Don’t miss

Five identity-driven shifts reshaping enterprise security in 2026

Artificial Intelligence, CISO, Compliance, cybersecurity, Delinea, Don't miss, Hot stuff, identity protection, News /

Five identity-driven shifts reshaping enterprise security in 2026 2025-12-24 at 11:18 By Help Net Security 2026 marks the tipping point when artificial intelligence begins to fundamentally reshape cyber risk. After several years of widespread adoption, AI moves beyond influencing how we work and starts transforming the enterprise itself. AI is now embedded at every layer […]

Five identity-driven shifts reshaping enterprise security in 2026 Read More »

What if your face could say “don’t record me”? Researchers think it’s possible

Don't miss, Facial Recognition, Features, Hot stuff, News, Privacy, research /

What if your face could say “don’t record me”? Researchers think it’s possible 2025-12-24 at 10:01 By Sinisa Markovic Phones, smart glasses, and other camera-equipped devices capture scenes that include people who never agreed to be recorded. A newly published study examines what it would take for bystanders to signal their privacy choices directly to

What if your face could say “don’t record me”? Researchers think it’s possible Read More »

Conjur: Open-source secrets management and application identity

CyberArk, data security, Don't miss, GitHub, News, open source, software /

Conjur: Open-source secrets management and application identity 2025-12-24 at 08:34 By Sinisa Markovic Conjur is an open-source secrets management project designed for environments built around containers, automation, and dynamic infrastructure. It focuses on controlling access to credentials such as database passwords, API keys, and tokens that applications need at runtime. The project is maintained in

Conjur: Open-source secrets management and application identity Read More »

Counterfeit defenses built on paper have blind spots

authentication, data security, Don't miss, News, research /

Counterfeit defenses built on paper have blind spots 2025-12-24 at 08:17 By Anamarija Pogorelec Counterfeit protection often leans on the idea that physical materials have quirks no attacker can copy. A new study challenges that comfort by showing how systems built on paper surface fingerprints can be disrupted or bypassed. The research comes from teams

Counterfeit defenses built on paper have blind spots Read More »

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits

Don't miss, Hot stuff, Kaspersky, Malware, News, PoC /

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits 2025-12-23 at 14:47 By Zeljka Zorz Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities. Delivering the malware The recently uncovered Webrat can steal data from

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits Read More »

Formal proofs expose long standing cracks in DNSSEC

authentication, DNS, DNSSEC, Don't miss, network, News, Palo Alto Networks, Purdue University, research, University of California /

Formal proofs expose long standing cracks in DNSSEC 2025-12-23 at 09:41 By Sinisa Markovic DNSSEC is meant to stop attackers from tampering with DNS answers. It signs records so resolvers can verify that data is authentic and unchanged. Many security teams assume that if DNSSEC validation passes, the answer can be trusted. New academic research

Formal proofs expose long standing cracks in DNSSEC Read More »

Weak enforcement keeps PCI DSS compliance low

Compliance, Don't miss, framework, News, PCI DSS, regulation, research /

Weak enforcement keeps PCI DSS compliance low 2025-12-23 at 09:41 By Sinisa Markovic Payment card breaches continue to surface across industries, even after years of investment in security standards. A new study links this pattern to enforcement, showing that PCI DSS compliance trails behind HIPAA, GDPR, and the EU’s NIS2 Directive. A compliance gap that

Weak enforcement keeps PCI DSS compliance low Read More »

Docker makes hardened images free open and transparent for everyone

containers, DevSecOps, Docker, Don't miss, News, open source /

Docker makes hardened images free open and transparent for everyone 2025-12-22 at 15:09 By Sinisa Markovic Docker has made its open source Docker Hardened Images project available at no cost for every developer and organization. The catalog contains more than 1,000 container images built on open source distributions such as Debian and Alpine and is

Docker makes hardened images free open and transparent for everyone Read More »

