Don’t miss

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)

7-Zip, Don't miss, Hot stuff, News, NHS, PoC, vulnerability, Windows /

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) 2025-11-19 at 16:46 By Zeljka Zorz NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in the wild,” the alert says, […]

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) Read More »

Exam prep hacked: Study tips and tricks that really work

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

Exam prep hacked: Study tips and tricks that really work 2025-11-19 at 16:01 By Help Net Security Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your peers for this live interactive

Exam prep hacked: Study tips and tricks that really work Read More »

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

CISA, Don't miss, Fortinet, Hot stuff, NCSC-NL, News, Trend Micro, vulnerability /

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) 2025-11-19 at 13:47 By Zeljka Zorz Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization of special elements. It allows authenticated attackers to execute unauthorized

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) Read More »

Threat group reroutes software updates through hacked network gear

China, cybercrime, cybersecurity, DNS, Don't miss, ESET, News /

Threat group reroutes software updates through hacked network gear 2025-11-19 at 12:02 By Sinisa Markovic Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked routers to steer software updates toward its own servers. The discovery shows

Threat group reroutes software updates through hacked network gear Read More »

The long conversations that reveal how scammers work

cybercrime, cybersecurity, Don't miss, fraud, Hot stuff, LLMs, messaging, News, research, scams, social engineering, WhatsApp /

The long conversations that reveal how scammers work 2025-11-19 at 09:08 By Sinisa Markovic Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the patient work of talking to scammers at scale, and

The long conversations that reveal how scammers work Read More »

Metis: Open-source, AI-driven tool for deep security code review

Arm, Artificial Intelligence, code analysis, code review, Don't miss, GitHub, LLMs, News, open source, software /

Metis: Open-source, AI-driven tool for deep security code review 2025-11-19 at 08:06 By Anamarija Pogorelec Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often buried in large or aging codebases where traditional tools

Metis: Open-source, AI-driven tool for deep security code review Read More »

How to cut security tool sprawl without losing control

CISO, cybersecurity, Don't miss, News, policy, strategy, threats, tips, Versa Networks, Video, zero trust /

How to cut security tool sprawl without losing control 2025-11-19 at 07:58 By Help Net Security In this Help Net Security video, Jon Taylor, Director and Principal of Security at Versa Networks, talks about how organizations can deal with security tool sprawl. He explains why many teams end up with too many tools, especially as

How to cut security tool sprawl without losing control Read More »

Product showcase: Proton Pass, a password manager with identity protection

authentication, Don't miss, FIDO Alliance, News, password manager, passwords, Privacy, Product showcase, software /

Product showcase: Proton Pass, a password manager with identity protection 2025-11-19 at 07:02 By Help Net Security Managing passwords can be a real headache, and it’s still common to fall back on reusing them or storing them in a browser without much protection. Proton Pass, built by the Swiss company Proton AG (the team behind

Product showcase: Proton Pass, a password manager with identity protection Read More »

Internet slowly recovers after far-reaching Cloudflare outage

Cloudflare, critical infrastructure, Don't miss, Hot stuff, News /

Internet slowly recovers after far-reaching Cloudflare outage 2025-11-18 at 17:16 By Zeljka Zorz A currently undisclosed issue has crippled Cloudflare’s network and has rendered a large swathe of internet’s most popular sites and services temporily inaccessible today. Some of the sites and services affected by the Cloudflare outage (Source: Down Detector) What happened? Cloudflare is

Internet slowly recovers after far-reaching Cloudflare outage Read More »

Google patches yet another exploited Chrome zero-day (CVE-2025-13223)

0-day, Chrome, Don't miss, Hot stuff, News, security update, Vivaldi /

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) 2025-11-18 at 14:13 By Zeljka Zorz Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine used by

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) Read More »

What security pros should know about insurance coverage for AI chatbot wiretapping claims

Artificial Intelligence, Don't miss, Features, Hot stuff, law, law firms, News, Privacy, strategy, tips /

What security pros should know about insurance coverage for AI chatbot wiretapping claims 2025-11-18 at 08:44 By Mirko Zorz AI-powered chatbots raise profound concerns under federal and state wiretapping and eavesdropping statutes that is being tested by recent litigation, creating greater exposure to the companies and developers that use this technology. Security professionals that integrate

