Deepfakes are rewriting the rules of geopolitics 2025-09-10 at 09:21 By Sinisa Markovic Deception and media manipulation have always been part of warfare, but AI has taken them to a new level. Entrust reports that deepfakes were created every five minutes in 2024, while the European Parliament estimates that 8 million will circulate across the […]
Deepfakes are rewriting the rules of geopolitics Read More »
Garak: Open-source LLM vulnerability scanner 2025-09-10 at 09:00 By Help Net Security LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks for problems like hallucinations, prompt injections, jailbreaks, and toxic outputs. By running
Garak: Open-source LLM vulnerability scanner Read More »
Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can
Fixing silent failures in security controls with adversarial exposure validation Read More »
Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from
Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »
Fake npm 2FA reset email led to compromise of popular code packages 2025-09-09 at 16:51 By Zeljka Zorz Malicious versions of at least 18 widely used npm packages were uploaded to the npm Registry on Monday, following the compromise of their maintainer’s account. “The packages were updated to contain a piece of code that would
Fake npm 2FA reset email led to compromise of popular code packages Read More »
Download: Cyber defense guide for the financial sector 2025-09-09 at 15:46 By Help Net Security Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s cybersecurity, you must contend with evolving regulatory obligations, outdated IT infrastructure, and other challenges. How do you
Download: Cyber defense guide for the financial sector Read More »
Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal 2025-09-09 at 10:22 By Mirko Zorz Nearly 500 scientists and researchers have signed an open letter warning that the latest version of the EU’s Chat Control Proposal would weaken digital security while failing to deliver meaningful protection for children. The signatories represent 34 countries
Nearly 500 researchers urge EU to rethink controversial CSAM scanning proposal Read More »
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for
Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential
Connected cars are racing ahead, but security is stuck in neutral Read More »
Are we headed for an AI culture war? 2025-09-09 at 07:52 By Help Net Security In this Help Net Security video, Matt Fangman, Field CTO at SailPoint, discusses whether an AI culture war is inevitable. He explores the rise of AI agents as a new identity type, the need for guardrails and human supervision, and
Are we headed for an AI culture war? Read More »
Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat
Salesloft Drift data breach: Investigation reveals how attackers got in Read More »
Cybersecurity research is getting new ethics rules, here’s what you need to know 2025-09-08 at 09:01 By Mirko Zorz Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such
Cybersecurity research is getting new ethics rules, here’s what you need to know Read More »
InterceptSuite: Open-source network traffic interception tool 2025-09-08 at 08:34 By Mirko Zorz InterceptSuite is an open-source, cross-platform network traffic interception tool designed for TLS/SSL inspection, analysis, and manipulation at the network level. “InterceptSuite is designed primarily for non-HTTP protocols, although it does support HTTP/1 and HTTP/2. It offers support for databases, SMTP, and custom protocols,
InterceptSuite: Open-source network traffic interception tool Read More »
Cyber defense cannot be democratized 2025-09-08 at 08:14 By Help Net Security The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt
Cyber defense cannot be democratized Read More »
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »
Stealthy attack serves poisoned web pages only to AI agents 2025-09-05 at 14:30 By Zeljka Zorz AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous
Stealthy attack serves poisoned web pages only to AI agents Read More »
September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator
September 2025 Patch Tuesday forecast: The CVE matrix Read More »
CyberFlex: Flexible Pen testing as a Service with EASM 2025-09-04 at 16:58 By Help Net Security About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model.
CyberFlex: Flexible Pen testing as a Service with EASM Read More »
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »
LinkedIn expands company verification, mandates workplace checks for certain roles 2025-09-04 at 16:00 By Mirko Zorz LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter
LinkedIn expands company verification, mandates workplace checks for certain roles Read More »