Don’t miss

Cerbos: Open-source, scalable authorization solution

Don't miss, GitHub, News, open source, software /

Cerbos: Open-source, scalable authorization solution 2025-05-14 at 07:34 By Help Net Security Cerbos is an open-source solution designed to simplify and modernize access control for cloud-native, microservice-based applications. Instead of hardcoding authorization logic into your application, Cerbos lets you write flexible, context-aware access policies using a YAML syntax. These policies are managed separately from your […]

React to this headline:

Loading spinner

Cerbos: Open-source, scalable authorization solution Read More »

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days

Don't miss, Hot stuff, Immersive, Microsoft, Microsoft Edge, News, Patch Tuesday, SharePoint, Tenable, Trend Micro /

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days 2025-05-13 at 23:00 By Zeljka Zorz On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory

React to this headline:

Loading spinner

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days Read More »

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)

0-day, Don't miss, Fortinet, Hot stuff, IP phones, News /

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) 2025-05-13 at 21:48 By Zeljka Zorz Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-2025-32756 CVE-2025-32756 is a stack-based overflow vulnerability that

React to this headline:

Loading spinner

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

CERT-EU, Don't miss, Endpoint Security, Hot stuff, Ivanti, News, security update, vulnerability /

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

React to this headline:

Loading spinner

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

Product showcase: Go beyond VPNs and Tor with NymVPN

Don't miss, Hot stuff, News, Nym, Product showcase, VPN /

Product showcase: Go beyond VPNs and Tor with NymVPN 2025-05-13 at 16:01 By Help Net Security If you care about online privacy, you probably already know: Centralized VPNs and even Tor aren’t enough anymore. Traditional VPNs require you to trust a single company with your internet activity. Even if they promise “no logs,” you’re still

React to this headline:

Loading spinner

Product showcase: Go beyond VPNs and Tor with NymVPN Read More »

CISOs must speak business to earn executive trust

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PagerDuty, strategy /

CISOs must speak business to earn executive trust 2025-05-13 at 09:33 By Mirko Zorz In this Help Net Security interview, Pritesh Parekh, VP, CISO at PagerDuty talks about how CISOs can change perceptions of their role, build influence across the organization, communicate risk in business terms, and use automation to support business goals. What do

React to this headline:

Loading spinner

CISOs must speak business to earn executive trust Read More »

AI vs AI: How cybersecurity pros can use criminals’ tools against them

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Oxylabs /

AI vs AI: How cybersecurity pros can use criminals’ tools against them 2025-05-13 at 09:01 By Help Net Security For a while now, AI has played a part in cybersecurity. Now, agentic AI is taking center stage. Based on pre-programmed plans and objectives, agentic AI can make choices which optimize results without a need for

React to this headline:

Loading spinner

AI vs AI: How cybersecurity pros can use criminals’ tools against them Read More »

Breaking down silos in cybersecurity

CISO, collaboration, cybersecurity, Cymetry One, Don't miss, Hot stuff, Ionix, News, opinion, Risk Management, strategy /

Breaking down silos in cybersecurity 2025-05-13 at 08:34 By Help Net Security All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As

React to this headline:

Loading spinner

Breaking down silos in cybersecurity Read More »

Review: Resilient Cybersecurity

books, CISO, cybersecurity, Don't miss, how-to, News, opinion, Reviews, skill development, strategy, tips /

Review: Resilient Cybersecurity 2025-05-13 at 08:01 By Mirko Zorz Resilient Cybersecurity touches on nearly every major function of enterprise cybersecurity, from threat detection and identity management to vendor risk and regulatory compliance. About the author Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and

React to this headline:

Loading spinner

Review: Resilient Cybersecurity Read More »

Law enforcement takes down proxy botnets used by criminals

botnet, Don't miss, FBI, IoT, law enforcement, Lumen, News, Proxy, router, tips, US DoJ /

Law enforcement takes down proxy botnets used by criminals 2025-05-12 at 21:11 By Zeljka Zorz US and Dutch law enforcement, with the help of Lumen researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for ad fraud and DDoS and brute-force attacks (among other things). The domain seizure notice The

React to this headline:

Loading spinner

Law enforcement takes down proxy botnets used by criminals Read More »

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors

Don't miss, enterprise, Forescout, Government, Hot stuff, Incident Response, Mandiant, News, Onapsis, SAP, web shell /

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable

React to this headline:

Loading spinner

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »

How to give better cybersecurity presentations (without sounding like a robot)

CISO, conferences, CXO, Don't miss, Features, Hot stuff, how-to, News, skill development, strategy, tips /

How to give better cybersecurity presentations (without sounding like a robot) 2025-05-12 at 08:35 By Mirko Zorz Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only

React to this headline:

Loading spinner

How to give better cybersecurity presentations (without sounding like a robot) Read More »

Layoffs pose a cybersecurity risk: Here’s why offboarding matters

cyber risk, cybersecurity, Don't miss, Insider Threat, JumpCloud, News, Video /

Layoffs pose a cybersecurity risk: Here’s why offboarding matters 2025-05-12 at 07:39 By Help Net Security In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often overlook the security risks associated with properly

React to this headline:

Loading spinner

Layoffs pose a cybersecurity risk: Here’s why offboarding matters Read More »

Fake AI platforms deliver malware diguised as video content

Artificial Intelligence, cybercrime, Don't miss, Hot stuff, Malware, Morphisec, News, scams, SMBs, social engineering /

Fake AI platforms deliver malware diguised as video content 2025-05-09 at 16:53 By Zeljka Zorz A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but

React to this headline:

Loading spinner

Fake AI platforms deliver malware diguised as video content Read More »

LockBit hacked: What does the leaked data show?

cybercrime, Data leak, Don't miss, Hot stuff, News, Ransomware, Rapid7, Searchlight Cyber /

LockBit hacked: What does the leaked data show? 2025-05-09 at 14:33 By Zeljka Zorz The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate panel (Source: Help Net

React to this headline:

Loading spinner

LockBit hacked: What does the leaked data show? Read More »

May 2025 Patch Tuesday forecast: Panic, change, and hope

Adobe, apple, CVE, cybersecurity, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

May 2025 Patch Tuesday forecast: Panic, change, and hope 2025-05-09 at 09:11 By Help Net Security April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with 84 in Windows 11

React to this headline:

Loading spinner

May 2025 Patch Tuesday forecast: Panic, change, and hope Read More »

The many variants of the ClickFix social engineering tactic

Datadog, Don't miss, Google, Hot stuff, Malware, News, phishing, Proofpoint, Sekoia.io, social engineering /

The many variants of the ClickFix social engineering tactic 2025-05-08 at 18:50 By Zeljka Zorz As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction” page. In the

React to this headline:

Loading spinner

The many variants of the ClickFix social engineering tactic Read More »

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

Don't miss, Hot stuff, News, Rapid7, security update, SMBs, SonicWall, VPN, vulnerability /

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also

React to this headline:

Loading spinner

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »

How agentic AI and non-human identities are transforming cybersecurity

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, Non Human Identities, One Identity, opinion /

How agentic AI and non-human identities are transforming cybersecurity 2025-05-08 at 09:03 By Help Net Security Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud

React to this headline:

Loading spinner

How agentic AI and non-human identities are transforming cybersecurity Read More »

Scroll to Top