Why a new AI tool could change how we test insider threat defenses 2025-08-25 at 09:04 By Mirko Zorz Insider threats are among the hardest attacks to detect because they come from people who already have legitimate access. Security teams know the risk well, but they often lack the data needed to train systems that […]
Why a new AI tool could change how we test insider threat defenses Read More »
Why satellite cybersecurity threats matter to everyone 2025-08-25 at 08:34 By Mirko Zorz Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is even greater
Why satellite cybersecurity threats matter to everyone Read More »
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux 2025-08-25 at 08:21 By Help Net Security Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer. It doesn’t create a
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux Read More »
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies 2025-08-25 at 07:50 By Mirko Zorz Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare. It’s essentially a walkthrough of offensive and defensive approaches to AI security. About the author John Sotiropoulos is the Head Of AI
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies Read More »
China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky
China-linked Murky Panda targets and moves laterally through cloud services Read More »
Five ways OSINT helps financial institutions to fight money laundering 2025-08-22 at 09:31 By Help Net Security Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies
Five ways OSINT helps financial institutions to fight money laundering Read More »
DevOps in the cloud and what is putting your data at risk 2025-08-22 at 07:33 By Help Net Security In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including
DevOps in the cloud and what is putting your data at risk Read More »
Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets
Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »
Using lightweight LLMs to cut incident response times and reduce hallucinations 2025-08-21 at 09:03 By Mirko Zorz Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM
Using lightweight LLMs to cut incident response times and reduce hallucinations Read More »
Fractional vs. full-time CISO: Finding the right fit for your company 2025-08-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security
Fractional vs. full-time CISO: Finding the right fit for your company Read More »
Product showcase: iStorage datAshur PRO+C encrypted USB flash drive 2025-08-21 at 08:00 By Anamarija Pogorelec The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 Level 3 certification and operates without the need for software, making it
Product showcase: iStorage datAshur PRO+C encrypted USB flash drive Read More »
Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) 2025-08-20 at 22:42 By Zeljka Zorz Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable
Alleged Rapper Bot DDoS botnet master arrested, charged 2025-08-20 at 21:47 By Zeljka Zorz US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugene, Oregon, is accused of
Alleged Rapper Bot DDoS botnet master arrested, charged Read More »
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »
Password crisis in healthcare: Meeting and exceeding HIPAA requirements 2025-08-20 at 19:25 By Help Net Security In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders
Password crisis in healthcare: Meeting and exceeding HIPAA requirements Read More »
Commvault plugs holes in backup suite that allow remote code execution 2025-08-20 at 17:33 By Zeljka Zorz Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday by researchers at watchTowr Labs, who
Commvault plugs holes in backup suite that allow remote code execution Read More »
The 6 challenges your business will face in implementing MLSecOps 2025-08-20 at 09:04 By Help Net Security Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps addresses this critical gap in security perimeters by combining AI
The 6 challenges your business will face in implementing MLSecOps Read More »
LudusHound: Open-source tool brings BloodHound data to life 2025-08-20 at 08:31 By Mirko Zorz LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment using previously gathered BloodHound data. Red teams can use this
LudusHound: Open-source tool brings BloodHound data to life Read More »
The AI security crisis no one is preparing for 2025-08-20 at 08:03 By Mirko Zorz In this Help Net Security interview, Jacob Ideskog, CTO of Curity, discusses the risks AI agents pose to organizations. As these agents become embedded in enterprise systems, the potential for misuse, data leakage, and unauthorized access grows. Ideskog warns that
The AI security crisis no one is preparing for Read More »