AI isn’t taking over the world, but here’s what you should worry about 2025-08-29 at 10:03 By Help Net Security In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own. He explains how large language models actually work, […]
AI isn’t taking over the world, but here’s what you should worry about Read More »
Finding connection and resilience as a CISO 2025-08-29 at 10:03 By Mirko Zorz With sensitive information to protect and reputational risk always in the background, it isn’t easy for security leaders to have open conversations about what’s working and what isn’t. Yet strong peer networks and candid exchanges are critical for resilience, both organizationally and
Finding connection and resilience as a CISO Read More »
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »
ScamAgent shows how AI could power the next wave of scam calls 2025-08-28 at 09:03 By Mirko Zorz Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could
ScamAgent shows how AI could power the next wave of scam calls Read More »
Where security, DevOps, and data science finally meet on AI strategy 2025-08-28 at 08:34 By Mirko Zorz AI infrastructure is expensive, complex, and often caught between competing priorities. On one side, security teams want strong isolation and boundaries. On the other, engineers push for performance, density, and cost savings. With GPUs in short supply and
Where security, DevOps, and data science finally meet on AI strategy Read More »
Can AI make threat intelligence easier? One platform thinks so 2025-08-28 at 07:38 By Mirko Zorz When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate
Can AI make threat intelligence easier? One platform thinks so Read More »
Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »
AI Security Map: Linking AI vulnerabilities to real-world impact 2025-08-27 at 09:40 By Mirko Zorz A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only the first step. The real risk comes from how quickly one weakness in an AI
AI Security Map: Linking AI vulnerabilities to real-world impact Read More »
How compliance teams can turn AI risk into opportunity 2025-08-27 at 08:52 By Mirko Zorz AI is moving faster than regulation, and that creates opportunities and risks for compliance teams. While governments work on new rules, businesses cannot sit back and wait. In this Help Net Security video, Matt Hillary, CISO at Drata, look at
How compliance teams can turn AI risk into opportunity Read More »
Hottest cybersecurity open-source tools of the month: August 2025 2025-08-27 at 08:02 By Sinisa Markovic This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: Open-source AI-driven system detects and patches vulnerabilities Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source
Hottest cybersecurity open-source tools of the month: August 2025 Read More »
What CISOs can learn from Doppel’s new AI-driven social engineering simulation 2025-08-27 at 07:51 By Sinisa Markovic Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create multi-channel simulations that mirror how attackers operate across email, SMS, messaging apps,
What CISOs can learn from Doppel’s new AI-driven social engineering simulation Read More »
Social media apps that aggressively harvest user data 2025-08-27 at 07:10 By Sinisa Markovic Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni. Some apps leverage data for marketing and advertising purposes, feeding algorithms to calculate optimal prices based on consumer behavior, often leading to
Social media apps that aggressively harvest user data Read More »
NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) 2025-08-26 at 16:35 By Zeljka Zorz Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security
NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) Read More »
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »
Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO 2025-08-26 at 09:24 By Mirko Zorz Agriculture is a connected, software-driven industry where cybersecurity is just as essential as tractors and harvesters. From embedded hardware in smart fleets to defending against advanced persistent threats, protecting the agricultural supply chain requires a layered, collaborative approach.
Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO Read More »
LLMs at the edge: Rethinking how IoT devices talk and act 2025-08-26 at 08:01 By Mirko Zorz Anyone who has set up a smart home knows the routine: one app to dim the lights, another to adjust the thermostat, and a voice assistant that only understands exact phrasing. These systems call themselves smart, but in
LLMs at the edge: Rethinking how IoT devices talk and act Read More »
How to build a secure AI culture without shutting people down 2025-08-26 at 07:32 By Help Net Security In this Help Net Security video, Michael Burch, Director of Application Security at Security Journey, explains how organizations can build a secure AI culture. He highlights the risks of banning AI outright, the dangers of shadow AI,
How to build a secure AI culture without shutting people down Read More »
ScreenConnect admins targeted with spoofed login alerts 2025-08-25 at 17:56 By Zeljka Zorz ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event. The goal of the attackers is to grab the login credentials and MFA tokens of Super Admins: users who have
ScreenConnect admins targeted with spoofed login alerts Read More »
Fake macOS help sites push Shamos infostealer via ClickFix technique 2025-08-25 at 15:23 By Zeljka Zorz Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installation, the malware peddlers
Fake macOS help sites push Shamos infostealer via ClickFix technique Read More »