Don’t miss

How to stop a single vendor breach from taking down your business

CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, Intel 471, News, Risk Management, strategy, third party compromise, tips, Video /

How to stop a single vendor breach from taking down your business 2025-10-01 at 07:38 By Help Net Security In this Help Net Security video, William Dixon, Senior Executive at Intel 471, examines the future of third-party cyber risk and why it is a growing concern for organizations worldwide. As businesses become more interconnected, the […]

React to this headline:

Loading spinner

How to stop a single vendor breach from taking down your business Read More »

CISA says it will fill the gap as some federal funding for MS-ISAC dries up

Center for Internet Security, CISA, cybersecurity, DHS, Don't miss, Government, Hot stuff, News, USA /

CISA says it will fill the gap as some federal funding for MS-ISAC dries up 2025-09-30 at 18:45 By Zeljka Zorz The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon

React to this headline:

Loading spinner

CISA says it will fill the gap as some federal funding for MS-ISAC dries up Read More »

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI

Don't miss, Hot stuff, News, Picus Security, Whitepapers and webinars /

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI 2025-09-30 at 15:00 By Help Net Security Join Picus Security, SANS, Hacker Valley, and leading CISOs at The BAS Summit 2025 to learn how AI is redefining Breach and Attack Simulation (BAS) and why it’s becoming the new benchmark for cyber resilience. Attend the webinar

React to this headline:

Loading spinner

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI Read More »

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)

backup, consumer, data security, Don't miss, Hot stuff, NAS, News, SMBs, vulnerability, Western Digital /

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) 2025-09-30 at 14:11 By Zeljka Zorz Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud

React to this headline:

Loading spinner

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) Read More »

The hidden risks inside open-source code

cybersecurity, Don't miss, Features, Hot stuff, News, open source, research, Risk Management, software, supply chain /

The hidden risks inside open-source code 2025-09-30 at 09:12 By Mirko Zorz Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where

React to this headline:

Loading spinner

The hidden risks inside open-source code Read More »

Cyber risk quantification helps CISOs secure executive support

Artificial Intelligence, CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, strategy, supply chain, Zurich Resilience Solutions /

Cyber risk quantification helps CISOs secure executive support 2025-09-30 at 08:44 By Mirko Zorz In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez

React to this headline:

Loading spinner

Cyber risk quantification helps CISOs secure executive support Read More »

Keeping the internet afloat: How to protect the global cable network

critical infrastructure, cyber resilience, cybersecurity, Don't miss, Features, hardware, networking, News, resilience, Risk Management, supply chain /

Keeping the internet afloat: How to protect the global cable network 2025-09-30 at 08:08 By Mirko Zorz The resilience of the world’s submarine cable network is under new pressure from geopolitical tensions, supply chain risks, and slow repair processes. A new report from the Center for Cybersecurity Policy and Law outlines how governments and industry

React to this headline:

Loading spinner

Keeping the internet afloat: How to protect the global cable network Read More »

Your budget Android phone might be spying on you

Android, cybersecurity, Don't miss, mobile apps, mobile devices, News, smartphones, threat /

Your budget Android phone might be spying on you 2025-09-30 at 08:08 By Sinisa Markovic Researchers have found that many low-cost Android devices come with pre-installed apps that have high-level access to the system. Unlike apps from the Google Play Store, many of these are not subject to thorough checks and can serve as vectors

React to this headline:

Loading spinner

Your budget Android phone might be spying on you Read More »

Akira ransomware: From SonicWall VPN login to encryption in under four hours

Arctic Wolf Networks, credentials, Don't miss, enterprise, Hot stuff, MFA, News, Ransomware, SMBs, SonicWall, vulnerability /

Akira ransomware: From SonicWall VPN login to encryption in under four hours 2025-09-29 at 18:47 By Zeljka Zorz Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned. Armed with SonicWall SSL VPN credentials stolen in earlier

React to this headline:

Loading spinner

Akira ransomware: From SonicWall VPN login to encryption in under four hours Read More »

How attackers poison AI tools and defenses

Artificial Intelligence, Barracuda Networks, cyberattacks, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, Hot stuff, News, opinion, resilience /