What security pros should know about insurance coverage for AI chatbot wiretapping claims Read More »

How attackers use patience to push past AI guardrails

Artificial Intelligence, Cisco, CISO, Don't miss, Hot stuff, News, prompt injection, research /

How attackers use patience to push past AI guardrails 2025-11-18 at 08:44 By Anamarija Pogorelec Most CISOs already assume that prompt injection is a known risk. What may come as a surprise is how quickly those risks grow once an attacker is allowed to stay in the conversation. A new study from Cisco AI Defense

How attackers use patience to push past AI guardrails Read More »

The privacy panic around machine learning is overblown

cybersecurity, data collection, Don't miss, EU, machine learning, News, Privacy, regulation, research /

The privacy panic around machine learning is overblown 2025-11-18 at 08:43 By Sinisa Markovic We often hear warnings about how machine learning (ML) models may expose sensitive information tied to their training data. The concern is understandable. If a model was trained on personal records, it may seem reasonable to assume that releasing it could

The privacy panic around machine learning is overblown Read More »

Logitech confirms data breach

data breach, Don't miss, Hot stuff, Logitech, News /

Logitech confirms data breach 2025-11-18 at 00:20 By Zeljka Zorz Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. “While the investigation is ongoing, at this time Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform

Logitech confirms data breach Read More »

Strix: Open-source AI agents for penetration testing

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Strix: Open-source AI agents for penetration testing 2025-11-17 at 16:32 By Sinisa Markovic Security teams know that application flaws tend to show up at the worst time. Strix presents itself as an open source way to catch them earlier by using autonomous agents that behave like human attackers. These agents run code, explore an application,

Strix: Open-source AI agents for penetration testing Read More »

The tech that turns supply chains from brittle to unbreakable

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, resilience, security ROI, strategy, supply chain, Tecsys /

The tech that turns supply chains from brittle to unbreakable 2025-11-17 at 16:32 By Mirko Zorz In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys, discusses how organizations can strengthen supply chain resilience through a more unified and forward-looking strategy. Kelian also shares how new technologies and a blended

The tech that turns supply chains from brittle to unbreakable Read More »

Five men admit helping North Korean IT workers infiltrate US companies

Cryptocurrency, Don't miss, fraud, Hot stuff, News, North Korea, theft, US DoJ /

Five men admit helping North Korean IT workers infiltrate US companies 2025-11-17 at 14:59 By Zeljka Zorz US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring

Five men admit helping North Korean IT workers infiltrate US companies Read More »

The year ahead in cyber: What’s next for cybersecurity in 2026

agentic AI, cyber risk, cybersecurity, Don't miss, News, predictions, quantum computing, scams, Symantec, Video, vishing /

The year ahead in cyber: What’s next for cybersecurity in 2026 2025-11-17 at 07:31 By Help Net Security In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst at Symantec, outlines the major cyber risks expected in 2026. He explains that attackers are often breaching networks by targeting people instead of exploiting software flaws.

The year ahead in cyber: What’s next for cybersecurity in 2026 Read More »

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims

agentic AI, Anthropic, Artificial Intelligence, automation, cyber espionage, Don't miss, Hot stuff, LLMs, News /

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims 2025-11-14 at 17:03 By Zeljka Zorz Anthropic threat researchers believe that they’ve uncovered and disrupted the first documented case of a cyberattack executed with the help of its agentic AI and minimal human intervention. “The threat actor manipulated [Anthropic’s large

Chinese cyber spies used Claude AI to automate 90% of their attack campaign, Anthropic claims Read More »

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn

Defused, Don't miss, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security /

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn 2025-11-14 at 14:10 By Zeljka Zorz A suspected (but currently unidentified) zero-day vulnerability in Fortinet FortiWeb is being exploited by unauthenticated attackers to create new admin accounts on vulnerable, internet-facing devices. Whether intentionally or accidentally, the vulnerability (or this specific path for triggering it) has

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn Read More »

Scroll to Top