Webinar: Why AI and SaaS are now the same attack surface 2025-08-19 at 17:54 By Help Net Security The lines between SaaS and AI are vanishing. AI agents are now first-class citizens in your SaaS universe: accessing sensitive data, triggering workflows, and introducing new risks that legacy SaaS security posture management tools (SSPM) miss. Security […]
Webinar: Why AI and SaaS are now the same attack surface Read More »
Android VPN apps used by millions are covertly connected AND insecure 2025-08-19 at 17:07 By Zeljka Zorz Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs)
Android VPN apps used by millions are covertly connected AND insecure Read More »
What happens when penetration testing goes virtual and gets an AI coach 2025-08-19 at 09:32 By Mirko Zorz Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs)
What happens when penetration testing goes virtual and gets an AI coach Read More »
As AI grows smarter, your identity security must too 2025-08-19 at 08:35 By Help Net Security AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents
As AI grows smarter, your identity security must too Read More »
What makes airport and airline systems so vulnerable to attack? 2025-08-19 at 07:32 By Help Net Security In this Help Net Security video, Recep Ozdag, VP and GM at Keysight Technologies, explains why airline and airport systems are so difficult to secure. He explores the complex aviation ecosystem, from legacy systems and third-party vendors to
What makes airport and airline systems so vulnerable to attack? Read More »
New NIST guide explains how to detect morphed images 2025-08-18 at 18:00 By Sinisa Markovic Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo
New NIST guide explains how to detect morphed images Read More »
Noodlophile infostealer is hiding behind fake copyright and PI infringement notices 2025-08-18 at 16:12 By Zeljka Zorz Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property infringement, Morphisec researchers have warned. The campaign The emails, ostensibly sent by a law firm, are tailored to
Noodlophile infostealer is hiding behind fake copyright and PI infringement notices Read More »
How security teams are putting AI to work right now 2025-08-18 at 09:42 By Mirko Zorz AI is moving from proof-of-concept into everyday security operations. In many SOCs, it is now used to cut down alert noise, guide analysts during investigations, and speed up incident response. What was once seen as experimental technology is starting
How security teams are putting AI to work right now Read More »
Buttercup: Open-source AI-driven system detects and patches vulnerabilities 2025-08-18 at 09:42 By Help Net Security Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place in DARPA’s AI Cyber Challenge (AIxCC). Main components Buttercup is made up of four main
Buttercup: Open-source AI-driven system detects and patches vulnerabilities Read More »
Review: Data Engineering for Cybersecurity 2025-08-18 at 08:12 By Mirko Zorz Data Engineering for Cybersecurity sets out to bridge a gap many security teams encounter: knowing what to do with the flood of logs, events, and telemetry they collect. About the author James Bonifield has a decade of experience analyzing malicious activity, implementing data pipelines,
Review: Data Engineering for Cybersecurity Read More »
Weak alerting and slipping prevention raise risk levels for CISOs 2025-08-18 at 07:47 By Mirko Zorz Prevention effectiveness is falling, detection gaps remain wide, and attackers are exploiting weaknesses in data protection and credentials. Data theft prevention has dropped to 3 percent, password cracking success rates have nearly doubled, and new threat groups are bypassing
Weak alerting and slipping prevention raise risk levels for CISOs Read More »
How military leadership prepares veterans for cybersecurity success 2025-08-15 at 09:47 By Mirko Zorz In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity. Drawing on habits such
How military leadership prepares veterans for cybersecurity success Read More »
Fighting fraud with AI: The new identity security playbook 2025-08-15 at 08:34 By Help Net Security In this Help Net Security video, Hal Lonas, CTO at Trulioo, talks about the rise of synthetic identity fraud and how it’s quickly becoming one of the biggest threats in financial crime. He breaks down how fraudsters are using
Fighting fraud with AI: The new identity security playbook Read More »
Brute-force attacks hammer Fortinet devices worldwide 2025-08-14 at 17:05 By Zeljka Zorz A surge in brute-force attempts targeting Fortinet SSL VPNs that was spotted earlier this month could be a portent of imminent attacks leveraging currently undisclosed (potentially zero-day) vulnerabilities in Fortinet devices. Shifting attacks Greynoise, a cybersecurity intelligence service that through its global network
Brute-force attacks hammer Fortinet devices worldwide Read More »
For $40, you can buy stolen police and government email accounts 2025-08-14 at 15:01 By Sinisa Markovic Active police and government email accounts are being sold on the dark web for as little as $40, giving cybercriminals a direct line into systems and services that rely on institutional trust. According to new research from Abnormal
For $40, you can buy stolen police and government email accounts Read More »
Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876) 2025-08-14 at 13:33 By Zeljka Zorz Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service providers, are being exploited by attackers. There are no public reports of exploitation, but the confirmation came from
AI security governance converts disorder into deliberate innovation 2025-08-14 at 09:16 By Help Net Security AI security governance provides a stable compass, channeling efforts and transforming AI from an experimental tool to a reliable, enterprise-class solution. With adequate governance built at the center of AI efforts, business leaders can shape AI plans with intention, while
AI security governance converts disorder into deliberate innovation Read More »
Open-source flow monitoring with SENSOR: Benefits and trade-offs 2025-08-14 at 09:16 By Mirko Zorz Flow monitoring tools are useful for tracking traffic patterns, planning capacity, and spotting threats. But many off-the-shelf solutions come with steep licensing costs and hardware demands, especially if you want to process every packet. A research team at the University of
Open-source flow monitoring with SENSOR: Benefits and trade-offs Read More »
The top CTEM platforms you should know in 2025 2025-08-14 at 08:02 By Help Net Security Continuous Threat Exposure Management (CTEM) is a modern cybersecurity strategy originally coined by Gartner analysts, which focuses on identifying, prioritizing, validating, and mobilizing teams to reduce threat exposure across an organization’s full attack surface. It’s in a category of
The top CTEM platforms you should know in 2025 Read More »
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities 2025-08-13 at 18:01 By Zeljka Zorz The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions worldwide” that were attacked using the Microsoft SharePoint “ToolShell” vulnerabilities. The attack happened on Thursday,
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities Read More »