Don’t miss

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Arctic Wolf Networks, Don't miss, exploit, Horizon3.ai, Hot stuff, News, Platform Security, PoC, ProDefense, Ruhr University Bochum, SSH, vulnerability /

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) 2025-04-22 at 15:48 By Zeljka Zorz There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to be affected by […]

React to this headline:

Loading spinner

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) Read More »

The legal blind spot of shadow IT

Auvik Networks, CISO, cybersecurity, Data Protection, data security, Don't miss, Features, Hot stuff, how-to, JumpCloud, News, shadow IT, strategy, tips /

The legal blind spot of shadow IT 2025-04-22 at 09:36 By Mirko Zorz Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts. Let’s look at where the legal landmines are and what CISOs can do to stay

React to this headline:

Loading spinner

The legal blind spot of shadow IT Read More »

Email security, simplified: How PowerDMARC makes DMARC easy

DMARC, Don't miss, Hot stuff, News, PowerDMARC, RSAC 2025 /

Email security, simplified: How PowerDMARC makes DMARC easy 2025-04-22 at 08:40 By Mirko Zorz Email is still the top way attackers get into organizations. Now, big players like Google, Yahoo, and Microsoft are cracking down. They’re starting to require email authentication, specifically DMARC. For many companies, this means it’s no longer optional. PowerDMARC helps organizations

React to this headline:

Loading spinner

Email security, simplified: How PowerDMARC makes DMARC easy Read More »

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms

cybersecurity, Don't miss, GitHub, News, open source, scanner, software /

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms 2025-04-21 at 08:37 By Mirko Zorz Hawk Eye is an open-source tool that helps find sensitive data before it leaks. It runs from the command line and checks many types of storage for PII and secrets: passwords, API keys, and personal information. “Unlike most open-source

React to this headline:

Loading spinner

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms Read More »

The Zoom attack you didn’t see coming

Cryptocurrency, cybercrime, Don't miss, Hot stuff, Malware, News, scams, social engineering, Trail of Bits, Zoom /

The Zoom attack you didn’t see coming 2025-04-18 at 17:02 By Zeljka Zorz Did you know that when participating in a Zoom call, you can grant permission to other participants to control your computer remotely? While this feature may come in handy when dealing with trusted family, friends and colleagues, threat actors have started abusing

React to this headline:

Loading spinner

The Zoom attack you didn’t see coming Read More »

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

CISA, Don't miss, Hot stuff, News, SMBs, SonicWall, vulnerability /

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) 2025-04-18 at 14:47 By Zeljka Zorz CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by changing the description of the vulnerability

React to this headline:

Loading spinner

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) Read More »

The UK’s phone theft crisis is a wake-up call for digital security

authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, mobile security, News, Nuke From Orbit, opinion, smartphones, theft, UK /

The UK’s phone theft crisis is a wake-up call for digital security 2025-04-18 at 09:02 By Help Net Security Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving the £50 million trade. Nationally, cases have doubled

React to this headline:

Loading spinner

The UK’s phone theft crisis is a wake-up call for digital security Read More »

Securing digital products under the Cyber Resilience Act

Codific, Compliance, cybersecurity, data, Data Protection, Don't miss, EU, Features, Hot stuff, News, opinion, regulation, vulnerability management /

Securing digital products under the Cyber Resilience Act 2025-04-18 at 08:37 By Mirko Zorz In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in terms of regulatory complexity and impact on organizations. He discusses the technical

React to this headline:

Loading spinner

Securing digital products under the Cyber Resilience Act Read More »

When ransomware strikes, what’s your move?

CISO, cybercrime, cybersecurity, Don't miss, News, Ransomware, strategy /

When ransomware strikes, what’s your move? 2025-04-18 at 08:37 By Sinisa Markovic Should we negotiate? Should we pay? These are the questions every organization faces when cybercriminals lock their data. By the time attackers have encrypted your systems, the focus shifts from prevention to response. It’s no longer about how it happened, it’s about what

React to this headline:

Loading spinner

When ransomware strikes, what’s your move? Read More »

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

0patch, APT, Check Point, Don't miss, enterprise, exploit, Government, HarfangLab, Hot stuff, News, phishing, vulnerability, Windows /

