Don’t miss

Social media apps that aggressively harvest user data

data security, Don't miss, Incogni, News, Privacy, report, survey /

Social media apps that aggressively harvest user data 2025-08-27 at 07:10 By Sinisa Markovic Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni. Some apps leverage data for marketing and advertising purposes, feeding algorithms to calculate optimal prices based on consumer behavior, often leading to […]

React to this headline:

Loading spinner

Social media apps that aggressively harvest user data Read More »

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)

0-day, backdoor, Citrix, Don't miss, Hot stuff, NetScaler, News, web shell /

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) 2025-08-26 at 16:35 By Zeljka Zorz Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security

React to this headline:

Loading spinner

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CISA, Don't miss, Git, Hot stuff, News, PoC, software development, vulnerability /

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

React to this headline:

Loading spinner

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO

CISO, critical infrastructure, cyber risk, cybersecurity, Don't miss, embedded systems, Features, Hot stuff, News, opinion, Risk Management, strategy /

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO 2025-08-26 at 09:24 By Mirko Zorz Agriculture is a connected, software-driven industry where cybersecurity is just as essential as tractors and harvesters. From embedded hardware in smart fleets to defending against advanced persistent threats, protecting the agricultural supply chain requires a layered, collaborative approach.

React to this headline:

Loading spinner

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO Read More »

LLMs at the edge: Rethinking how IoT devices talk and act

Artificial Intelligence, Don't miss, Features, Hot stuff, IEEE, Internet of Things, LLMs, networking, News, research, smart home, Sumo Logic /

LLMs at the edge: Rethinking how IoT devices talk and act 2025-08-26 at 08:01 By Mirko Zorz Anyone who has set up a smart home knows the routine: one app to dim the lights, another to adjust the thermostat, and a voice assistant that only understands exact phrasing. These systems call themselves smart, but in

React to this headline:

Loading spinner

LLMs at the edge: Rethinking how IoT devices talk and act Read More »

How to build a secure AI culture without shutting people down

Artificial Intelligence, cybersecurity, Don't miss, News, security awareness, security culture, Security Journey, strategy, tips, Video /

How to build a secure AI culture without shutting people down 2025-08-26 at 07:32 By Help Net Security In this Help Net Security video, Michael Burch, Director of Application Security at Security Journey, explains how organizations can build a secure AI culture. He highlights the risks of banning AI outright, the dangers of shadow AI,

React to this headline:

Loading spinner

How to build a secure AI culture without shutting people down Read More »

ScreenConnect admins targeted with spoofed login alerts

Don't miss, Hot stuff, MFA, Mimecast, MITM, MSP, News, Sophos, spear-phishing /

ScreenConnect admins targeted with spoofed login alerts 2025-08-25 at 17:56 By Zeljka Zorz ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event. The goal of the attackers is to grab the login credentials and MFA tokens of Super Admins: users who have

React to this headline:

Loading spinner

ScreenConnect admins targeted with spoofed login alerts Read More »

Fake macOS help sites push Shamos infostealer via ClickFix technique

Check Point, CrowdStrike, Don't miss, ESET, Hot stuff, macOS, malvertising, Malware, Microsoft, News, social engineering /

Fake macOS help sites push Shamos infostealer via ClickFix technique 2025-08-25 at 15:23 By Zeljka Zorz Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installation, the malware peddlers

React to this headline:

Loading spinner

Fake macOS help sites push Shamos infostealer via ClickFix technique Read More »

Why a new AI tool could change how we test insider threat defenses

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, Insider Threat, LLMs, News, research, Risk Management /

Why a new AI tool could change how we test insider threat defenses 2025-08-25 at 09:04 By Mirko Zorz Insider threats are among the hardest attacks to detect because they come from people who already have legitimate access. Security teams know the risk well, but they often lack the data needed to train systems that

React to this headline:

Loading spinner

Why a new AI tool could change how we test insider threat defenses Read More »

Why satellite cybersecurity threats matter to everyone

aerospace, CISO, cyber resilience, cyber risk, cybersecurity, Deloitte, Don't miss, Features, Hot stuff, News, opinion, strategy, tips, zero trust /

Why satellite cybersecurity threats matter to everyone 2025-08-25 at 08:34 By Mirko Zorz Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is even greater

React to this headline:

Loading spinner

Why satellite cybersecurity threats matter to everyone Read More »

Kopia: Open-source encrypted backup tool for Windows, macOS, Linux

backup, Don't miss, GitHub, News, open source, software /

Kopia: Open-source encrypted backup tool for Windows, macOS, Linux 2025-08-25 at 08:21 By Help Net Security Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer. It doesn’t create a

React to this headline:

Loading spinner

Kopia: Open-source encrypted backup tool for Windows, macOS, Linux Read More »

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies

Artificial Intelligence, books, Don't miss, generative AI, Hot stuff, how-to, LLMs, machine learning, News, Review, Reviews, skill development, strategy, tips /

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies 2025-08-25 at 07:50 By Mirko Zorz Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare. It’s essentially a walkthrough of offensive and defensive approaches to AI security. About the author John Sotiropoulos is the Head Of AI

React to this headline:

Loading spinner

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies Read More »

China-linked Murky Panda targets and moves laterally through cloud services

APT, China, Cloud, CrowdStrike, cyber espionage, Don't miss, Hot stuff, News /

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky

React to this headline:

Loading spinner

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Five ways OSINT helps financial institutions to fight money laundering

Blackdot Solutions, cybersecurity, Don't miss, Expert analysis, Expert corner, financial industry, Hot stuff, News, opinion, OSINT, strategy, tips /

Five ways OSINT helps financial institutions to fight money laundering 2025-08-22 at 09:31 By Help Net Security Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies

React to this headline:

Loading spinner

Five ways OSINT helps financial institutions to fight money laundering Read More »

DevOps in the cloud and what is putting your data at risk

cloud security, DevOps, Don't miss, GitProtect.io, News, SaaS, strategy, tips, Video /

DevOps in the cloud and what is putting your data at risk 2025-08-22 at 07:33 By Help Net Security In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including

React to this headline:

Loading spinner

DevOps in the cloud and what is putting your data at risk Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Cisco, critical infrastructure, cyber espionage, Don't miss, FBI, Hot stuff, News, Russian Federation, USA, vulnerability /

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

React to this headline:

Loading spinner

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged

AWS, cloud security, cloud storage, Don't miss, Fog Security, Hot stuff, News /

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3

React to this headline:

Loading spinner

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »

Using lightweight LLMs to cut incident response times and reduce hallucinations

Artificial Intelligence, CISO, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, LLMs, News, research, security operations, strategy, Threat Intelligence, tips /

Using lightweight LLMs to cut incident response times and reduce hallucinations 2025-08-21 at 09:03 By Mirko Zorz Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM

React to this headline:

Loading spinner

Using lightweight LLMs to cut incident response times and reduce hallucinations Read More »

Fractional vs. full-time CISO: Finding the right fit for your company

CISO, cybersecurity, Don't miss, Features, Hot stuff, Mandos, News, security controls, strategy /

Fractional vs. full-time CISO: Finding the right fit for your company 2025-08-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security

React to this headline:

Loading spinner

Fractional vs. full-time CISO: Finding the right fit for your company Read More »

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive

backup, data security, Don't miss, Encryption, hardware, iStorage, News, Product showcase, storage /

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive 2025-08-21 at 08:00 By Anamarija Pogorelec The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 Level 3 certification and operates without the need for software, making it

React to this headline:

Loading spinner

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive Read More »

Scroll to Top