Don’t miss

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

data theft, Don't miss, exploit, extortion, Hot stuff, Mandiant, News, Oracle, Resecurity, WatchTowr /

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) 2025-10-07 at 15:36 By Zeljka Zorz Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown, […]

React to this headline:

Loading spinner

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) Read More »

How to get better results from bug bounty programs without wasting money

Alta Associates, bug bounty, CISO, cybersecurity, Don't miss, Features, Google, Hot stuff, Intigriti, News, strategy, tips, UpCloud, vulnerability disclosure /

How to get better results from bug bounty programs without wasting money 2025-10-07 at 14:03 By Mirko Zorz The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic study based on Google’s Vulnerability Rewards Program (VRP) offers rare

React to this headline:

Loading spinner

How to get better results from bug bounty programs without wasting money Read More »

Hackers launch data leak site to extort 39 victims, or Salesforce

Data leak, data theft, Don't miss, extortion, Hot stuff, News, Salesforce, social engineering /

Hackers launch data leak site to extort 39 victims, or Salesforce 2025-10-06 at 17:44 By Zeljka Zorz Scattered Lapsus$ Hunters launched a data leak site over the weekend, aiming to pressure organizations whose Salesforce databases they have plundered into paying to prevent the stolen data from being released. Screenshot of Scattered Lapsus$ Hunters data leak

React to this headline:

Loading spinner

Hackers launch data leak site to extort 39 victims, or Salesforce Read More »

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)

data theft, Don't miss, extortion, Hot stuff, Mandiant, News, Oracle /

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) 2025-10-06 at 15:28 By Zeljka Zorz The Cl0p extortion gang exploited multiple Oracle E-Business Suite (EBS) vulnerabilities, including one zero-day flaw (CVE-2025-61882), “to steal large amounts of data from several victim[s] in August 2025,” Charles Carmakal, CTO at Mandiant – Google Cloud, stated

React to this headline:

Loading spinner

Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882) Read More »

How to succeed at cybersecurity job interviews

cybersecurity, cybersecurity jobs, Don't miss, Features, how-to, News, strategy, tips /

How to succeed at cybersecurity job interviews 2025-10-06 at 09:06 By Sinisa Markovic Imagine this: you’ve made it through the résumé screen, your skills look solid on paper, and now it’s interview day. The next hour will decide whether you move forward or go back to the job boards. What separates the candidates who land

React to this headline:

Loading spinner

How to succeed at cybersecurity job interviews Read More »

Meet ARGUS, the robot built to catch hackers and physical intruders

access control, cybersecurity, Don't miss, hardware, Incident Response, intrusion detection, News, research /

Meet ARGUS, the robot built to catch hackers and physical intruders 2025-10-06 at 08:38 By Sinisa Markovic Hospitals, airports, and campuses are no longer dealing with separate security problems. Someone can slip past a checkpoint while another actor launches a network scan, and together those actions create a bigger risk than either one alone. Most

React to this headline:

Loading spinner

Meet ARGUS, the robot built to catch hackers and physical intruders Read More »

Proxmox Mail Gateway: Open-source email security solution reaches version 9.0

antivirus, content filtering, Don't miss, Email, email security, News, open source, Proxmox, software /

Proxmox Mail Gateway: Open-source email security solution reaches version 9.0 2025-10-06 at 08:06 By Anamarija Pogorelec First released in 2005, the open-source Proxmox Mail Gateway has become a widely adopted mail proxy, positioned between the firewall and the internal mail server to stop threats before they reach users. The platform delivers anti-spam and antivirus filtering

React to this headline:

Loading spinner

Proxmox Mail Gateway: Open-source email security solution reaches version 9.0 Read More »

When loading a model means loading an attacker

Artificial Intelligence, CISO, cybersecurity, Don't miss, machine learning, News, research, strategy, tips /

When loading a model means loading an attacker 2025-10-03 at 10:15 By Sinisa Markovic You probably think twice before downloading a random app or opening an unfamiliar email attachment. But how often do you stop to consider what happens when your team downloads and loads a machine learning model? A recent study shows why you

React to this headline:

Loading spinner

When loading a model means loading an attacker Read More »

4 ways to use time to level up your security monitoring

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Incident Response, InfluxData, monitoring, News, opinion, SaaS, security telemetry, SIEM /

4 ways to use time to level up your security monitoring 2025-10-03 at 09:09 By Help Net Security SIEMs excel at correlating events and firing alerts, but their ingest pipelines can get overwhelmed when scaled. And because most SIEMs rely on general-purpose log storage platforms, even with lower-cost archive tiers, long-term retention at full fidelity

React to this headline:

Loading spinner

4 ways to use time to level up your security monitoring Read More »

Hackers claim to have plundered Red Hat’s GitHub repos

data breach, data theft, Don't miss, GitHub, Hot stuff, News, Red Hat /

Hackers claim to have plundered Red Hat’s GitHub repos 2025-10-02 at 20:00 By Zeljka Zorz The Crimson Collective, an emerging extortion / hacker group, has made a bombshell claim on their Telegram channel: they have gained access to Red Hat’s GitHub and have exfiltrated data from over 28,000 internal repositories connected to the company’s consulting

React to this headline:

Loading spinner

Hackers claim to have plundered Red Hat’s GitHub repos Read More »

