Don’t miss

Python Foundation rejects US government grant earmarked for security improvements

Don't miss, funding, Government, Hot stuff, News, open source, Python, Python Software Foundation, security review /

Python Foundation rejects US government grant earmarked for security improvements 2025-10-29 at 14:23 By Zeljka Zorz The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its community, the programming non-profit announced on Monday. “In January 2025, the PSF […]

Python Foundation rejects US government grant earmarked for security improvements Read More »

AI agents can leak company data through simple web searches

agentic AI, Artificial Intelligence, cybersecurity, Data leak, Don't miss, enterprise, Features, Hot stuff, Lasso Security, News, prompt injection, research, threats /

AI agents can leak company data through simple web searches 2025-10-29 at 10:24 By Mirko Zorz When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how that same setup can be used to quietly pull

AI agents can leak company data through simple web searches Read More »

Early reporting helps credit unions stop fraudulent transfers faster

Artificial Intelligence, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity protection, News, VyStar /

Early reporting helps credit unions stop fraudulent transfers faster 2025-10-29 at 08:48 By Mirko Zorz In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening payment security. As cybercriminals leverage social engineering and AI-driven tactics, Scaffidi explains how innovation

Early reporting helps credit unions stop fraudulent transfers faster Read More »

Scammers target international students by threatening their visa status

cybercrime, cybersecurity, Don't miss, News, Purdue University, research, scams, threats, USA /

Scammers target international students by threatening their visa status 2025-10-29 at 08:29 By Sinisa Markovic In 2025, the U.S. government revoked thousands of visas from international students, often without warning or explanation. According to a newly released study, this opened a door for scammers. Posing as government officials, police, or university staff, they took advantage

Scammers target international students by threatening their visa status Read More »

Proximity: Open-source MCP security scanner

Don't miss, GitHub, News, open source, penetration testing, red team, scanner, scanning, software, threat hunting /

Proximity: Open-source MCP security scanner 2025-10-29 at 08:29 By Mirko Zorz Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule

Proximity: Open-source MCP security scanner Read More »

Product showcase: Syteca – The human-centric insider threat management platform

Don't miss, Hot stuff, Insider Threat, News, Product showcase, Syteca /

Product showcase: Syteca – The human-centric insider threat management platform 2025-10-29 at 08:00 By Help Net Security Most organizations think the greatest danger lurks outside their walls. But statistics keep proving otherwise. According to Verizon’s 2025 Data Breach Investigation Report, 60% of breaches involve the human element. The real risk often comes from within –

Product showcase: Syteca – The human-centric insider threat management platform Read More »

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)

BIND, BSI, DNS, Don't miss, Hot stuff, News, PoC, vulnerability /

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) 2025-10-28 at 19:27 By Zeljka Zorz A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network

PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Read More »

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

0-day, APT, Chrome, Don't miss, exploit, Hacking Team, Hot stuff, Kaspersky, Memento Labs, News, spyware, Windows /

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »

Managing legacy medical devices that can no longer be patched

Artificial Intelligence, Compliance, cyber resilience, cybersecurity, Don't miss, Features, healthcare, Hot stuff, medical devices, News, QuidelOrtho, risk, security controls /

Managing legacy medical devices that can no longer be patched 2025-10-28 at 10:22 By Mirko Zorz In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in healthcare environments. She explains how organizations can protect legacy systems, collaborate with vendors, and

Managing legacy medical devices that can no longer be patched Read More »

Review: The Wireless Cookbook

Bluetooth, books, Don't miss, networking, News, Raspberry Pi, Review, Reviews, wireless /

Review: The Wireless Cookbook 2025-10-28 at 10:22 By Mirko Zorz The Wireless Cookbook is a project-centered guide to working with Wi-Fi, Bluetooth, and LoRa, written with the Raspberry Pi as the main platform. It is aimed at people who learn through building, experimenting, and breaking things to understand how they work. For security professionals, this

Review: The Wireless Cookbook Read More »

Chain of security weaknesses found in smart air compressor model

cyber risk, cybersecurity, Don't miss, hardware, IIoT, News /

Chain of security weaknesses found in smart air compressor model 2025-10-28 at 10:22 By Sinisa Markovic Contractors and workshops often rely on air compressors to power their tools and keep projects running. But when those compressors are connected to the internet, convenience can introduce new risks. Researchers at George Mason University found that the California

