Don’t miss

Identifying high-risk APIs across thousands of code repositories

Identifying high-risk APIs across thousands of code repositories 2025-06-12 at 16:02 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from code before […]

React to this headline:

Loading spinner

Identifying high-risk APIs across thousands of code repositories Read More »

Want fewer security fires to fight? Start with threat modeling

Want fewer security fires to fight? Start with threat modeling 2025-06-12 at 09:01 By Mirko Zorz CISOs understand that threat modeling helps teams identify risks early and build safer systems. But outside the security org, the value isn’t always clear. When competing for budget or board attention, threat modeling often loses out to more visible

React to this headline:

Loading spinner

Want fewer security fires to fight? Start with threat modeling Read More »

Build a mobile hacking rig with a Pixel and Kali NetHunter

Build a mobile hacking rig with a Pixel and Kali NetHunter 2025-06-12 at 08:32 By Mirko Zorz A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck

React to this headline:

Loading spinner

Build a mobile hacking rig with a Pixel and Kali NetHunter Read More »

Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains

Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains 2025-06-11 at 20:46 By Help Net Security More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL. Called Operation Secure, the effort ran from January to April 2025 and involved law

React to this headline:

Loading spinner

Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains Read More »

Connectwise is rotating code signing certificates. What happened?

Connectwise is rotating code signing certificates. What happened? 2025-06-11 at 17:48 By Zeljka Zorz Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions. The reason for the

React to this headline:

Loading spinner

Connectwise is rotating code signing certificates. What happened? Read More »

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) 2025-06-11 at 14:16 By Zeljka Zorz For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability

React to this headline:

Loading spinner

Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Read More »

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It

React to this headline:

Loading spinner

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »

The path to better cybersecurity isn’t more data, it’s less noise

The path to better cybersecurity isn’t more data, it’s less noise 2025-06-11 at 08:31 By Sinisa Markovic In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than

React to this headline:

Loading spinner

The path to better cybersecurity isn’t more data, it’s less noise Read More »

How to build AI into your business without breaking compliance

How to build AI into your business without breaking compliance 2025-06-11 at 08:02 By Mirko Zorz AI is supposed to make businesses faster, smarter, and more competitive, but most projects fall short. The Cloud Security Alliance (CSA) says the real issue is companies cramming AI into old, rigid processes that just can’t keep up. “AI

React to this headline:

Loading spinner

How to build AI into your business without breaking compliance Read More »

Android Enterprise update puts mobile security first

Android Enterprise update puts mobile security first 2025-06-10 at 21:04 By Mirko Zorz Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. Many security incidents involve smartphones, often due to

React to this headline:

Loading spinner

Android Enterprise update puts mobile security first Read More »

Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)

Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016) 2025-06-10 at 13:31 By Zeljka Zorz Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. What is Wazuh? Wazuh is a popular open-source security information and event management (SIEM) and extended detection and response

React to this headline:

Loading spinner

Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016) Read More »

The legal questions to ask when your systems go dark

The legal questions to ask when your systems go dark 2025-06-10 at 09:16 By Mirko Zorz At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate

React to this headline:

Loading spinner

The legal questions to ask when your systems go dark Read More »

AI threats leave SecOps teams burned out and exposed

AI threats leave SecOps teams burned out and exposed 2025-06-10 at 08:39 By Mirko Zorz Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the past year. The main reason? They’re trying to

React to this headline:

Loading spinner

AI threats leave SecOps teams burned out and exposed Read More »

Securing agentic AI systems before they go rogue

Securing agentic AI systems before they go rogue 2025-06-10 at 08:24 By Help Net Security In this Help Net Security video, Eoin Wickens, Director of Threat Intelligence at HiddenLayer, explores the security risks posed by agentic AI. He breaks down how agentic AI functions, its potential to revolutionize business operations, and the vulnerabilities it introduces,

React to this headline:

Loading spinner

Securing agentic AI systems before they go rogue Read More »

EU launches EU-based, privacy-focused DNS resolution service

EU launches EU-based, privacy-focused DNS resolution service 2025-06-09 at 17:38 By Zeljka Zorz DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality. What is DNS? The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites. Most users use

React to this headline:

Loading spinner

EU launches EU-based, privacy-focused DNS resolution service Read More »

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) 2025-06-09 at 15:18 By Zeljka Zorz With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there

React to this headline:

Loading spinner

Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113) Read More »

Balancing cybersecurity and client experience for high-net-worth clients

Balancing cybersecurity and client experience for high-net-worth clients 2025-06-09 at 09:03 By Mirko Zorz In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect

React to this headline:

Loading spinner

Balancing cybersecurity and client experience for high-net-worth clients Read More »

CISOs, are you ready for cyber threats in biotech?

CISOs, are you ready for cyber threats in biotech? 2025-06-09 at 08:35 By Mirko Zorz The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A compromise of genomic databases, for example, does not just expose personal

React to this headline:

Loading spinner

CISOs, are you ready for cyber threats in biotech? Read More »

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic 2025-06-09 at 08:00 By Mirko Zorz fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features “I created fiddleitm

React to this headline:

Loading spinner

fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic Read More »

Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them?

Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them? 2025-06-06 at 16:09 By Zeljka Zorz Millions of Internet-of-Things (IoT) devices running the open-source version of the Android operating system are part of the Badbox 2.0 botnet, the FBI has warned. Cyber criminals are using the botnet to perform ad fraud and

React to this headline:

Loading spinner

Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them? Read More »

Scroll to Top