If you think you’re immune to phishing attempts, you’re wrong! 2025-03-26 at 16:17 By Zeljka Zorz Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list […]
React to this headline:
If you think you’re immune to phishing attempts, you’re wrong! Read More »
Whitepaper: Voice of Security 2025 2025-03-26 at 16:02 By Help Net Security Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS. Understand the biggest challenges facing security teams today, and how they can stay ahead of the curve in the age
React to this headline:
Whitepaper: Voice of Security 2025 Read More »
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) 2025-03-26 at 13:08 By Zeljka Zorz Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by
React to this headline:
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) Read More »
A CISO’s guide to securing AI models 2025-03-26 at 08:05 By Help Net Security In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns and
React to this headline:
A CISO’s guide to securing AI models Read More »
Malwoverview: First response tool for threat hunting 2025-03-26 at 07:32 By Mirko Zorz Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to retrieve and display only relevant information. It enables
React to this headline:
Malwoverview: First response tool for threat hunting Read More »
How does your data end up on the dark web? 2025-03-26 at 07:01 By Help Net Security The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything online that’s not
React to this headline:
How does your data end up on the dark web? Read More »
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering
React to this headline:
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »
Review: The Developer’s Playbook for Large Language Model Security 2025-03-25 at 18:06 By Mirko Zorz With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to
React to this headline:
Review: The Developer’s Playbook for Large Language Model Security Read More »
Microsoft’s new AI agents take on phishing, patching, alert fatigue 2025-03-25 at 18:06 By Mirko Zorz Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with some of the most time-consuming security challenges, such as phishing, data protection, and identity management. Phishing is still one of the most
React to this headline:
Microsoft’s new AI agents take on phishing, patching, alert fatigue Read More »
The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses 2025-03-25 at 16:13 By Help Net Security By now, it’s no secret—cyber threats are on the rise, and the need for strong cybersecurity is greater than ever. Globally small and medium-sized businesses (SMBs) are prime targets for cyberattacks, yet many can’t afford a full-time Chief
React to this headline:
The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses Read More »
Spring clean your security data: The case for cybersecurity data hygiene 2025-03-25 at 08:41 By Help Net Security Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations
React to this headline:
Spring clean your security data: The case for cybersecurity data hygiene Read More »
How AI agents could undermine computing infrastructure security 2025-03-25 at 07:34 By Help Net Security In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks. Unlike traditional software, AI agents aren’t fully deterministic, making them more vulnerable to
React to this headline:
How AI agents could undermine computing infrastructure security Read More »
Protecting your personal information from data brokers 2025-03-24 at 18:01 By Help Net Security How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where
React to this headline:
Protecting your personal information from data brokers Read More »
Report: Fortune 500 employee-linked account exposure 2025-03-24 at 16:01 By Help Net Security A backbone of our economy, Fortune 500 companies employ more than 31 million people worldwide. According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts became newly
React to this headline:
Report: Fortune 500 employee-linked account exposure Read More »
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).
React to this headline:
Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »
How AI, corruption and digital tools fuel Europe’s criminal underworld 2025-03-24 at 09:31 By Help Net Security Europol has released its 2025 report on serious and organized crime in the EU. The EU Serious and Organised Crime Threat Assessment (EU-SOCTA) is based on intelligence from EU countries and global law enforcement. The findings are stark.
React to this headline:
How AI, corruption and digital tools fuel Europe’s criminal underworld Read More »
Finders Keypers: Open-source AWS KMS key usage finder 2025-03-24 at 07:32 By Mirko Zorz Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the
React to this headline:
Finders Keypers: Open-source AWS KMS key usage finder Read More »
Malicious ads target Semrush users to steal Google account credentials 2025-03-21 at 14:35 By Zeljka Zorz Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign Malwarebytes researchers have spotted a campaign consisting of a slew of malicious ads
React to this headline:
Malicious ads target Semrush users to steal Google account credentials Read More »
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has
React to this headline:
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »
The hidden risk in SaaS: Why companies need a digital identity exit strategy 2025-03-21 at 08:31 By Help Net Security In the face of sudden trade restrictions, sanctions, or policy shifts, relying on SaaS providers outside your region for identity services is a gamble that companies can no longer afford to take. With trade disputes
React to this headline:
The hidden risk in SaaS: Why companies need a digital identity exit strategy Read More »