Don’t miss

Behind the scenes of cURL with its founder: Releases, updates, and security

code, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, open source, opinion, patching, software, software development, strategy, tips, vulnerability management /

Behind the scenes of cURL with its founder: Releases, updates, and security 2025-09-18 at 09:01 By Mirko Zorz In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of […]

Behind the scenes of cURL with its founder: Releases, updates, and security Read More »

Product showcase: Exaforce – The full lifecycle AI SOC platform

Artificial Intelligence, Don't miss, Exaforce, Hot stuff, News, Product showcase, SOC /

Product showcase: Exaforce – The full lifecycle AI SOC platform 2025-09-18 at 09:01 By Help Net Security Today’s SOCs face an impossible equation: too much noise, too many gaps, and too few hands. Detection coverage gaps leave companies exposed, false positives overwhelm analysts, manual investigations eat up valuable hours from the most expensive assets (experienced

Product showcase: Exaforce – The full lifecycle AI SOC platform Read More »

Many networking devices are still vulnerable to pixie dust attack

attack, consumer, Don't miss, Features, firmware, legacy technology, News, SMBs, TP-LINK, vulnerability, wireless /

Many networking devices are still vulnerable to pixie dust attack 2025-09-17 at 18:22 By Zeljka Zorz Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, Netrise researchers have confirmed. WPS and the pixie dust attack Wi-Fi Protected Setup (WPS)

Many networking devices are still vulnerable to pixie dust attack Read More »

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Cloudflare, Don't miss, Hot stuff, lawsuit, Microsoft, Microsoft 365, News, phishing /

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader 2025-09-17 at 15:23 By Zeljka Zorz Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials. “Using a court order granted by the Southern District of New York, [we] seized 338 websites associated with the popular service, disrupting

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader Read More »

How a fake ICS network can reveal real cyberattacks

BforeAI, critical infrastructure, cybersecurity, Don't miss, Features, honeypots, Hot stuff, ICS/SCADA, News, research, strategy, tips /

How a fake ICS network can reveal real cyberattacks 2025-09-17 at 09:03 By Mirko Zorz Researchers have introduced a new way to study and defend against ICS threats. Their project, called ICSLure, is a honeynet built to closely mimic a real industrial environment. Why traditional honeypots fall short Honeypots are systems designed to attract attackers

How a fake ICS network can reveal real cyberattacks Read More »

Creating a compliance strategy that works across borders

Compliance, cybersecurity, data security, Don't miss, EQS Group, EU, Features, Hot stuff, News, regulation, USA /

Creating a compliance strategy that works across borders 2025-09-17 at 08:37 By Mirko Zorz In this Help Net Security interview, Marco Goldberg, Managing Director at EQS Group, discusses how compliance and regulation are evolving worldwide. He talks about how organizations can stay compliant with international rules while keeping their systems practical and user-friendly. Goldberg points

Creating a compliance strategy that works across borders Read More »

Rayhunter: EFF releases open-source tool to detect cellular spying

Don't miss, EFF, GitHub, mobile devices, News, open source, Privacy, software, surveillance /

Rayhunter: EFF releases open-source tool to detect cellular spying 2025-09-17 at 08:12 By Anamarija Pogorelec The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI catchers or Stingrays, mimic cell towers to trick phones into connecting so they can collect

Rayhunter: EFF releases open-source tool to detect cellular spying Read More »

Bots vs. humans? Why intent is the game-changer

bot, cybersecurity, DataDome, Don't miss, News, strategy, tips, Video /

Bots vs. humans? Why intent is the game-changer 2025-09-17 at 07:30 By Help Net Security In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams. He explores how advanced AI agents and sophisticated bots blur the

Bots vs. humans? Why intent is the game-changer Read More »

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

Aikido Security, Don't miss, Hot stuff, JavaScript, News, Node.js, open source, ReversingLabs, StepSecurity, supply chain attacks, Wiz, worms /

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack 2025-09-17 at 01:18 By Zeljka Zorz A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Read More »

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

credentials, Don't miss, Endpoint Security, enterprise, Hot stuff, Huntress, News, Ransomware, Rapid7, SMBs, SonicWall /

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents 2025-09-16 at 15:46 By Zeljka Zorz All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents Read More »

GitHub adds post-quantum protection for SSH access

access control, Don't miss, Encryption, GitHub, News, NIST, OpenSSH, quantum computing, SSH /

GitHub adds post-quantum protection for SSH access 2025-09-16 at 12:05 By Sinisa Markovic GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. What GitHub is changing GitHub has introduced a new type of SSH key that combines

GitHub adds post-quantum protection for SSH access Read More »

Building security that protects customers, not just auditors

cybersecurity, Don't miss, Features, framework, Hot stuff, monitoring, News, Rapyd, security standard /

Building security that protects customers, not just auditors 2025-09-16 at 09:31 By Mirko Zorz In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions. He points out that good engineering usually leads to strong security, and cautions

Building security that protects customers, not just auditors Read More »

Google introduces VaultGemma, a differentially private LLM built for secure data handling

Artificial Intelligence, Don't miss, Google, LLMs, News, Privacy /

Google introduces VaultGemma, a differentially private LLM built for secure data handling 2025-09-16 at 09:31 By Sinisa Markovic Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent individual data points from being exposed, which makes it safer for handling confidential

Google introduces VaultGemma, a differentially private LLM built for secure data handling Read More »

Phishing campaign targets Rust developers

Don't miss, GitHub, Hot stuff, News, programming, rust, spear-phishing /

Phishing campaign targets Rust developers 2025-09-15 at 19:27 By Zeljka Zorz Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new)

Phishing campaign targets Rust developers Read More »

Most enterprise AI use is invisible to security teams

Artificial Intelligence, ChatGPT, Don't miss, enterprise, Features, Lanai, News /

Most enterprise AI use is invisible to security teams 2025-09-15 at 10:38 By Mirko Zorz Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI

Most enterprise AI use is invisible to security teams Read More »

What could a secure 6G network look like?

Artificial Intelligence, attacks, cybersecurity, Don't miss, ETSI, Expert analysis, Expert corner, Hot stuff, network, News, opinion, security standard, telecommunications, wireless /

What could a secure 6G network look like? 2025-09-15 at 08:47 By Help Net Security The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised

What could a secure 6G network look like? Read More »

Why neglected assets are the hidden threat attackers love to find

cybersecurity, Don't miss, News, Orca Security, strategy, tips, Video /

Why neglected assets are the hidden threat attackers love to find 2025-09-15 at 07:58 By Help Net Security In this Help Net Security video, Tim Chase, Tech Evangelist at Orca Security, explores one of the most overlooked cybersecurity risks: neglected assets. From forgotten cloud resources and outdated OT systems to expired domains and abandoned storage,

Why neglected assets are the hidden threat attackers love to find Read More »

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot

bootkit, Don't miss, ESET, Hot stuff, News, Ransomware /

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot 2025-09-12 at 19:00 By Help Net Security ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Read More »

CISA looks to partners to shore up the future of the CVE Program

CISA, CVE, Don't miss, Government, Hot stuff, MITRE, News, USA, vulnerability assessment /

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders

CISA looks to partners to shore up the future of the CVE Program Read More »

Scroll to Top