Don’t miss

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler /

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances […]

React to this headline:

Loading spinner

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Can AI agents catch what your SOC misses?

Artificial Intelligence, cybersecurity, Don't miss, Features, framework, Hot stuff, network monitoring, News, open source, research, security operations, SOC /

Can AI agents catch what your SOC misses? 2025-09-02 at 10:45 By Mirko Zorz A new research project called NetMoniAI shows how AI agents might reshape network monitoring and security. Developed by a team at Texas Tech University, the framework brings together two ideas: distributed monitoring at the edge and AI-driven analysis at the center.

React to this headline:

Loading spinner

Can AI agents catch what your SOC misses? Read More »

What the GitGuardian secrets sprawl report reveals about leaked credentials

Don't miss, GitGuardian, News, report, Video /

What the GitGuardian secrets sprawl report reveals about leaked credentials 2025-09-02 at 07:47 By Help Net Security In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025. McDaniel explains why generic secrets are especially difficult to detect, why private repositories pose an even

React to this headline:

Loading spinner

What the GitGuardian secrets sprawl report reveals about leaked credentials Read More »

AIDEFEND: Free AI defense framework

Artificial Intelligence, cybersecurity, Don't miss, framework, Hot stuff, News, open source /

AIDEFEND: Free AI defense framework 2025-09-01 at 09:21 By Mirko Zorz AIDEFEND (Artificial Intelligence Defense Framework) is an open knowledge base dedicated to AI security, providing defensive countermeasures and best practices to help security pros safeguard AI and machine learning systems. Practicality is at the core of AIDEFEND. The framework is designed to be “highly

React to this headline:

Loading spinner

AIDEFEND: Free AI defense framework Read More »

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

CISO, cyber resilience, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, MITRE ATT&CK, News, OWASP, reconnaissance, research, security operations, SOC /

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior 2025-09-01 at 09:21 By Mirko Zorz A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models

React to this headline:

Loading spinner

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior Read More »

Boards are being told to rethink their role in cybersecurity

boardroom, CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, financial industry, Google, News, report, strategy /

Boards are being told to rethink their role in cybersecurity 2025-09-01 at 08:03 By Sinisa Markovic Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk. A new report from Google Cloud’s Office of the

React to this headline:

Loading spinner

Boards are being told to rethink their role in cybersecurity Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

backdoor, Check Point, Don't miss, Heroku, Hot stuff, manufacturing sector, News, phishing /

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

React to this headline:

Loading spinner

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

New framework aims to outsmart malware evasion tricks

Aryaka, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, Malware, News, research /

New framework aims to outsmart malware evasion tricks 2025-08-29 at 10:03 By Mirko Zorz Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe

React to this headline:

Loading spinner

New framework aims to outsmart malware evasion tricks Read More »

AI isn’t taking over the world, but here’s what you should worry about

Artificial Intelligence, cybersecurity, Don't miss, how-to, LLMs, News, Pluralsight, tips, Video /

AI isn’t taking over the world, but here’s what you should worry about 2025-08-29 at 10:03 By Help Net Security In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own. He explains how large language models actually work,

React to this headline:

Loading spinner

AI isn’t taking over the world, but here’s what you should worry about Read More »

Finding connection and resilience as a CISO

CISO, collaboration, cybersecurity, Don't miss, Features, News, opinion, strategy, Trellix /

Finding connection and resilience as a CISO 2025-08-29 at 10:03 By Mirko Zorz With sensitive information to protect and reputational risk always in the background, it isn’t easy for security leaders to have open conversations about what’s working and what isn’t. Yet strong peer networks and candid exchanges are critical for resilience, both organizationally and

React to this headline:

Loading spinner

Finding connection and resilience as a CISO Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Anthropic, APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, ESET, extortion, Hot stuff, LLMs, News, North Korea /

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

React to this headline:

Loading spinner

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

ScamAgent shows how AI could power the next wave of scam calls

Artificial Intelligence, CISO, cybercrime, Don't miss, Features, Hot stuff, News, Qualys, research, scams /

ScamAgent shows how AI could power the next wave of scam calls 2025-08-28 at 09:03 By Mirko Zorz Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could

React to this headline:

Loading spinner

ScamAgent shows how AI could power the next wave of scam calls Read More »

Where security, DevOps, and data science finally meet on AI strategy

Artificial Intelligence, Densify, DevOps, Don't miss, Features, hardware, Kubernetes, News, opinion, strategy, tips /

Where security, DevOps, and data science finally meet on AI strategy 2025-08-28 at 08:34 By Mirko Zorz AI infrastructure is expensive, complex, and often caught between competing priorities. On one side, security teams want strong isolation and boundaries. On the other, engineers push for performance, density, and cost savings. With GPUs in short supply and

React to this headline:

Loading spinner

Where security, DevOps, and data science finally meet on AI strategy Read More »

Can AI make threat intelligence easier? One platform thinks so

analytics, automation, CISO, cybersecurity, data collection, Don't miss, GreyNoise, News, Threat Intelligence /

Can AI make threat intelligence easier? One platform thinks so 2025-08-28 at 07:38 By Mirko Zorz When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate

React to this headline:

Loading spinner

Can AI make threat intelligence easier? One platform thinks so Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

AppOmni, cloud security, credentials, data theft, Don't miss, Google, Hot stuff, News, OAuth, Salesforce, third party compromise /

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

React to this headline:

Loading spinner

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

Don't miss, Hot stuff, News, Plex Media Server, security update, streaming device, vulnerability /

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is

React to this headline:

Loading spinner

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »

AI Security Map: Linking AI vulnerabilities to real-world impact

AppOmni, Artificial Intelligence, CISO, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research, Vectra AI /

AI Security Map: Linking AI vulnerabilities to real-world impact 2025-08-27 at 09:40 By Mirko Zorz A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only the first step. The real risk comes from how quickly one weakness in an AI

React to this headline:

Loading spinner

AI Security Map: Linking AI vulnerabilities to real-world impact Read More »

How compliance teams can turn AI risk into opportunity

Artificial Intelligence, CISO, Compliance, cybersecurity, Don't miss, Drata, Features, Hot stuff, News, opinion, regulation, strategy /

How compliance teams can turn AI risk into opportunity 2025-08-27 at 08:52 By Mirko Zorz AI is moving faster than regulation, and that creates opportunities and risks for compliance teams. While governments work on new rules, businesses cannot sit back and wait. In this Help Net Security video, Matt Hillary, CISO at Drata, look at

React to this headline:

Loading spinner

How compliance teams can turn AI risk into opportunity Read More »

Hottest cybersecurity open-source tools of the month: August 2025

cybersecurity, Don't miss, GitHub, News, open source, software /

Hottest cybersecurity open-source tools of the month: August 2025 2025-08-27 at 08:02 By Sinisa Markovic This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: Open-source AI-driven system detects and patches vulnerabilities Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: August 2025 Read More »

What CISOs can learn from Doppel’s new AI-driven social engineering simulation

Artificial Intelligence, automation, CISO, cybersecurity, Don't miss, Doppel, legacy technology, News, phishing, social engineering /

What CISOs can learn from Doppel’s new AI-driven social engineering simulation 2025-08-27 at 07:51 By Sinisa Markovic Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create multi-channel simulations that mirror how attackers operate across email, SMS, messaging apps,

React to this headline:

Loading spinner

What CISOs can learn from Doppel’s new AI-driven social engineering simulation Read More »

Scroll to Top