Oracle customers targeted with emails claiming E-Business Suite breach, data theft

Atmos, Don't miss, extortion, Google Cloud, Halcyon, Hot stuff, Mandiant, News, Oracle /

Oracle customers targeted with emails claiming E-Business Suite breach, data theft 2025-10-02 at 16:19 By Zeljka Zorz Unknown attackers claiming affiliation with the Cl0p extortion gang are hitting business and IT executives at various companies with emails claiming that they have exfiltrated sensitive data from the firms’ Oracle E-Business Suite (EBS). The email campaign According

React to this headline:

Loading spinner

Oracle customers targeted with emails claiming E-Business Suite breach, data theft Read More »

Building a mature automotive cybersecurity program beyond checklists

agentic AI, Agero, automotive security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, security controls, security metrics, strategy /

Building a mature automotive cybersecurity program beyond checklists 2025-10-02 at 09:41 By Mirko Zorz In this Help Net Security interview, Robert Sullivan, CIO & CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing mature security programs, meeting regulatory requirements, and addressing supply chain risks. Sullivan also looks ahead to how

React to this headline:

Loading spinner

Building a mature automotive cybersecurity program beyond checklists Read More »

GPT needs to be rewired for security

Artificial Intelligence, automation, cybersecurity, Don't miss, Exaforce, Expert analysis, Expert corner, Hot stuff, LLMs, News, opinion, SOC /

GPT needs to be rewired for security 2025-10-02 at 09:18 By Help Net Security LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high

React to this headline:

Loading spinner

GPT needs to be rewired for security Read More »

Chekov: Open-source static code analysis tool

cloud security, code analysis, cybersecurity, Don't miss, GitHub, News, open source, software /

Chekov: Open-source static code analysis tool 2025-10-02 at 09:18 By Sinisa Markovic Checkov is an open-source tool designed to help teams secure their cloud infrastructure and code. At its core, it’s a static code analysis tool for infrastructure as code (IaC), but it also goes a step further by providing software composition analysis (SCA) for

React to this headline:

Loading spinner

Chekov: Open-source static code analysis tool Read More »

The energy sector is ground zero for global cyber activity

critical infrastructure, cybersecurity, Don't miss, energy sector, machine learning, News, research, threats /

The energy sector is ground zero for global cyber activity 2025-10-02 at 08:27 By Sinisa Markovic A new study from the Karlsruhe Institute of Technology shows how geopolitical tensions shape cyberattacks on power grids, fuel systems, and other critical infrastructure. How the research was done Researchers reviewed major cyber threat databases including MITRE ATT&CK Groups,

React to this headline:

Loading spinner

The energy sector is ground zero for global cyber activity Read More »

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S.

AI, Australia, Canada, Don't miss, Europe, financial industry, Germany, Government, healthcare, Hot stuff, India, Insider Threat, Japan, News, North Korea, Okta, remote working, Singapore, software development, tips, UK, USA /

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. 2025-10-01 at 17:24 By Zeljka Zorz North Korea’s clandestine IT Worker (ITW) program, which is long known for targeting U.S. technology firms and crypto firms, has broadened its scope to attempt to infiltrate a variety of industries worldwide, including finance, healthcare, public

React to this headline:

Loading spinner

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. Read More »

Google Drive for desktop will spot, stop and remedy ransomware damage

cloud storage, Don't miss, Encryption, Google, Google Drive, Hot stuff, macOS, News, Ransomware, Windows /

Google Drive for desktop will spot, stop and remedy ransomware damage 2025-10-01 at 16:33 By Zeljka Zorz Google has rolled out AI-powered ransomware detection and file restoration features in Drive for desktop, Google’s official file syncing and access app for Windows and macOS. Currently in open beta, this new layer of defense is not meant

React to this headline:

Loading spinner

Google Drive for desktop will spot, stop and remedy ransomware damage Read More »

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts

0-day, Cisco, Don't miss, firewall, Government, government-backed attacks, GreyNoise, Hot stuff, News, Shadowserver /

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts 2025-10-01 at 13:36 By Zeljka Zorz Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) for months, there are still around 48,000 vulnerable appliances out there. The number is provided by

React to this headline:

Loading spinner

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts Read More »

Hackers love LOTL, this approach shuts them down

Bitdefender, cyberattacks, cybersecurity, Don't miss, Hot stuff, News, Risk Management /

Hackers love LOTL, this approach shuts them down 2025-10-01 at 09:04 By Zeljka Zorz Every time cyber defenders and companies discover new ways to block intrusions, attackers change their tactics and find a way around the defenses. “Living off the Land” (LOTL) is a prime example: since many detection tools became good at flagging malware,

React to this headline:

Loading spinner

Hackers love LOTL, this approach shuts them down Read More »

A2AS framework targets prompt injection and agentic AI security risks

agentic AI, Artificial Intelligence, CISO, cybersecurity, Don't miss, framework, LLMs, News /

A2AS framework targets prompt injection and agentic AI security risks 2025-10-01 at 08:31 By Mirko Zorz AI systems are now deeply embedded in business operations, and this introduces new security risks that traditional controls are not built to handle. The newly released A2AS framework is designed to protect AI agents at runtime and prevent real-world

React to this headline:

Loading spinner

A2AS framework targets prompt injection and agentic AI security risks Read More »

Scroll to Top