Don’t miss

More than half of public vulnerabilities bypass leading WAFs

Application Security, cybersecurity, Don't miss, Hot stuff, Miggo Security, News, report, web application security, Whitepapers and webinars /

More than half of public vulnerabilities bypass leading WAFs 2025-12-18 at 13:42 By Help Net Security Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven […]

More than half of public vulnerabilities bypass leading WAFs Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

aerospace, CISO, cybersecurity, Don't miss, Features, Hot stuff, KSAT, News, security telemetry, strategy, supply chain, tips /

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Privacy risks sit inside the ads that fill your social media feed

Artificial Intelligence, cyber risk, Don't miss, Facebook, Features, Hot stuff, LLMs, Meta, News, Privacy, research, social media /

Privacy risks sit inside the ads that fill your social media feed 2025-12-18 at 08:34 By Sinisa Markovic Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for

Privacy risks sit inside the ads that fill your social media feed Read More »

Should AI access be treated as a civil right across generations?

Artificial Intelligence, Don't miss, networking, News, research /

Should AI access be treated as a civil right across generations? 2025-12-18 at 08:10 By Sinisa Markovic AI use is expanding faster than the infrastructure that supports it, and that gap is starting to matter for security, resilience, and access. A new position paper argues that access to AI should be treated as an intergenerational

Should AI access be treated as a civil right across generations? Read More »

What cybersecurity leaders are reading to stay ahead

books, cybersecurity, Don't miss, News /

What cybersecurity leaders are reading to stay ahead 2025-12-18 at 07:33 By Anamarija Pogorelec If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on your list is exploring cybersecurity, AI, engineering, or career development, these titles offer something useful for

What cybersecurity leaders are reading to stay ahead Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

0-day, Don't miss, Google Cloud, Hot stuff, News, SonicWall, vulnerability /

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Arctic Wolf Networks, CISA, Don't miss, firewall, Fortinet, Hot stuff, News, vulnerability /

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) 2025-12-17 at 16:31 By Zeljka Zorz Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) Read More »

Why vulnerability reports stall inside shared hosting companies

cybersecurity, Don't miss, Features, Hot stuff, News, research, strategy, tips, vulnerability disclosure, vulnerability management /

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

Zabbix: Open-source IT and OT observability solution

automation, Don't miss, GitHub, monitoring, News, open source, security operations, software /

Zabbix: Open-source IT and OT observability solution 2025-12-17 at 08:08 By Anamarija Pogorelec Zabbix is an open source monitoring platform designed to track the availability, performance, and integrity of IT environments. It monitors networks along with servers, virtual machines, applications, services, databases, websites, and cloud resources. For cybersecurity professionals, this visibility matters because operational issues

Zabbix: Open-source IT and OT observability solution Read More »

How exposure management changes cyber defense

cybersecurity, Don't miss, endpoint management, Endpoint Security, News, SixMap, Video /

How exposure management changes cyber defense 2025-12-17 at 07:36 By Help Net Security In this Help Net Security video, Larry Slusser, VP of Strategy at SixMap, explains why endpoint detection and response is only part of the security story. Drawing on his work as an incident responder, engagement manager, and ransomware negotiator, he describes EDR

How exposure management changes cyber defense Read More »

European police busts Ukraine scam call centers

Don't miss, EU, Hot stuff, law enforcement, News, scams, Ukraine /

European police busts Ukraine scam call centers 2025-12-16 at 15:25 By Zeljka Zorz Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. “The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and

European police busts Ukraine scam call centers Read More »

SoundCloud breached, hit by DoS attacks

data breach, Don't miss, DoS, Hot stuff, News, SoundCloud /

SoundCloud breached, hit by DoS attacks 2025-12-16 at 14:05 By Zeljka Zorz Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages. It

SoundCloud breached, hit by DoS attacks Read More »

The messy data trails of telehealth are becoming a security nightmare

CISO, Compliance, cybersecurity, Data Protection, Don't miss, Features, healthcare, Hot stuff, News, Ro, telehealth /

The messy data trails of telehealth are becoming a security nightmare 2025-12-16 at 09:24 By Mirko Zorz In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems

The messy data trails of telehealth are becoming a security nightmare Read More »

What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts

bot, CISO, Cloudflare, Don't miss, network, News, report, traffic monitoring /

What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts 2025-12-15 at 18:02 By Anamarija Pogorelec The internet stayed busy, brittle, and under constant pressure in 2025. Cloudflare’s annual Radar Year in Review offers a wide view of how traffic moved, where attacks clustered, and what failed when systems were stressed. Cloudflare, which

What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts Read More »

Kali Linux 2025.4: New tools and “quality-of-life” improvements

Don't miss, Hot stuff, Kali Linux, News, OffSec, penetration testing /

Kali Linux 2025.4: New tools and “quality-of-life” improvements 2025-12-15 at 13:48 By Zeljka Zorz OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and usability: Kali’s GNOME desktop environment now organizes Kali tools into folders via the

Kali Linux 2025.4: New tools and “quality-of-life” improvements Read More »

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

0-day, apple, Don't miss, Hot stuff, iOS, macOS, News, security update /

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) 2025-12-15 at 12:58 By Zeljka Zorz Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of Chrome, though at

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) Read More »

How researchers are teaching AI agents to ask for permission the right way

Artificial Intelligence, cybersecurity, data security, Don't miss, Features, Hot stuff, Iterate.ai, machine learning, News, research, USA /

How researchers are teaching AI agents to ask for permission the right way 2025-12-15 at 09:06 By Mirko Zorz People are starting to hand more decisions to AI agents, from booking trips to sorting digital files. The idea sounds simple. Tell the agent what you want, then let it work through the steps. The hard

How researchers are teaching AI agents to ask for permission the right way Read More »

Prometheus: Open-source metrics and monitoring systems and services

Cloud Native Computing Foundation, cybersecurity, DevOps, Don't miss, GitHub, Hot stuff, monitoring, News, open source, security metrics, software /

Prometheus: Open-source metrics and monitoring systems and services 2025-12-15 at 08:43 By Anamarija Pogorelec Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs, and

Prometheus: Open-source metrics and monitoring systems and services Read More »

What types of compliance should your password manager support?

Compliance, Don't miss, Hot stuff, News, password management, password manager, Passwork, security standard /

What types of compliance should your password manager support? 2025-12-15 at 07:49 By Sinisa Markovic Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that regulators watch how organizations protect passwords, track access, and document security decisions. That

What types of compliance should your password manager support? Read More »

Scroll to Top