Don’t miss

How service providers can turn cybersecurity into a scalable MRR engine

Cynomi, Don't miss, Hot stuff, News /

How service providers can turn cybersecurity into a scalable MRR engine 2025-07-15 at 08:04 By Help Net Security A growing number of MSPs, MSSPs, and consultancies are moving beyond one-and-done engagements and transforming from tactical vendors into strategic advisors. They’re shifting toward recurring cybersecurity programs that not only improve client outcomes but also generate compounding […]

React to this headline:

Loading spinner

How service providers can turn cybersecurity into a scalable MRR engine Read More »

Stop settling for check-the-box cybersecurity policies

cybersecurity, Don't miss, News, Optiv Security, policy, Snow Software, strategy, Stytch /

Stop settling for check-the-box cybersecurity policies 2025-07-15 at 07:43 By Sinisa Markovic After every breach, people ask: How did this happen if there were cybersecurity policies in place? The truth is, just having them doesn’t stop attacks. They only work if people know them and follow them when it matters. That’s where things often break

React to this headline:

Loading spinner

Stop settling for check-the-box cybersecurity policies Read More »

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

Don't miss, exploit, Fortinet, Hot stuff, News, PoC, Rapid7, vulnerability, WatchTowr, web application security /

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) 2025-07-14 at 16:34 By Zeljka Zorz With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon. About CVE-2025-25257 CVE-2025-25257 is found

React to this headline:

Loading spinner

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) Read More »

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare

CISO, cybersecurity, Don't miss, Features, healthcare, Hot stuff, identity protection, News, OpenID, regulation, security standard, standards /

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare 2025-07-14 at 09:32 By Mirko Zorz In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity

React to this headline:

Loading spinner

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare Read More »

pqcscan: Open-source post-quantum cryptography scanner

Anvil Secure, Don't miss, Encryption, GitHub, News, open source, scanner, software /

pqcscan: Open-source post-quantum cryptography scanner 2025-07-14 at 09:04 By Mirko Zorz pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files into an HTML report

React to this headline:

Loading spinner

pqcscan: Open-source post-quantum cryptography scanner Read More »

Bitdefender PHASR: Proactive hardening demo overview

Bitdefender, cybersecurity, Don't miss, Hot stuff, News, Risk Management, Video /

Bitdefender PHASR: Proactive hardening demo overview 2025-07-14 at 08:35 By Help Net Security Discover how Bitdefender PHASR enables organizations to identify and remediate security misconfigurations before attackers can exploit them. This demo walks through PHASR’s proactive hardening capabilities, showing how it transforms visibility into actionable protection. The post Bitdefender PHASR: Proactive hardening demo overview appeared

React to this headline:

Loading spinner

Bitdefender PHASR: Proactive hardening demo overview Read More »

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

Censys, Don't miss, exploit, file-sharing, Hot stuff, Huntress, MSP, News, PoC, RCE Security, SMBs, vulnerability, Wing FTP server /

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) 2025-07-11 at 15:32 By Zeljka Zorz Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses,

React to this headline:

Loading spinner

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) Read More »

Where policy meets profit: Navigating the new frontier of defense tech startups

cybersecurity, Don't miss, Features, Government, Hot stuff, News, policy, regulation, resilience, Ventures.eu /

Where policy meets profit: Navigating the new frontier of defense tech startups 2025-07-11 at 08:33 By Mirko Zorz In this Help Net Security interview, Thijs Povel, Managing Partner at Ventures.eu, discusses how the firm evaluates emerging technologies through the lens of defense and resilience. He explains how founders from both defense and adjacent sectors are

React to this headline:

Loading spinner

Where policy meets profit: Navigating the new frontier of defense tech startups Read More »

Four arrested in connection with M&S, Co-op ransomware attacks

Don't miss, Hot stuff, National Crime Agency, News, Ransomware, Retail, social engineering, UK /

Four arrested in connection with M&S, Co-op ransomware attacks 2025-07-10 at 17:19 By Zeljka Zorz Four individuals suspected of having been involved in the ransomware attacks that hit UK-based retailers earlier this year have been arrested by the UK National Crime Agency. “Two males aged 19, another aged 17, and a 20-year-old female were apprehended

React to this headline:

Loading spinner

Four arrested in connection with M&S, Co-op ransomware attacks Read More »

