Don’t miss

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)

0-day, CISA, Don't miss, endpoint management, Endpoint Security, Hot stuff, Japan, JPCERT/CC, Motex, News, security update /

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) 2025-10-23 at 17:10 By Zeljka Zorz CVE-2025-61932, an “improper verification of source of a communication channel” vulnerability affecting Lanscope Endpoint Manager, has been exploited as a zero-day since April 2025, the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) warned on Wednesday. According to information received […]

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) Read More »

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)

Adobe, Assetnote, Don't miss, e-commerce, Hot stuff, magento, News, Sansec, Searchlight Cyber, vulnerability /

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) 2025-10-23 at 14:39 By Zeljka Zorz Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) Read More »

Faster LLM tool routing comes with new security considerations

Atsign, cybersecurity, Don't miss, Features, Hot stuff, LLMs, monitoring, networking, News, research /

Faster LLM tool routing comes with new security considerations 2025-10-23 at 09:23 By Sinisa Markovic Large language models depend on outside tools to perform real-world tasks, but connecting them to those tools often slows them down or causes failures. A new study from the University of Hong Kong proposes a way to fix that. The

Faster LLM tool routing comes with new security considerations Read More »

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector

cybercrime, cybersecurity, Don't miss, ESET, Malware, News, North Korea, Remote Access Trojan, scams, threats, trojan /

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector 2025-10-23 at 09:23 By Sinisa Markovic ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector Read More »

Your wearable knows your heartbeat, but who else does?

cybersecurity, Don't miss, hardware, healthcare, Madaket Health, medical devices, News, Privacy, threats /

Your wearable knows your heartbeat, but who else does? 2025-10-23 at 09:23 By Sinisa Markovic Smartwatches, glucose sensors, and connected drug-monitoring devices are common in care programs. Remote monitoring helps detect changes early and supports personalized treatment and long-term condition management. They give clinicians valuable insight into patient health but also introduce new exposure points.

Your wearable knows your heartbeat, but who else does? Read More »

Attackers target retailers’ gift card systems using cloud-only techniques

cloud security, Don't miss, Hot stuff, Microsoft 365, News, Palo Alto Networks, Retail, spear-phishing /

Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and

Attackers target retailers’ gift card systems using cloud-only techniques Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

OpenFGA: The open-source engine redefining access control

access control, DevOps, Don't miss, GitHub, News, open source, software, Terraform /

OpenFGA: The open-source engine redefining access control 2025-10-22 at 15:13 By Sinisa Markovic OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers model and enforce fine-grained access control in their applications. At its core, OpenFGA enables teams to define who can do what

OpenFGA: The open-source engine redefining access control Read More »

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA, Don't miss, GuidePoint Security, Hot stuff, News, PoC, Synacktiv, WatchTowr, Windows, Windows Server /

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog,

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

Agentic AI security: Building the next generation of access controls

Delinea, Don't miss, Hot stuff, News, report /

Agentic AI security: Building the next generation of access controls 2025-10-21 at 10:03 By Help Net Security As artificial intelligence (AI) solutions continue to evolve, the rise of agentic AI—intelligent systems that can act autonomously on behalf of an organization—presents new security challenges. Research from Delinea’s 2025 AI in Identity Security Demands a New Playbook

Agentic AI security: Building the next generation of access controls Read More »

When everything’s connected, everything’s at risk

access control, Brown & Brown, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, supply chain /

When everything’s connected, everything’s at risk 2025-10-21 at 09:02 By Mirko Zorz In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems,

When everything’s connected, everything’s at risk Read More »

10 data security companies to watch in 2026

Atakama, cybersecurity, data security, Don't miss, Dymium, EchoMark, Hot stuff, HYCU, Knostic, Netzilo, News, NextLabs, Paperclip, SealPath, SideDrawer /

10 data security companies to watch in 2026 2025-10-21 at 08:52 By Sinisa Markovic At Help Net Security, we’ve been tracking the cybersecurity world for nearly three decades. Through our Industry News section, we’ve watched countless companies rise, and push the limits of what’s possible in data protection. Some vendors consistently stand out, not just

10 data security companies to watch in 2026 Read More »

AI’s split personality: Solving crimes while helping conceal them

Artificial Intelligence, cybercrime, cybersecurity, digital forensics, Don't miss, generative AI, News, research /

AI’s split personality: Solving crimes while helping conceal them 2025-10-21 at 08:52 By Sinisa Markovic What happens when investigators and cybercriminals start using the same technology? AI is now doing both, helping law enforcement trace attacks while also being tested for its ability to conceal them. A new study from the University of Cagliari digs

AI’s split personality: Solving crimes while helping conceal them Read More »

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Don't miss, Hot stuff, IIoT, industrial communications, Moxa, network, News, router, vulnerability /

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications /

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Most AI privacy research looks the wrong way

Artificial Intelligence, Carnegie Mellon University, cybersecurity, data security, Don't miss, Features, Hot stuff, LLMs, News, Privacy, research /

Most AI privacy research looks the wrong way 2025-10-20 at 13:19 By Mirko Zorz Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from

Most AI privacy research looks the wrong way Read More »

Why ex-military professionals are a good fit for cybersecurity

cybersecurity, cybersecurity jobs, Don't miss, News, NTT DATA Services, SpecterOps, strategy, tips /

Why ex-military professionals are a good fit for cybersecurity 2025-10-20 at 13:19 By Sinisa Markovic After years of working as part of a team, many military veterans look for work that still carries meaning, challenge, and purpose. Cybersecurity offers a new way to serve and protect on a different battlefield. Earlier this year, the Department

Why ex-military professionals are a good fit for cybersecurity Read More »

Nodepass: Open-source TCP/UDP tunneling solution

cybersecurity, DevOps, Don't miss, GitHub, network monitoring, networking, News, open source, penetration testing, red team, software /

Nodepass: Open-source TCP/UDP tunneling solution 2025-10-20 at 13:18 By Sinisa Markovic When you think of network tunneling, “lightweight” and “enterprise-grade” rarely appear in the same sentence. NodePass, an open-source project, wants to change that. It’s a compact but powerful TCP/UDP tunneling solution built for DevOps teams and system administrators who need to manage complex network

Nodepass: Open-source TCP/UDP tunneling solution Read More »

Why cybersecurity hiring feels so hard right now

CISO, cybersecurity jobs, Don't miss, News, strategy, tips, Video /

Why cybersecurity hiring feels so hard right now 2025-10-20 at 07:30 By Help Net Security In this Help Net Security video, Carol Lee Hobson, CISO at PayNearMe, explores the realities behind the so-called cybersecurity “talent gap.” She explains why the issue is as much about hiring practices as it is about skills shortages, and offers

Why cybersecurity hiring feels so hard right now Read More »

Scroll to Top