy with off-the-shelf hardware

451 Research, car, cyberstalking, Don't miss, hardware, Internet of Things, location tracking, News, Privacy, scanner, tracking / SecurityTicks

GPS tracker detection made easy with off-the-shelf hardware 2025-06-19 at 08:33 By Mirko Zorz Cyberstalkers are increasingly turning to cheap GPS trackers to secretly monitor people in real time. These devices, which often cost less than $30 and run on 4G LTE networks, are small, easy to hide under a bumper or in a glovebox,

React to this headline:

GPS tracker detection made easy with off-the-shelf hardware Read More »

91% noise: A look at what’s wrong with traditional SAST tools

Application Security, automation, cybersecurity, Don't miss, Ghost Security, News, report, scanning / SecurityTicks

91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false

React to this headline:

91% noise: A look at what’s wrong with traditional SAST tools Read More »

AWS launches new cloud security features

account protection, AWS, cloud security, DDoS, Don't miss, Hot stuff, Kubernetes, MFA, News / SecurityTicks

AWS launches new cloud security features 2025-06-18 at 17:59 By Zeljka Zorz Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root

React to this headline:

AWS launches new cloud security features Read More »

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, openSUSE, Qualys, Ubuntu, vulnerability / SecurityTicks

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) 2025-06-18 at 14:49 By Zeljka Zorz Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable

React to this headline:

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) Read More »

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Kubernetes, News, opinion, Rootly / SecurityTicks

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security 2025-06-18 at 09:02 By Help Net Security As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of

React to this headline:

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security Read More »

AI is changing cybersecurity roles, and entry-level jobs are at risk

Artificial Intelligence, automation, Cato Networks, cybersecurity, Don't miss, Exabeam, News, Perspective Intelligence, Wipro / SecurityTicks

AI is changing cybersecurity roles, and entry-level jobs are at risk 2025-06-18 at 08:00 By Sinisa Markovic Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and to build enhanced incident response capabilities. What’s changing AI

React to this headline:

AI is changing cybersecurity roles, and entry-level jobs are at risk Read More »

From cleaners to creepers: The risk of mobile privilege escalation

Android, Don't miss, mobile devices, mobile security, News, smartphones, Video, Zimperium / SecurityTicks

From cleaners to creepers: The risk of mobile privilege escalation 2025-06-18 at 07:38 By Help Net Security In this Help Net Security video, Nico Chiaraviglio, Chief Scientist at Zimperium, explores how Android apps can be abused to escalate privileges, giving attackers access to sensitive data and system functions. Drawing on Zimperium’s recent research, he breaks

React to this headline:

From cleaners to creepers: The risk of mobile privilege escalation Read More »

Researchers unearth keyloggers on Outlook login pages

credentials, data theft, Don't miss, Government, Hot stuff, Microsoft Exchange, News, Outlook, Positive Technologies / SecurityTicks

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

React to this headline:

Researchers unearth keyloggers on Outlook login pages Read More »

Hackers love events. Why aren’t more CISOs paying attention?

BforeAI, CISO, conferences, CXO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Span, strategy, tips / SecurityTicks

Hackers love events. Why aren’t more CISOs paying attention? 2025-06-17 at 09:04 By Mirko Zorz When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and shareholder meetings bring a different kind of cybersecurity exposure. These events gather people, devices, and

React to this headline:

Hackers love events. Why aren’t more CISOs paying attention? Read More »

Before scaling GenAI, map your LLM usage and risk zones

Application Security, ArmorCode, Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, Lakera, LLMs, News, OWASP, policy, Straiker, The Motley Fool / SecurityTicks

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

React to this headline:

Before scaling GenAI, map your LLM usage and risk zones Read More »

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles

automotive security, CISA, Don't miss, GPS, Hot stuff, location tracking, News, remote management, SinoTrack / SecurityTicks

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles 2025-06-16 at 16:18 By Zeljka Zorz Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning

React to this headline:

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles Read More »

Why banks’ tech-first approach leaves governance gaps

Banks, CIO, CISO, Compliance, CXO, cybersecurity, Don't miss, Features, financial industry, Hot stuff, Live Oak Bank, News, opinion, regulation, Risk Management, security metrics, strategy / SecurityTicks

Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance

React to this headline:

Why banks’ tech-first approach leaves governance gaps Read More »

MDEAutomator: Open-source endpoint management, incident response in MDE

cybersecurity, Don't miss, GitHub, Hot stuff, Microsoft, News, open source, software / SecurityTicks

MDEAutomator: Open-source endpoint management, incident response in MDE 2025-06-16 at 08:36 By Help Net Security Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT and security teams looking

React to this headline:

MDEAutomator: Open-source endpoint management, incident response in MDE Read More »

Virtual kidnapping scams prey on our worst fears

Artificial Intelligence, BeyondID, cybercrime, cybersecurity, Don't miss, McAfee, News, scams, tips / SecurityTicks

Virtual kidnapping scams prey on our worst fears 2025-06-16 at 08:02 By Sinisa Markovic Getting a call saying a family member has been kidnapped is terrifying. Fear and panic take over, making it hard to think clearly. That’s exactly what criminals count on when they use a scam called virtual kidnapping. What is virtual kidnapping?

React to this headline:

Virtual kidnapping scams prey on our worst fears Read More »

Review: Learning Kali Linux, 2nd Edition

books, Don't miss, Kali Linux, Linux, News, OffSec, penetration testing, Review, Reviews, skill development / SecurityTicks

Review: Learning Kali Linux, 2nd Edition 2025-06-16 at 07:32 By Mirko Zorz Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new material on digital

React to this headline:

Review: Learning Kali Linux, 2nd Edition Read More »

Why CISOs need to understand the AI tech stack

Artificial Intelligence, CISO, Data Protection, Don't miss, News, regulation, report, strategy, tips / SecurityTicks

Why CISOs need to understand the AI tech stack 2025-06-16 at 07:01 By Mirko Zorz As AI spreads, so do the risks. Security leaders are being asked to protect systems they don’t fully understand yet, and that’s a problem. A new report from the Paladin Global Institute, The AI Tech Stack: A Primer for Tech

React to this headline:

Why CISOs need to understand the AI tech stack Read More »

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools

Don't miss, Hot stuff, Kali Linux, News, OffSec, open source, penetration testing, software / SecurityTicks

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest

React to this headline:

Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »

Don’t miss