LLMs are everywhere in your stack and every layer brings new risk 2025-12-10 at 07:52 By Mirko Zorz LLMs are moving deeper into enterprise products and workflows, and that shift is creating new pressure on security leaders. A new guide from DryRun Security outlines how these systems change long standing assumptions about data handling, application […]
LLMs are everywhere in your stack and every layer brings new risk Read More »
Building SOX compliance through smarter training and stronger password practices 2025-12-10 at 07:00 By Sinisa Markovic A SOX audit can reveal uncomfortable truths about how a company handles access to financial systems. Even organizations that invest in strong infrastructure often discover that everyday password habits weaken the controls they thought were solid. CISOs know that
Building SOX compliance through smarter training and stronger password practices Read More »
AI-driven threats are heading straight for the factory floor 2025-12-09 at 09:07 By Mirko Zorz In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is
AI-driven threats are heading straight for the factory floor Read More »
AI agents break rules in unexpected ways 2025-12-09 at 08:31 By Mirko Zorz AI agents are starting to take on tasks that used to be handled by people. These systems plan steps, call tools, and carry out actions without a person approving every move. This shift is raising questions for security leaders. A new research
AI agents break rules in unexpected ways Read More »
The simple shift that turns threat intel from noise into real insight 2025-12-09 at 08:02 By Help Net Security In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains how security teams can put threat intelligence to work in a way that supports detection, response, and hunting. Chona walks through why many teams
The simple shift that turns threat intel from noise into real insight Read More »
Download: Evaluating Password Monitoring Vendors 2025-12-08 at 16:10 By Help Net Security Organizations using Active Directory must update their password policies to block and detect compromised passwords. However, comparing vendors in this area can be challenging. By asking the right questions, you can identify the right partner and avoid introducing new technical, security, and compliance
Download: Evaluating Password Monitoring Vendors Read More »
December 2025 Patch Tuesday forecast: And it’s a wrap 2025-12-08 at 09:56 By Help Net Security It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there
December 2025 Patch Tuesday forecast: And it’s a wrap Read More »
NVIDIA research shows how agentic AI fails under attack 2025-12-08 at 09:56 By Sinisa Markovic Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models,
NVIDIA research shows how agentic AI fails under attack Read More »
The Bastion: Open-source access control for complex infrastructure 2025-12-08 at 09:56 By Anamarija Pogorelec Operational teams know that access sprawl grows fast. Servers, virtual machines and network gear all need hands-on work and each new system adds more identities to manage. A bastion host tries to bring order to this problem. It acts as a
The Bastion: Open-source access control for complex infrastructure Read More »
How to tell if your password manager meets HIPAA expectations 2025-12-08 at 08:03 By Sinisa Markovic Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password management continues to open doors for attackers more often than leaders expect. Weak, reused, or shared
How to tell if your password manager meets HIPAA expectations Read More »
Building the missing layers for an internet of agents 2025-12-05 at 08:59 By Anamarija Pogorelec Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that the current network stack is not prepared for this shift. The work proposes two extra layers
Building the missing layers for an internet of agents Read More »
What security leaders should watch for when companies buy or sell a business 2025-12-05 at 08:59 By Help Net Security In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures. Sullivan talks about the types of risk
What security leaders should watch for when companies buy or sell a business Read More »
Malicious Rust packages targeted Web3 developers 2025-12-04 at 17:06 By Zeljka Zorz A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded 7257 times. Another package (uniswap-utils) by the same author
Malicious Rust packages targeted Web3 developers Read More »
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »
Smart grids are trying to modernize and attackers are treating it like an invitation 2025-12-04 at 09:05 By Mirko Zorz In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack
Smart grids are trying to modernize and attackers are treating it like an invitation Read More »
A day in the life of the internet tells a bigger story 2025-12-04 at 08:43 By Sinisa Markovic On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by
A day in the life of the internet tells a bigger story Read More »
AI vs. you: Who’s better at permission decisions? 2025-12-04 at 08:04 By Sinisa Markovic A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into rushed
AI vs. you: Who’s better at permission decisions? Read More »
Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say 2025-12-03 at 15:24 By Zeljka Zorz A sprawling network that’s seemingly maintained to serve (illegal) online gambling opportunities and deliver malware to Indonesian citizens is likely also being used to provide threat actors command and control (C2) and anonymity services. “The infrastructure has
Portmaster: Open-source application firewall 2025-12-03 at 08:11 By Anamarija Pogorelec Portmaster is a free and open source application firewall built to monitor and control network activity on Windows and Linux. The project is developed in the EU and is designed to give users stronger privacy without asking them to manage every rule by hand. A
Portmaster: Open-source application firewall Read More »
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) 2025-12-02 at 16:48 By Zeljka Zorz Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core