Don’t miss

CISA orders US federal agencies to replace unsupported edge devices

CISA, Don't miss, firewall, Government, Hot stuff, network, News, router, USA /

CISA orders US federal agencies to replace unsupported edge devices 2026-02-06 at 18:24 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors and aren’t receiving timely security […]

CISA orders US federal agencies to replace unsupported edge devices Read More »

State-backed phishing attacks targeting military officials and journalists on Signal

cyber espionage, Don't miss, Europe, Germany, government-backed attacks, Hot stuff, News, phishing, Signal /

State-backed phishing attacks targeting military officials and journalists on Signal 2026-02-06 at 16:53 By Zeljka Zorz German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these

State-backed phishing attacks targeting military officials and journalists on Signal Read More »

Poland’s energy control systems were breached through exposed VPN access

APT, attacks, CERT-PL, disruption, Don't miss, energy sector, EU, Europe, Malware, News, poland, Russian Federation /

Poland’s energy control systems were breached through exposed VPN access 2026-02-06 at 16:27 By Sinisa Markovic On 29 December 2025, coordinated cyberattacks unfolded across Poland’s critical infrastructure, targeting energy and industrial organizations. The attackers struck numerous wind and solar farms, a private manufacturing company, and a heat and power (CHP) plant, but failed to negatively

Poland’s energy control systems were breached through exposed VPN access Read More »

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

CISA, Code White, Don't miss, enterprise, Hot stuff, News, Ransomware, SMBs, VulnCheck, WatchTowr /

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) 2026-02-06 at 13:12 By Zeljka Zorz For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) Read More »

February 2026 Patch Tuesday forecast: Lots of OOB love this month

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

February 2026 Patch Tuesday forecast: Lots of OOB love this month 2026-02-06 at 09:54 By Help Net Security Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 vulnerabilities in Windows

February 2026 Patch Tuesday forecast: Lots of OOB love this month Read More »

Mobile privacy audits are getting harder

Android, Don't miss, EU, Europe, framework, mobile apps, News, Privacy, research /

Mobile privacy audits are getting harder 2026-02-06 at 09:28 By Anamarija Pogorelec Mobile apps routinely collect and transmit personal data in ways that are difficult for users, developers, and regulators to verify. Permissions can reveal what an app can access, and privacy policies can claim what an app should do, yet neither reliably shows what

Mobile privacy audits are getting harder Read More »

The hidden cost of putting off security decisions

CISO, cyber risk, cybersecurity, Don't miss, Geordie AI, News, shadow IT, tips, Video, vulnerability management /

The hidden cost of putting off security decisions 2026-02-06 at 08:01 By Help Net Security In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how

The hidden cost of putting off security decisions Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

Broadcom, CISA, Don't miss, ESXi, exploit, GreyNoise, Hot stuff, News, patching, Ransomware, VMWare, vulnerability, vulnerability management /

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

Why a decade-old EnCase driver still works as an EDR killer

cyberattack, Don't miss, drivers, Endpoint Security, Hot stuff, intrusion detection, News, Windows /

Why a decade-old EnCase driver still works as an EDR killer 2026-02-05 at 14:02 By Zeljka Zorz Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This

Why a decade-old EnCase driver still works as an EDR killer Read More »

Smart glasses are back, privacy issues included

Artificial Intelligence, Data Protection, Don't miss, Features, Hot stuff, Meta, News, Privacy /

Smart glasses are back, privacy issues included 2026-02-05 at 09:11 By Sinisa Markovic AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies redesign the

Smart glasses are back, privacy issues included Read More »

Cybersecurity planning keeps moving toward whole-of-society models

CISO, cyber risk, Don't miss, Government, how-to, News, Risk Management, strategy, tips /

Cybersecurity planning keeps moving toward whole-of-society models 2026-02-05 at 09:11 By Sinisa Markovic National governments already run cybersecurity through a mix of ministries, regulators, law enforcement, and private operators that own most critical systems. In that environment, guidance circulating among policymakers outlines how national cybersecurity strategies increasingly tie together risk management, workforce planning, technology standards,

Cybersecurity planning keeps moving toward whole-of-society models Read More »

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk

Don't miss, Google, News, Tenable, vulnerability, vulnerability disclosure /

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk 2026-02-04 at 13:25 By Help Net Security Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Read More »

Global Threat Map: Open-source real-time situational awareness platform

Don't miss, GitHub, Hot stuff, News, open source, software, threats /

Global Threat Map: Open-source real-time situational awareness platform 2026-02-04 at 08:32 By Mirko Zorz Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack

Global Threat Map: Open-source real-time situational awareness platform Read More »

How Secure by Design helps developers build secure software

Center for Internet Security, Don't miss, Hot stuff, News /

How Secure by Design helps developers build secure software 2026-02-04 at 08:06 By Help Net Security Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean code. They’re being asked to build software that’s secure by design

How Secure by Design helps developers build secure software Read More »

Why incident response breaks down when it matters most

breach, cybersecurity, Don't miss, Incident Response, News, NR Labs, tips, Video /

Why incident response breaks down when it matters most 2026-02-04 at 07:45 By Help Net Security In this Help Net Security video, Jon David, Managing Director, NR Labs, discusses why incident response often breaks down during a breach. Drawing on years of experience watching real attackers operate across many industries, he walks through what tends

Why incident response breaks down when it matters most Read More »

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

APT, CERT-UA, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Microsoft, MS Office, News, vulnerability, Zscaler /

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

APT, Asia, China, cyber espionage, Don't miss, government-backed attacks, Hot stuff, Kaspersky, News, Rapid7 /

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

Why boards must prioritize non-human identity governance

boardroom, CISO, cyber risk, cybersecurity, Don't miss, GitGuardian, Hot stuff, identity management, News, Non Human Identities, opinion /

Why boards must prioritize non-human identity governance 2026-02-03 at 08:36 By Help Net Security Boards of Directors (BoDs) do three things exceptionally well when cyber is framed correctly. They set risk appetite, they allocate capital, and they demand evidence that the business can withstand disruption without losing momentum. Why cyber keeps becoming a board topic

Why boards must prioritize non-human identity governance Read More »

Open-source attacks move through normal development workflows

attacks, Don't miss, News, open source, report, ReversingLabs, supply chain, supply chain attacks, vulnerability management /

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS

2FAS, authentication, cybersecurity, Don't miss, identity management, identity protection, iOS, News, open source, Product showcase, software /

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS 2026-02-03 at 07:47 By Anamarija Pogorelec Online accounts usually rely on a password, but passwords alone can be weak if they’re reused, easily guessed, or stolen. Two-factor authentication (2FA) adds a second layer of verification, usually a six-digit code generated by an app on your

Product showcase: 2FAS Auth – Free, open-source 2FA for iOS Read More »

Scroll to Top