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) 2025-04-17 at 16:52 By Zeljka Zorz CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed

React to this headline:

Loading spinner

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) Read More »

SafeLine Bot Management: Self-hosted alternative to Cloudflare

bot, cybersecurity, Don't miss, Hot stuff, News, SafePoint, traffic monitoring /

SafeLine Bot Management: Self-hosted alternative to Cloudflare 2025-04-17 at 16:52 By Help Net Security Modern websites are under constant pressure from automated traffic: scraping, credential stuffing, inventory hoarding, and other malicious bot behaviors. While Cloudflare Bot Management is a powerful cloud-native solution that leverages massive data and machine learning, not every organization wants to rely

React to this headline:

Loading spinner

SafeLine Bot Management: Self-hosted alternative to Cloudflare Read More »

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

0-day, apple, APT, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News, security update /

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) 2025-04-17 at 12:02 By Zeljka Zorz Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200

React to this headline:

Loading spinner

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Read More »

When AI agents go rogue, the fallout hits the enterprise

Artificial Intelligence, AutoRABIT, CXO, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, SOC, strategy, tips /

When AI agents go rogue, the fallout hits the enterprise 2025-04-17 at 08:45 By Mirko Zorz In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems. Issues like hallucinations, prompt injections, and embedded biases can turn these systems into vulnerable targets. Lord

React to this headline:

Loading spinner

When AI agents go rogue, the fallout hits the enterprise Read More »

Inside PlugValley: How this AI vishing-as-a-service group operates

cybercrime, cybercriminals, Don't miss, Fortra, News, Video, vishing /

Inside PlugValley: How this AI vishing-as-a-service group operates 2025-04-17 at 07:41 By Help Net Security In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered vishing-as-a-service. Rather than requiring technical skills or large budgets, PlugValley’s service lets any cybercriminal launch vishing

React to this headline:

Loading spinner

Inside PlugValley: How this AI vishing-as-a-service group operates Read More »

Review: Hands-On Industrial Internet of Things

books, critical infrastructure, Don't miss, ICS/SCADA, Internet of Things, News, Review, Reviews /

Review: Hands-On Industrial Internet of Things 2025-04-17 at 07:10 By Mirko Zorz Hands-On Industrial Internet of Things is a practical guide designed specifically for professionals building and securing industrial IoT (IIoT) systems. About the authors Giacomo Veneri brings deep expertise in telecommunications and AI, shaped by over 25 years in IoT and AI applications within

React to this headline:

Loading spinner

Review: Hands-On Industrial Internet of Things Read More »

Cozy Bear targets EU diplomats with wine-tasting invites (again)

backdoor, cyber espionage, Don't miss, EU, Hot stuff, News, phishing, Russian Federation /

Cozy Bear targets EU diplomats with wine-tasting invites (again) 2025-04-16 at 17:40 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume

React to this headline:

Loading spinner

Cozy Bear targets EU diplomats with wine-tasting invites (again) Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

CardinalOps, CVE, Don't miss, Edera, Hot stuff, MITRE, News, VulnCheck, vulnerability disclosure, vulnerability management /

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

When companies merge, so do their cyber threats

Black Creek Cyber Security, CISO, CXO, cybersecurity, Data Protection, data security, Don't miss, Features, Hot stuff, Lumifi, market, News, regulation, strategy, tips, Twinstake /

When companies merge, so do their cyber threats 2025-04-16 at 09:13 By Mirko Zorz For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, and a shared security

React to this headline:

Loading spinner

When companies merge, so do their cyber threats Read More »

Strategic AI readiness for cybersecurity: From hype to reality

Artificial Intelligence, Aryaka, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, News, opinion, strategy /

Strategic AI readiness for cybersecurity: From hype to reality 2025-04-16 at 08:34 By Help Net Security AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI

React to this headline:

Loading spinner

Strategic AI readiness for cybersecurity: From hype to reality Read More »

Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques

cybersecurity, Don't miss, GitHub, MITRE, News, open source, software /

Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques 2025-04-16 at 08:01 By Help Net Security MITRE’s Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine offensive techniques to reach their objectives, Attack Flow offers defenders, analysts, and decision-makers a tool to

React to this headline:

Loading spinner

Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques Read More »

Buy Me A Coffee
Thank you for visiting!