Don’t miss

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)

0-day, Don't miss, Hot stuff, Microsoft, MS Office, News, security update /

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) 2026-01-27 at 11:22 By Zeljka Zorz Microsoft released emergency Office security updates to fix a security feature bypass vulnerability (CVE-2026-21509) that its threat intelligence and security teams spotted being exploited in the wild in zero-day attacks. Users and admins are advised to review the associated […]

Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509) Read More »

When open science meets real-world cybersecurity

CISO, collaboration, critical infrastructure, cybersecurity, Don't miss, Features, News, opinion, strategy /

When open science meets real-world cybersecurity 2026-01-27 at 09:44 By Mirko Zorz Scientific research environments are built for openness and collaboration, often prioritizing long-term discovery over traditional enterprise security. In this Help Net Security interview, Matthew Kwiatkowski, CISO at Fermilab, America’s particle physics and accelerator laboratory, discusses where cybersecurity blind spots emerge, why availability can

When open science meets real-world cybersecurity Read More »

Poland repels data-wiping malware attack on energy systems

APT, cyber resilience, disruption, Don't miss, energy sector, ESET, EU, govern, Hot stuff, Malware, News, poland, Russian Federation /

Poland repels data-wiping malware attack on energy systems 2026-01-26 at 14:37 By Zeljka Zorz Suspected Russian cyber attackers tried to take down parts of Poland’s energy infrastructure with new data-wiping malware – and failed. According to information shared by the Polish government earlier this month, the attacks happened on 29 and 30 December 2025, and

Poland repels data-wiping malware attack on energy systems Read More »

Inside Microsoft’s veteran-to-tech workforce pipeline

CISO, cybersecurity, Don't miss, education, Features, Hot stuff, Microsoft, News, skill development, strategy /

Inside Microsoft’s veteran-to-tech workforce pipeline 2026-01-26 at 12:12 By Zeljka Zorz The technology workforce is changing, and military veterans are increasingly being recognized as one of the industry’s most valuable and dependable talent pools. In this Help Net Security interview, Chris Cortez, Vice President of Military Affairs at Microsoft and longtime leader of the Microsoft

Inside Microsoft’s veteran-to-tech workforce pipeline Read More »

Brakeman: Open-source vulnerability scanner for Ruby on Rails applications

Don't miss, GitHub, News, open source, Ruby, scanner, scanning, software /

Brakeman: Open-source vulnerability scanner for Ruby on Rails applications 2026-01-26 at 08:00 By Anamarija Pogorelec Brakeman is an open-source security scanner used by teams that build applications with Ruby on Rails. The tool focuses on application code and configuration, giving developers and security teams a way to identify common classes of web application risk during

Brakeman: Open-source vulnerability scanner for Ruby on Rails applications Read More »

Incident response lessons learned the hard way

ConnectSecure, cybersecurity, Don't miss, Incident Response, News, strategy, Video /

Incident response lessons learned the hard way 2026-01-26 at 07:36 By Help Net Security In this Help Net Security video, Ryan Seymour, VP, Consulting and Education at ConnectSecure, shares lessons from more than two decades in cybersecurity incident response. He explains why many response failures are set in motion long before an attack begins. The

Incident response lessons learned the hard way Read More »

Okta users under attack: Modern phishing kits are turbocharging vishing attacks

attack tools, Don't miss, Google, Hot stuff, Microsoft 365, News, Okta, vishing /

Okta users under attack: Modern phishing kits are turbocharging vishing attacks 2026-01-23 at 15:31 By Zeljka Zorz Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets’ login credentials while also allowing attackers to control the authentication flow in a targeted user’s browser in real-time. At least

Okta users under attack: Modern phishing kits are turbocharging vishing attacks Read More »

One-time SMS links that never expire are exposing personal data for years

data security, Don't miss, Features, Group-IB, News, Palo Alto Networks, Privacy, Proofpoint, research, Sekoia.io /

One-time SMS links that never expire are exposing personal data for years 2026-01-23 at 08:47 By Sinisa Markovic Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for years. Malicious URLs continue to shift from email to

One-time SMS links that never expire are exposing personal data for years Read More »

More employees get AI tools, fewer rely on them at work

agentic AI, Artificial Intelligence, Deloitte, Don't miss, Kovant, News, report /

More employees get AI tools, fewer rely on them at work 2026-01-23 at 08:03 By Mirko Zorz People across many organizations now have access to AI tools, and usage keeps spreading. Some groups rely on AI during regular work, others treat it as an occasional helper. That gap between access and routine use sits at

More employees get AI tools, fewer rely on them at work Read More »

Energy sector orgs targeted with AiTM phishing campaign

Don't miss, energy sector, Hot stuff, Microsoft, MITM, News, phishing, SharePoint /

