Don't miss - Security Ticks

macOS vulnerability allowed Keychain and iOS app decryption without a password

apple, conferences, CVE, cybersecurity, Don't miss, Hot stuff, macOS, News, security update, vulnerability / SecurityTicks

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

0-day, Don't miss, enterprise, Hot stuff, Mandiant, News, Sitecore, SMBs / SecurityTicks

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Cutting through CVE noise with real-world threat signals

automation, CVE, cybersecurity, Don't miss, enterprise, News, Nucleus Security, Threat Intelligence, vulnerability management / SecurityTicks

Cutting through CVE noise with real-world threat signals 2025-09-04 at 09:02 By Sinisa Markovic CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or

Cutting through CVE noise with real-world threat signals Read More »

Attackers are turning Salesforce trust into their biggest weapon

cybersecurity, Don't miss, News, OAuth, report, Salesforce, survey, threats, WithSecure / SecurityTicks

Attackers are turning Salesforce trust into their biggest weapon 2025-09-04 at 09:02 By Sinisa Markovic Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this

Attackers are turning Salesforce trust into their biggest weapon Read More »

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare, credentials, data breach, Don't miss, Hot stuff, News, OAuth, Proofpoint, Rubrik, SaaS, Salesforce, supply chain compromise / SecurityTicks

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »

BruteForceAI: Free AI-powered login brute force tool

Artificial Intelligence, cybersecurity, Don't miss, GitHub, LLMs, News, software / SecurityTicks

BruteForceAI: Free AI-powered login brute force tool 2025-09-03 at 09:31 By Help Net Security BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically. It

BruteForceAI: Free AI-powered login brute force tool Read More »

How gaming experience can help with a cybersecurity career

CAPSLOCK, CompTIA, cybersecurity, cybersecurity jobs, Don't miss, game, Hot stuff, News, online gaming, skill development, strategy, tips, Varonis / SecurityTicks

How gaming experience can help with a cybersecurity career 2025-09-03 at 08:41 By Sinisa Markovic Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of

How gaming experience can help with a cybersecurity career Read More »

Detecting danger: EASM in the modern security stack

Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, Outpost24, threat, Threat Intelligence / SecurityTicks

Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that

Detecting danger: EASM in the modern security stack Read More »

Five habits of highly secure development teams

Application Security, DevSecOps, Don't miss, News, Optiv Security, Privacy, software development, Video / SecurityTicks

Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the

Five habits of highly secure development teams Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler / SecurityTicks

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Can AI agents catch what your SOC misses?

Artificial Intelligence, cybersecurity, Don't miss, Features, framework, Hot stuff, network monitoring, News, open source, research, security operations, SOC / SecurityTicks

Can AI agents catch what your SOC misses? 2025-09-02 at 10:45 By Mirko Zorz A new research project called NetMoniAI shows how AI agents might reshape network monitoring and security. Developed by a team at Texas Tech University, the framework brings together two ideas: distributed monitoring at the edge and AI-driven analysis at the center.

Can AI agents catch what your SOC misses? Read More »

What the GitGuardian secrets sprawl report reveals about leaked credentials

Don't miss, GitGuardian, News, report, Video / SecurityTicks

What the GitGuardian secrets sprawl report reveals about leaked credentials 2025-09-02 at 07:47 By Help Net Security In this Help Net Security video, Dwayne McDaniel, Senior Developer Advocate at GitGuardian, presents findings from The State of Secrets Sprawl 2025. McDaniel explains why generic secrets are especially difficult to detect, why private repositories pose an even

What the GitGuardian secrets sprawl report reveals about leaked credentials Read More »

AIDEFEND: Free AI defense framework

Artificial Intelligence, cybersecurity, Don't miss, framework, Hot stuff, News, open source / SecurityTicks

AIDEFEND: Free AI defense framework 2025-09-01 at 09:21 By Mirko Zorz AIDEFEND (Artificial Intelligence Defense Framework) is an open knowledge base dedicated to AI security, providing defensive countermeasures and best practices to help security pros safeguard AI and machine learning systems. Practicality is at the core of AIDEFEND. The framework is designed to be “highly

AIDEFEND: Free AI defense framework Read More »

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

CISO, cyber resilience, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, MITRE ATT&CK, News, OWASP, reconnaissance, research, security operations, SOC / SecurityTicks

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior 2025-09-01 at 09:21 By Mirko Zorz A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior Read More »

Boards are being told to rethink their role in cybersecurity

boardroom, CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, financial industry, Google, News, report, strategy / SecurityTicks

Boards are being told to rethink their role in cybersecurity 2025-09-01 at 08:03 By Sinisa Markovic Boards of directors are being told that cybersecurity is now central to business resilience and growth, and that they must engage more directly in the way their organizations manage risk. A new report from Google Cloud’s Office of the

Boards are being told to rethink their role in cybersecurity Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

backdoor, Check Point, Don't miss, Heroku, Hot stuff, manufacturing sector, News, phishing / SecurityTicks

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

New framework aims to outsmart malware evasion tricks

Aryaka, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, Malware, News, research / SecurityTicks

New framework aims to outsmart malware evasion tricks 2025-08-29 at 10:03 By Mirko Zorz Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe

New framework aims to outsmart malware evasion tricks Read More »

Finding connection and resilience as a CISO

CISO, collaboration, cybersecurity, Don't miss, Features, News, opinion, strategy, Trellix / SecurityTicks

Finding connection and resilience as a CISO 2025-08-29 at 10:03 By Mirko Zorz With sensitive information to protect and reputational risk always in the background, it isn’t easy for security leaders to have open conversations about what’s working and what isn’t. Yet strong peer networks and candid exchanges are critical for resilience, both organizationally and

Finding connection and resilience as a CISO Read More »

AI isn’t taking over the world, but here’s what you should worry about

Artificial Intelligence, cybersecurity, Don't miss, how-to, LLMs, News, Pluralsight, tips, Video / SecurityTicks

AI isn’t taking over the world, but here’s what you should worry about 2025-08-29 at 10:03 By Help Net Security In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own. He explains how large language models actually work,

AI isn’t taking over the world, but here’s what you should worry about Read More »

Don’t miss