Chain of security weaknesses found in smart air compressor model Read More »

eBook: A quarter century of Active Directory

Don't miss, Enzoic, Hot stuff, News, Whitepapers and webinars /

eBook: A quarter century of Active Directory 2025-10-27 at 16:57 By Help Net Security Active Directory (AD) remains the backbone of enterprise identity and a prime target for attackers. Explore its 25-year history, evolving risks, and how organizations can modernize password security. This eBook shows why AD defenses must evolve and how to stop credential-based

eBook: A quarter century of Active Directory Read More »

Ransomware, extortion groups adapt as payment rates reach historic lows

Coveware, data theft, Don't miss, extortion, Hot stuff, Insider Threat, News, Ransomware, remote access, social engineering, trends /

Ransomware, extortion groups adapt as payment rates reach historic lows 2025-10-27 at 15:12 By Zeljka Zorz Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, the payment rate dropped to just 19 percent, according

Ransomware, extortion groups adapt as payment rates reach historic lows Read More »

Can your earbuds recognize you? Researchers are working on it

Arduino, authentication, biometrics, cybersecurity, Don't miss, Features, hardware, Hot stuff, News, research, wearable tech, wireless /

Can your earbuds recognize you? Researchers are working on it 2025-10-27 at 09:05 By Mirko Zorz Biometric authentication has moved from fingerprints to voices to facial scans, but a team of researchers believes the next step could be inside the ear. New research explores how the ear canal’s unique acoustic properties can be used to

Can your earbuds recognize you? Researchers are working on it Read More »

DDoS, data theft, and malware are storming the gaming industry

Check Point, cybersecurity, Don't miss, EQS Group, Netscout, News, online gaming, threats /

DDoS, data theft, and malware are storming the gaming industry 2025-10-27 at 08:46 By Sinisa Markovic When the pandemic kept people at home in 2020, millions turned to games for an escape. The surge turned every console, PC, and phone into part of a vast online network. More players meant more logins, payments, and personal

DDoS, data theft, and malware are storming the gaming industry Read More »

Dependency-Track: Open-source component analysis platform

cybersecurity, data analysis, Don't miss, GitHub, News, open source, software /

Dependency-Track: Open-source component analysis platform 2025-10-27 at 08:46 By Sinisa Markovic Software is a patchwork of third-party components, and keeping tabs on what’s running under the hood has become a challenge. The open-source platform Dependency-Track tackles that problem head-on. Rather than treating software composition as a one-time scan, it continuously monitors every version of every

Dependency-Track: Open-source component analysis platform Read More »

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)

BSI, Don't miss, enterprise, Hawktrace, Hot stuff, Microsoft, NCSC-NL, News, security update, SMBs, vulnerability, Windows Server /

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) 2025-10-24 at 15:38 By Zeljka Zorz Microsoft has released an out-of-band security update that “comprehensively” addresses CVE-2025-59287, a remote code execution vulnerability in the Windows Server Update Services (WSUS) that is reportedly being exploited in the wild. About CVE-2025-59287 WSUS is a tool that helps

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287) Read More »

Microsoft blocks risky file previews in Windows File Explorer

credentials, Don't miss, Hot stuff, News, Windows /

Microsoft blocks risky file previews in Windows File Explorer 2025-10-24 at 15:38 By Zeljka Zorz Along with fixing many code-based vulnerabilities, the October 2025 Windows updates also change how File Explorer handles files downloaded from the internet. The change affects the file management tool’s Preview Pane, which lets users see the contents of a file

Microsoft blocks risky file previews in Windows File Explorer Read More »

Building trust in AI: How to keep humans in control of cybersecurity

Artificial Intelligence, BackBox, cybersecurity, Don't miss, News, strategy, tips, Video /

Building trust in AI: How to keep humans in control of cybersecurity 2025-10-24 at 10:42 By Help Net Security In this Help Net Security video, Rekha Shenoy, CEO at BackBox, takes a look at AI in cybersecurity, separating hype from reality. She explains why AI’s true value lies not in replacing human expertise but in

Building trust in AI: How to keep humans in control of cybersecurity Read More »

Researchers expose large-scale YouTube malware distribution network

Check Point, Don't miss, Hot stuff, Malware, News, phishing, Youtube /

Researchers expose large-scale YouTube malware distribution network 2025-10-23 at 17:37 By Zeljka Zorz Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked

Researchers expose large-scale YouTube malware distribution network Read More »

Scroll to Top