Adopting a counterintelligence mindset in luxury logistics 2025-11-10 at 11:28 By Mirko Zorz In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He explains why protecting data can be as critical as securing physical assets and how a layered […]
Adopting a counterintelligence mindset in luxury logistics Read More »
How to adopt AI security tools without losing control 2025-11-10 at 11:28 By Help Net Security In this Help Net Security video, Josh Harguess, CTO of Fire Mountain Labs, explains how to evaluate, deploy, and govern AI-driven security tools. He talks about the growing role of AI in security operations and the new kinds of
How to adopt AI security tools without losing control Read More »
sqlmap: Open-source SQL injection and database takeover tool 2025-11-10 at 11:28 By Sinisa Markovic Finding and exploiting SQL injection vulnerabilities is one of the oldest and most common steps in web application testing. sqlmap streamlines this process. It is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and
sqlmap: Open-source SQL injection and database takeover tool Read More »
Wi-Fi signals may hold the key to touchless access control 2025-11-10 at 09:00 By Mirko Zorz Imagine walking into a secure building where the door unlocks the moment your hand hovers near it. No keycards, no PINs, no fingerprints. Instead, the system identifies you by the way your palm distorts the surrounding Wi-Fi signal. That
Wi-Fi signals may hold the key to touchless access control Read More »
Attackers upgrade ClickFix with tricks used by online stores 2025-11-07 at 15:42 By Zeljka Zorz Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial
Attackers upgrade ClickFix with tricks used by online stores Read More »
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? 2025-11-07 at 13:28 By Help Net Security October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? Read More »
What keeps phishing training from fading over time 2025-11-07 at 13:28 By Mirko Zorz When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to
What keeps phishing training from fading over time Read More »
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story 2025-11-07 at 13:28 By Mirko Zorz In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story Read More »
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) 2025-11-06 at 17:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) Read More »
SonicWall cloud backup hack was the work of a state actor 2025-11-06 at 15:30 By Zeljka Zorz Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The incident] was isolated
SonicWall cloud backup hack was the work of a state actor Read More »
Russia-linked hackers intensify attacks as global APT activity shifts 2025-11-06 at 14:50 By Anamarija Pogorelec State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,
Russia-linked hackers intensify attacks as global APT activity shifts Read More »
OpenGuardrails: A new open-source model aims to make AI safer for real-world use 2025-11-06 at 10:28 By Mirko Zorz When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful
OpenGuardrails: A new open-source model aims to make AI safer for real-world use Read More »
What shadow AI means for your company’s security 2025-11-06 at 07:45 By Help Net Security In this Help Net Security video, Peled Eldan, Head of Research at XM Cyber, explains the hidden risks of shadow AI. He describes how employees often use unapproved AI tools at work to save time or solve problems, even when
What shadow AI means for your company’s security Read More »
Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that
Google uncovers malware using LLMs to operate and evade detection Read More »
Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) 2025-11-05 at 14:59 By Zeljka Zorz On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for
Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) Read More »
PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that
PortGPT: How researchers taught an AI to backport security patches automatically Read More »
VulnRisk: Open-source vulnerability risk assessment platform 2025-11-05 at 09:07 By Anamarija Pogorelec VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights what matters. The tool is free to use and designed for local development and testing. The platform’s scoring engine
VulnRisk: Open-source vulnerability risk assessment platform Read More »
AI can flag the risk, but only humans can close the loop 2025-11-05 at 09:07 By Mirko Zorz In this Help Net Security interview, Dilek Çilingir, Global Forensic & Integrity Services Leader at EY, discusses how AI is transforming third-party assessments and due diligence. She explains how machine learning and behavioral analytics help organizations detect
AI can flag the risk, but only humans can close the loop Read More »
Connected homes: Is bystander privacy anyone’s responsibility? 2025-11-05 at 09:07 By Sinisa Markovic Smart doorbells, connected cameras, and home monitoring systems have become common sights on doorsteps and living rooms. They promise safety and convenience, but they also raise a problem. These devices record more than their owners. They capture neighbors, visitors, and anyone passing
Connected homes: Is bystander privacy anyone’s responsibility? Read More »
Google says 2026 will be the year AI supercharges cybercrime 2025-11-05 at 07:06 By Anamarija Pogorelec Security leaders are staring down a year of major change. In its Cybersecurity Forecast 2026, Google paints a picture of a threat landscape transformed by AI, supercharged cybercrime, and increasingly aggressive nation-state operations. Attackers are moving faster, scaling their
Google says 2026 will be the year AI supercharges cybercrime Read More »