How attackers poison AI tools and defenses 2025-09-29 at 09:06 By Help Net Security Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and

React to this headline:

Loading spinner

How attackers poison AI tools and defenses Read More »

The CISO’s guide to stronger board communication

boardroom, CISO, cybersecurity, Darwinium, Don't miss, Hot stuff, News, strategy, tips, Video /

The CISO’s guide to stronger board communication 2025-09-29 at 08:04 By Help Net Security In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs can communicate with the board, overcome common pitfalls such as overly

React to this headline:

Loading spinner

The CISO’s guide to stronger board communication Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

0-day, Don't miss, enterprise, Fortra, Hot stuff, News, Rapid7, WatchTowr /

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

React to this headline:

Loading spinner

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

0-day, backdoor, CISA, Cisco, Don't miss, firewall, Government, government-backed attacks, Hot stuff, malware analysis, NCSC, News /

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks 2025-09-26 at 14:19 By Zeljka Zorz A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one

React to this headline:

Loading spinner

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks Read More »

Inside the economy built on stolen credentials

BeyondID, cybercrime, cybersecurity, Don't miss, identity protection, News, survey, threats /

Inside the economy built on stolen credentials 2025-09-26 at 09:08 By Sinisa Markovic Instead of going after software flaws or network weaknesses, attackers are targeting something much easier to steal: identity credentials. A new report from BeyondID calls this growing black market the identity economy, where usernames, passwords, tokens, and access rights are bought and

React to this headline:

Loading spinner

Inside the economy built on stolen credentials Read More »

How agentic AI is changing the SOC

agentic AI, Artificial Intelligence, Don't miss, Lumifi, News, security operations, SOC, Video /

How agentic AI is changing the SOC 2025-09-26 at 07:48 By Help Net Security In this Help Net Security video, David Norlin, CTO of Lumifi, explores the role of agentic AI in the security operations center (SOC). He explains what agentic AI is, how it can enhance cybersecurity workflows by automating repetitive tasks, and why

React to this headline:

Loading spinner

How agentic AI is changing the SOC Read More »

European Windows 10 users get an additional year of free security updates

consumer, Don't miss, Europe, Hot stuff, Microsoft, News, security update, Windows /

European Windows 10 users get an additional year of free security updates 2025-09-25 at 21:26 By Zeljka Zorz Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up their settings, apps, or credentials to

React to this headline:

Loading spinner

European Windows 10 users get an additional year of free security updates Read More »

Microsoft spots LLM-obfuscated phishing attack

Don't miss, Hot stuff, LLMs, malware detection, Microsoft, News, phishing /

Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)

React to this headline:

Loading spinner

Microsoft spots LLM-obfuscated phishing attack Read More »

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)

0-day, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs /

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) 2025-09-25 at 15:33 By Zeljka Zorz Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About CVE-2025-20352 Cisco IOS software can be found on older models of Cisco Catalyst switches, Integrated

React to this headline:

Loading spinner

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) Read More »

North Korean IT workers use fake profiles to steal crypto

Cryptocurrency, cybercrime, cybercriminals, Don't miss, ESET, fraud, News, North Korea /

North Korean IT workers use fake profiles to steal crypto 2025-09-25 at 12:04 By Sinisa Markovic ESET Research has published new findings on DeceptiveDevelopment, also called Contagious Interview. This North Korea-aligned group has become more active in recent years and focuses on stealing cryptocurrency. It targets freelance developers working on Windows, Linux, and macOS systems.

React to this headline:

Loading spinner

North Korean IT workers use fake profiles to steal crypto Read More »

Predicting DDoS attacks: How deep learning could give defenders an early warning

attacks, botnet, cybercrime, cybersecurity, DDoS, Don't miss, Internet of Things, News, research, threats /

Predicting DDoS attacks: How deep learning could give defenders an early warning 2025-09-25 at 10:12 By Sinisa Markovic Distributed denial-of-service (DDoS) attacks remain one of the most common and disruptive forms of cybercrime. Defenders have traditionally focused on detecting these attacks once they are underway. New research suggests that predicting DDoS attacks in advance may

React to this headline:

Loading spinner

Predicting DDoS attacks: How deep learning could give defenders an early warning Read More »

Scroll to Top