Don’t miss

Fake “Windows Update” screens fuels new wave of ClickFix attacks

Don't miss, Hot stuff, Huntress, Malware, News, social engineering, Windows /

Fake “Windows Update” screens fuels new wave of ClickFix attacks 2025-11-25 at 15:02 By Zeljka Zorz A convincing (but fake) “Windows Update” screen can be the perfect lure for tricking users into infecting their computers with malware. Add a multi-stage delivery chain with some offbeat techniques, and infostealer operators have everything they need to slip […]

Fake “Windows Update” screens fuels new wave of ClickFix attacks Read More »

How an AI meltdown could reset enterprise expectations

access control, Artificial Intelligence, CIO, CISO, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, Redgate Software, regulation, strategy, tips /

How an AI meltdown could reset enterprise expectations 2025-11-25 at 09:02 By Mirko Zorz In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once

How an AI meltdown could reset enterprise expectations Read More »

The breaches everyone gets hit by (and how to stop them)

Check Point, CyberInt, Don't miss, Hot stuff, News /

The breaches everyone gets hit by (and how to stop them) 2025-11-25 at 08:11 By Help Net Security Headlines scream about zero-days and nation-state attacks, but the reality is far less glamorous. Ross Haleliuk, from Venture in Security talks about the concept of humans being wired to overweight rare, dramatic events and underweight the everyday

The breaches everyone gets hit by (and how to stop them) Read More »

Black Friday 2025 cybersecurity deals to explore

Don't miss, Hot stuff, Ledger, News, NordLayer, NordPass, Passwork, Yubico /

Black Friday 2025 cybersecurity deals to explore 2025-11-24 at 15:30 By Help Net Security Black Friday 2025 is shaping up to be a good moment for anyone thinking about tightening their cybersecurity. A few solid deals are popping up that make it easier to improve protection for systems and data without stretching your budget. If

Black Friday 2025 cybersecurity deals to explore Read More »

Quantum encryption is pushing satellite hardware to its limits

critical infrastructure, cybersecurity, Don't miss, Encryption, Features, News, quantum computing, security standard, Swiss Armed Forces /

Quantum encryption is pushing satellite hardware to its limits 2025-11-24 at 09:11 By Mirko Zorz In this Help Net Security interview, Colonel Ludovic Monnerat, Commander Space Command, Swiss Armed Forces, discusses how securing space assets is advancing in response to emerging quantum threats. He explains why satellite systems must move beyond traditional cryptography to remain

Quantum encryption is pushing satellite hardware to its limits Read More »

cnspec: Open-source, cloud-native security and policy project

automation, cloud security, DevSecOps, Don't miss, GitHub, News, open source, software /

cnspec: Open-source, cloud-native security and policy project 2025-11-24 at 08:32 By Sinisa Markovic cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs

cnspec: Open-source, cloud-native security and policy project Read More »

The privacy tension driving the medical data shift nobody wants to talk about

data collection, data security, Don't miss, healthcare, News, Privacy, research /

The privacy tension driving the medical data shift nobody wants to talk about 2025-11-24 at 08:02 By Anamarija Pogorelec Most people assume their medical data sits in quiet storage, protected by familiar rules. That belief gives a sense of safety, but new research argues that the world around healthcare data has changed faster than the

The privacy tension driving the medical data shift nobody wants to talk about Read More »

Salesforce Gainsight compromise: Early findings and customer guidance

Don't miss, Gainsight, Hot stuff, Mandiant, News, SaaS, Salesforce, supply chain compromise /

Salesforce Gainsight compromise: Early findings and customer guidance 2025-11-21 at 14:16 By Zeljka Zorz In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job keeping customers updated on current investigation findings. On the status

Salesforce Gainsight compromise: Early findings and customer guidance Read More »

Research shows identity document checks are missing key signals

authentication, Don't miss, fraud, identity, identity verification, News, Privacy, research /

Research shows identity document checks are missing key signals 2025-11-21 at 10:06 By Anamarija Pogorelec Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep

Research shows identity document checks are missing key signals Read More »

How one quick AI check can leak your company’s secrets

Artificial Intelligence, cybersecurity, Data Protection, Don't miss, generative AI, IBM, News, policy, Video /

How one quick AI check can leak your company’s secrets 2025-11-21 at 08:30 By Help Net Security In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production source code with a public AI tool. The tool learned from the

How one quick AI check can leak your company’s secrets Read More »

Salesforce investigates new incident echoing Salesloft Drift compromise

data theft, Don't miss, Gainsight, Google Cloud, Hot stuff, Mandiant, News, SaaS, Salesforce, supply chain compromise /

Salesforce investigates new incident echoing Salesloft Drift compromise 2025-11-20 at 23:14 By Zeljka Zorz In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data

Salesforce investigates new incident echoing Salesloft Drift compromise Read More »

Security gap in Perplexity’s Comet browser exposed users to system-level attacks

agentic AI, AI, API security, browser, Don't miss, Hot stuff, News, Perplexity, research, SquareX, vulnerability /

Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s

Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

data theft, Don't miss, Hot stuff, Jamf, macOS, Malware, News, tips /

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »

Is your password manager truly GDPR compliant?

authentication, Don't miss, GDPR, News, password manager, passwords, Passwork /

Is your password manager truly GDPR compliant? 2025-11-20 at 08:34 By Sinisa Markovic Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security teams rush to uncover who had access, how those passwords were stored and whether sensitive data

Is your password manager truly GDPR compliant? Read More »

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)

7-Zip, Don't miss, Hot stuff, News, NHS, PoC, vulnerability, Windows /

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) 2025-11-19 at 16:46 By Zeljka Zorz NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in the wild,” the alert says,

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) Read More »

Exam prep hacked: Study tips and tricks that really work

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

Exam prep hacked: Study tips and tricks that really work 2025-11-19 at 16:01 By Help Net Security Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your peers for this live interactive

Exam prep hacked: Study tips and tricks that really work Read More »

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

CISA, Don't miss, Fortinet, Hot stuff, NCSC-NL, News, Trend Micro, vulnerability /

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) 2025-11-19 at 13:47 By Zeljka Zorz Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization of special elements. It allows authenticated attackers to execute unauthorized

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) Read More »

Threat group reroutes software updates through hacked network gear

China, cybercrime, cybersecurity, DNS, Don't miss, ESET, News /

Threat group reroutes software updates through hacked network gear 2025-11-19 at 12:02 By Sinisa Markovic Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked routers to steer software updates toward its own servers. The discovery shows

Threat group reroutes software updates through hacked network gear Read More »

The long conversations that reveal how scammers work

cybercrime, cybersecurity, Don't miss, fraud, Hot stuff, LLMs, messaging, News, research, scams, social engineering, WhatsApp /

The long conversations that reveal how scammers work 2025-11-19 at 09:08 By Sinisa Markovic Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the patient work of talking to scammers at scale, and

The long conversations that reveal how scammers work Read More »

Scroll to Top