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown

Africa, arrest, cybercrime, Don't miss, Interpol, law enforcement, News, Shadowserver, Team Cymru, Trend Micro, Uppsala Security /

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown 2025-12-22 at 15:09 By Anamarija Pogorelec Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa. Suspects were arrested in Ghana in connection to the cyber-fraud case, with over 100 digital devices seized. (Source: Europol)

574 arrests, $3 million recovered in Africa-wide cybercrime crackdown Read More »

WatchGuard Firebox firewalls under attack (CVE-2025-14733)

CISA, Don't miss, firewall, Hot stuff, News, vulnerability, WatchGuard /

WatchGuard Firebox firewalls under attack (CVE-2025-14733) 2025-12-22 at 13:24 By Zeljka Zorz More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used

WatchGuard Firebox firewalls under attack (CVE-2025-14733) Read More »

Building cyber talent through competition, residency, and real-world immersion

CISO, cybersecurity, cybersecurity talent, Don't miss, education, Features, Hot stuff, News, Sandia National Laboratories, skill development /

Building cyber talent through competition, residency, and real-world immersion 2025-12-22 at 09:01 By Mirko Zorz In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity & Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the cyber talent pipeline breaks down and what it takes to fix it. She discusses skill

Building cyber talent through competition, residency, and real-world immersion Read More »

Browser agents don’t always respect your privacy choices

browser, cyber risk, Don't miss, Features, LLMs, News, Privacy, research /

Browser agents don’t always respect your privacy choices 2025-12-22 at 08:49 By Sinisa Markovic Browser agents promise to handle online tasks without constant user input. They can shop, book reservations, and manage accounts by driving a web browser through an AI model. A new academic study warns that this convenience comes with privacy risks that

Browser agents don’t always respect your privacy choices Read More »

Anubis: Open-source web AI firewall to protect from scraper bots

automation, bot, cybersecurity, Don't miss, firewall, GitHub, monitoring, network monitoring, News, open source, software, traffic monitoring /

Anubis: Open-source web AI firewall to protect from scraper bots 2025-12-22 at 08:49 By Sinisa Markovic Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a request is served. Maintained by TecharoHQ, the project targets a growing problem for site operators who want to

Anubis: Open-source web AI firewall to protect from scraper bots Read More »

Session tokens give attackers a shortcut around MFA

access control, authentication, Compliance, cside, cybersecurity, Don't miss, MFA, News, Video /

Session tokens give attackers a shortcut around MFA 2025-12-22 at 07:45 By Help Net Security In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often

Session tokens give attackers a shortcut around MFA Read More »

AI isn’t one system, and your threat model shouldn’t be either

Artificial Intelligence, Cerebras Systems, CISO, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, threat modeling /

AI isn’t one system, and your threat model shouldn’t be either 2025-12-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters,

AI isn’t one system, and your threat model shouldn’t be either Read More »

LLMs work better together in smart contract audits

blockchain, CISO, cybersecurity, Don't miss, Ethereum, framework, LLMs, News, research, strategy, tips /

LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of

LLMs work better together in smart contract audits Read More »

Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management

backup, Don't miss, MSP, Nakivo, News, Product showcase /

Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management 2025-12-19 at 08:24 By Help Net Security NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features

Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management Read More »

Crypto theft in 2025: North Korean hackers continue to dominate

Chainalysis, Cryptocurrency, Don't miss, Hot stuff, Insider Threat, News, North Korea, social engineering, theft /

Crypto theft in 2025: North Korean hackers continue to dominate 2025-12-18 at 17:42 By Zeljka Zorz When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion

Crypto theft in 2025: North Korean hackers continue to dominate Read More »

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

BEC scams, cybersecurity, Don't miss, Email, Expert analysis, Expert corner, Fortra, News, opinion, phishing /

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »

Microsoft 365 users targeted in device code phishing attacks

Don't miss, enterprise, Microsoft 365, News, phishing, Proofpoint, tips /

Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when

Microsoft 365 users targeted in device code phishing attacks Read More »

Scroll to Top