Ruckus network management solutions riddled with unpatched vulnerabilities

Carnegie Mellon University, Claroty, Don't miss, Hot stuff, networking, News, Ruckus Networks, vulnerability, vulnerability disclosure, wireless /

Ruckus network management solutions riddled with unpatched vulnerabilities 2025-07-10 at 15:52 By Zeljka Zorz Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have

React to this headline:

Loading spinner

Ruckus network management solutions riddled with unpatched vulnerabilities Read More »

What EU’s PQC roadmap means on the ground

certificates, cybersecurity, Don't miss, Encryption, EU, F5 Networks, Features, Hot stuff, News, quantum computing, regulation, standards /

What EU’s PQC roadmap means on the ground 2025-07-10 at 09:11 By Mirko Zorz In this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and addresses both the technical and regulatory challenges of migrating to PQC. Warburton also outlines practical steps

React to this headline:

Loading spinner

What EU’s PQC roadmap means on the ground Read More »

Open source has a malware problem, and it’s getting worse

cybersecurity, Don't miss, Malware, News, open source, PyPI, report, Sonatype /

Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204.

React to this headline:

Loading spinner

Open source has a malware problem, and it’s getting worse Read More »

Train smarter, respond faster: Close the skill gaps in your SOC

cybersecurity, Don't miss, Hot stuff, News, skill development, SOC, training, TryHackMe /

Train smarter, respond faster: Close the skill gaps in your SOC 2025-07-09 at 16:05 By Zeljka Zorz “In today’s fast-paced digital landscape” – as AI chatbots are fond of phrasing it – a cyber attack targeting your organization is a statistical certainty. But is your security team ready to respond when it happens? Can they

React to this headline:

Loading spinner

Train smarter, respond faster: Close the skill gaps in your SOC Read More »

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Don't miss, Hot stuff, Ivanti, Microsoft Edge, MS Office, News, Patch Tuesday, Qualys, SharePoint, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) 2025-07-09 at 14:31 By Zeljka Zorz For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an uninitialized memory

React to this headline:

Loading spinner

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) Read More »

Why your security team feels stuck

CISO, cybersecurity, Don't miss, Features, FireMon, Hot stuff, how-to, News, opinion, security operations, strategy, tips, Transcend /

Why your security team feels stuck 2025-07-09 at 08:44 By Mirko Zorz Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and

React to this headline:

Loading spinner

Why your security team feels stuck Read More »

It’s time to give AI security its own playbook and the people to run it

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, News, Palo Alto Networks /

It’s time to give AI security its own playbook and the people to run it 2025-07-09 at 08:04 By Mirko Zorz In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents.

React to this headline:

Loading spinner

It’s time to give AI security its own playbook and the people to run it Read More »

Kanvas: Open-source incident response case management tool

cybersecurity, Don't miss, GitHub, Hot stuff, Incident Response, MITRE, News, open source, software, WithSecure /

Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different

React to this headline:

Loading spinner

Kanvas: Open-source incident response case management tool Read More »

6 eye-opening books on AI’s rise, risks, and realities

Artificial Intelligence, books, cybersecurity, Don't miss, Hot stuff, News /

6 eye-opening books on AI’s rise, risks, and realities 2025-07-09 at 07:02 By Anamarija Pogorelec AI is changing how we detect, prevent, and respond to cyber threats. From traditional networks to emerging spaces, it is shaping security operations, identity management, and threat response. This collection of AI books offers diverse perspectives, including practical implementations, strategic

React to this headline:

Loading spinner

6 eye-opening books on AI’s rise, risks, and realities Read More »

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

Citrix, Don't miss, exploit, Horizon3.ai, Hot stuff, NetScaler, News, PoC, ReliaQuest, WatchTowr /

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) 2025-07-08 at 18:32 By Zeljka Zorz With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway instances have been probed and compromised by attackers.

React to this headline:

Loading spinner

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) Read More »

Exposure management is the answer to: “Am I working on the right things?”

cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, penetration testing, PlexTrac, strategy, vulnerability management /

Exposure management is the answer to: “Am I working on the right things?” 2025-07-08 at 09:07 By Mirko Zorz In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment

React to this headline:

Loading spinner

Exposure management is the answer to: “Am I working on the right things?” Read More »

Scroll to Top