Don’t miss

APTRS: Open-source automated penetration testing reporting system

Don't miss, GitHub, News, open source, penetration testing, software /

APTRS: Open-source automated penetration testing reporting system 2025-04-09 at 07:46 By Mirko Zorz APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the […]

React to this headline:

Loading spinner

APTRS: Open-source automated penetration testing reporting system Read More »

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

0-day, Don't miss, Hot stuff, Immersive, Microsoft, News, Patch Tuesday, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) 2025-04-08 at 22:16 By Zeljka Zorz April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be – and

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) Read More »

11 cyber defense tips to stay secure at work and home

Center for Internet Security, Don't miss, News /

11 cyber defense tips to stay secure at work and home 2025-04-08 at 16:29 By Help Net Security Cybersecurity is inextricably tied to the technology it protects. Just as technology continues to grow in variety, quantity, and presence in all of our lives, so too does cybersecurity and our personal responsibility for it. You might

React to this headline:

Loading spinner

11 cyber defense tips to stay secure at work and home Read More »

Excessive agency in LLMs: The growing risk of unchecked autonomy

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, LLMs, News, opinion /

Excessive agency in LLMs: The growing risk of unchecked autonomy 2025-04-08 at 08:39 By Help Net Security For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these

React to this headline:

Loading spinner

Excessive agency in LLMs: The growing risk of unchecked autonomy Read More »

Observability is security’s way back into the cloud conversation

Cloud, cloud adoption, cybersecurity, Don't miss, Features, Hot stuff, New Relic, News, opinion, strategy /

Observability is security’s way back into the cloud conversation 2025-04-08 at 08:02 By Mirko Zorz In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in

React to this headline:

Loading spinner

Observability is security’s way back into the cloud conversation Read More »

Phishing, fraud, and the financial sector’s crisis of trust

cybersecurity, DataVisor, Discover, Don't miss, financial industry, fraud, J.D. Power, News, phishing, Ping Identity, Portal26 /

Phishing, fraud, and the financial sector’s crisis of trust 2025-04-08 at 08:02 By Anamarija Pogorelec The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. Escalation of phishing attacks While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted

React to this headline:

Loading spinner

Phishing, fraud, and the financial sector’s crisis of trust Read More »

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)

Don't miss, Hot stuff, News, vulnerability, Windows, WinRAR /

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) 2025-04-07 at 14:36 By Zeljka Zorz WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334

React to this headline:

Loading spinner

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) Read More »

CISOs battle security platform fatigue

BeyondTrust, CISO, Don't miss, Features, Gigamon, Hot stuff, Ivanti, News, opinion, Panaseer, strategy, Syxsense, tips, Tuskira /

CISOs battle security platform fatigue 2025-04-07 at 08:31 By Mirko Zorz It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age

React to this headline:

Loading spinner

CISOs battle security platform fatigue Read More »

The shift to identity-first security and why it matters

access management, Artificial Intelligence, BeyondID, CISO, cybersecurity, Don't miss, Features, Hot stuff, News /

The shift to identity-first security and why it matters 2025-04-07 at 08:10 By Mirko Zorz In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in

React to this headline:

Loading spinner

The shift to identity-first security and why it matters Read More »

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection

AWS, cloud security, Don't miss, GitHub, Hot stuff, News, open source, software /

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection 2025-04-07 at 07:35 By Mirko Zorz YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of

React to this headline:

Loading spinner

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection Read More »

The rise of compromised LLM attacks

Artificial Intelligence, Don't miss, Hot stuff, LLMs, News, Vectra AI, Video /

The rise of compromised LLM attacks 2025-04-07 at 07:03 By Help Net Security In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather in how

React to this headline:

Loading spinner

The rise of compromised LLM attacks Read More »

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday, Windows /

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft 2025-04-04 at 08:50 By Help Net Security Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and

React to this headline:

Loading spinner

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft Read More »

Forward-thinking CISOs are shining a light on shadow IT

Armis, Artificial Intelligence, automation, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, shadow IT, strategy, tips /

Forward-thinking CISOs are shining a light on shadow IT 2025-04-04 at 08:32 By Mirko Zorz In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks of shadow IT. Rather than focusing on restrictive policies, fostering proactive partnerships with

React to this headline:

Loading spinner

Forward-thinking CISOs are shining a light on shadow IT Read More »

Inside the AI-driven threat landscape

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, News, Nothreat, Video /

Inside the AI-driven threat landscape 2025-04-04 at 07:35 By Help Net Security In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers. With the adoption of generative AI, cyber threats are

React to this headline:

Loading spinner

Inside the AI-driven threat landscape Read More »

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

cyber espionage, Don't miss, Hot stuff, Ivanti, Mandiant, News, VPN, vulnerability /

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability

React to this headline:

Loading spinner

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CISA, Cisco, Don't miss, expl, Hot stuff, News, SANS ISC, vulnerability /

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up

React to this headline:

Loading spinner

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) Read More »

Phishers are increasingly impersonating electronic toll collection companies

cybercrime, Don't miss, Facebook, Guardio, Hot stuff, Microsoft, News, phishing, Prodaft, scams, Steam /

Phishers are increasingly impersonating electronic toll collection companies 2025-04-03 at 14:31 By Zeljka Zorz Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta, Microsoft,

React to this headline:

Loading spinner

Phishers are increasingly impersonating electronic toll collection companies Read More »

7 ways to get C-suite buy-in on that new cybersecurity tool

Check Point, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, investment, News, opinion, resilience /

7 ways to get C-suite buy-in on that new cybersecurity tool 2025-04-03 at 08:34 By Help Net Security You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save

React to this headline:

Loading spinner

7 ways to get C-suite buy-in on that new cybersecurity tool Read More »

Building a cybersecurity strategy that survives disruption

CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, tips /

Building a cybersecurity strategy that survives disruption 2025-04-03 at 08:14 By Mirko Zorz Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s

React to this headline:

Loading spinner

Building a cybersecurity strategy that survives disruption Read More »

Open-source malware doubles, data exfiltration attacks dominate

cybercrime, Data exfiltration, Don't miss, Malware, News, open source, report, Sonatype /

Open-source malware doubles, data exfiltration attacks dominate 2025-04-03 at 07:02 By Help Net Security There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from

React to this headline:

Loading spinner

Open-source malware doubles, data exfiltration attacks dominate Read More »

Scroll to Top