Energy sector orgs targeted with AiTM phishing campaign 2026-01-22 at 15:19 By Zeljka Zorz Organizations in the energy sector are being targeted with phishing emails aimed at compromising enterprise accounts, Microsoft warns. The attack campaign The attacks started with phishing emails with “NEW PROPOSAL – NDA” in the subject line, coming from a compromised email

Energy sector orgs targeted with AiTM phishing campaign Read More »

Exposed training apps are showing up in active cloud attacks

cloud security, cybersecurity, Don't miss, misconfiguration, News, Pentera, report /

Exposed training apps are showing up in active cloud attacks 2026-01-22 at 09:06 By Sinisa Markovic Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited. The research focuses on intentionally vulnerable

Exposed training apps are showing up in active cloud attacks Read More »

Unbounded AI use can break your systems

access control, Artificial Intelligence, code, cybersecurity, Don't miss, DryRun Security, LLMs, News, Video /

Unbounded AI use can break your systems 2026-01-22 at 08:01 By Help Net Security In this Help Net Security video, James Wickett, CEO of DryRun Security, explains cyber risks many teams underestimate as they add AI to products. He focuses on how fast LLM features are pushed into live applications without limits or guardrails. The

Unbounded AI use can break your systems Read More »

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?

Arctic Wolf Networks, Don't miss, firewall, Fortinet, FortiOS, Hot stuff, Huntress, News, privileged accounts, SSO, vulnerability /

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? 2026-01-21 at 22:22 By Zeljka Zorz CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? Read More »

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)

Cisco, communication, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) 2026-01-21 at 20:57 By Zeljka Zorz Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the wild, the company announced on Wednesday via a security advisory. About CVE-2026-20045 CVE-2026-20045 is

RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045) Read More »

RansomHub claims alleged breach of Apple partner Luxshare

apple, data breach, Don't miss, extortion, Hot stuff, Intel, News, NVIDIA, Qualcomm, Samsung /

RansomHub claims alleged breach of Apple partner Luxshare 2026-01-21 at 14:34 By Zeljka Zorz Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit. Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and Vision Pro devices, as well as a producer

RansomHub claims alleged breach of Apple partner Luxshare Read More »

Linux users targeted by crypto thieves via hijacked apps on Snap Store

Canonical, Cryptocurrency, digital wallet, Don't miss, Hot stuff, Linux, Malware, malware detection, News, Snap Store, software protection /

Linux users targeted by crypto thieves via hijacked apps on Snap Store 2026-01-21 at 12:17 By Zeljka Zorz Cryptocurrency thieves have found a new way to turn trusted software packages for Linux on the Snap Store into crypto-stealing malware, Ubuntu contributor and former Canonical developer Alan Pope warned. SnapScope web app identifies malicious snaps (Source:

Linux users targeted by crypto thieves via hijacked apps on Snap Store Read More »

Pro-Russian hacktivist campaigns continue against UK organizations

cyberattacks, cybersecurity, DDoS, Don't miss, Europe, Hacktivism, National Cyber Security Centre, News, Orange Cyberdefense, Russian Federation, UK /

Pro-Russian hacktivist campaigns continue against UK organizations 2026-01-21 at 12:00 By Sinisa Markovic The UK’s National Cyber Security Centre reports ongoing cyber operations by Russian-aligned hacktivist groups targeting organizations in the UK and abroad. NoName057(16) remains active In December 2025, the NCSC co signed an advisory warning that pro-Russian hacktivist groups were conducting cyber operations

Pro-Russian hacktivist campaigns continue against UK organizations Read More »

Cybercriminals speak the language young people trust

cybercrime, cybersecurity, Don't miss, News /

Cybercriminals speak the language young people trust 2026-01-21 at 08:30 By Sinisa Markovic Criminal groups actively recruit, train, and retain people in structured ways. They move fast, pay in crypto, and place no weight on age. Young people are dealing with a new kind of addiction. It isn’t drugs, alcohol, or gambling. It’s screens. Constant

Cybercriminals speak the language young people trust Read More »

Bandit: Open-source tool designed to find security issues in Python code

code analysis, cybersecurity, DevSecOps, Don't miss, GitHub, News, open source, Python, scanning, software /

Bandit: Open-source tool designed to find security issues in Python code 2026-01-21 at 08:04 By Sinisa Markovic Bandit is an open-source tool that scans Python source code for security issues that show up in everyday development. Many security teams and developers use it as a quick way to spot risky coding patterns early in the

Bandit: Open-source tool designed to find security issues in Python code Read More »

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, penetration testing, PlexTrac, remediation, vulnerability management /

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever 2026-01-21 at 07:34 By Help Net Security Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting,

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever Read More »

Scroll to Top