CISOs battle security platform fatigue 2025-04-07 at 08:31 By Mirko Zorz It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age […]
React to this headline:
CISOs battle security platform fatigue Read More »
The shift to identity-first security and why it matters 2025-04-07 at 08:10 By Mirko Zorz In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in
React to this headline:
The shift to identity-first security and why it matters Read More »
YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection 2025-04-07 at 07:35 By Mirko Zorz YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of
React to this headline:
YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection Read More »
The rise of compromised LLM attacks 2025-04-07 at 07:03 By Help Net Security In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather in how
React to this headline:
The rise of compromised LLM attacks Read More »
April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft 2025-04-04 at 08:50 By Help Net Security Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and
React to this headline:
April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft Read More »
Forward-thinking CISOs are shining a light on shadow IT 2025-04-04 at 08:32 By Mirko Zorz In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks of shadow IT. Rather than focusing on restrictive policies, fostering proactive partnerships with
React to this headline:
Forward-thinking CISOs are shining a light on shadow IT Read More »
Inside the AI-driven threat landscape 2025-04-04 at 07:35 By Help Net Security In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers. With the adoption of generative AI, cyber threats are
React to this headline:
Inside the AI-driven threat landscape Read More »
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability
React to this headline:
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »
Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up
React to this headline:
Phishers are increasingly impersonating electronic toll collection companies 2025-04-03 at 14:31 By Zeljka Zorz Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta, Microsoft,
React to this headline:
Phishers are increasingly impersonating electronic toll collection companies Read More »
7 ways to get C-suite buy-in on that new cybersecurity tool 2025-04-03 at 08:34 By Help Net Security You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save
React to this headline:
7 ways to get C-suite buy-in on that new cybersecurity tool Read More »
Building a cybersecurity strategy that survives disruption 2025-04-03 at 08:14 By Mirko Zorz Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s
React to this headline:
Building a cybersecurity strategy that survives disruption Read More »
Open-source malware doubles, data exfiltration attacks dominate 2025-04-03 at 07:02 By Help Net Security There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from
React to this headline:
Open-source malware doubles, data exfiltration attacks dominate Read More »
Review: Zero to Engineer 2025-04-03 at 06:37 By Mirko Zorz Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree. The book draws from the author’s unlikely journey – from being expelled from high school to earning six figures in the tech industry.
React to this headline:
Review: Zero to Engineer Read More »
How to map and manage your cyber attack surface with EASM 2025-04-02 at 16:10 By Help Net Security In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article,
React to this headline:
How to map and manage your cyber attack surface with EASM Read More »
Google is making sending end-to-end encrypted emails easy 2025-04-02 at 15:03 By Zeljka Zorz Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails
React to this headline:
Google is making sending end-to-end encrypted emails easy Read More »
North Korean IT workers set their sights on European organizations 2025-04-02 at 13:05 By Zeljka Zorz North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to
React to this headline:
North Korean IT workers set their sights on European organizations Read More »
Balancing data protection and clinical usability in healthcare 2025-04-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. He explains the difficulties of protecting patient information, securing legacy systems, and maintaining
React to this headline:
Balancing data protection and clinical usability in healthcare Read More »
BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework 2025-04-02 at 07:35 By Mirko Zorz BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, it includes 43 different exploits. Some are public, and others were made specifically
React to this headline:
BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework Read More »
Your smart home may not be as secure as you think 2025-04-02 at 06:31 By Help Net Security The Internet of Things (IoT) has become a major part of daily life. Smartphones, smart thermostats, security cameras, and other connected devices make tasks easier and improve comfort, efficiency, and productivity. But as the number of devices
React to this headline:
Your smart home may not be as secure as you think Read More »