Don’t miss

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

Akamai, Don't miss, Hot stuff, Immersive, Microsoft, MS Office, News, Patch Tuesday, SharePoint, Tenable, Trend Micro /

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) 2025-08-13 at 15:20 By Zeljka Zorz For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (CVE-2025-53779) that allows an authorized attacker to elevate privileges over a network as part of a […]

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) Read More »

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Don't miss, exploit, Fortinet, Hot stuff, News, security update, SIEM /

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256) 2025-08-13 at 12:43 By Zeljka Zorz Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About CVE-2025-25256 FortiSIEM is a security information and event management platform used by organizations to collect, correlate

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256) Read More »

AWS CISO explains how cloud-native security scales with your business

access management, Amazon Web Services, Artificial Intelligence, AWS, CISO, Cloud, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, strategy /

AWS CISO explains how cloud-native security scales with your business 2025-08-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes

AWS CISO explains how cloud-native security scales with your business Read More »

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD

Apricorn, data security, Don't miss, Encryption, hardware, News, Product showcase /

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD 2025-08-13 at 08:31 By Anamarija Pogorelec The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS free and cross-platform compatible. Design and build The drive comes with

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD Read More »

How to build and grow a scalable vCISO practice as an MSP

Cynomi, Don't miss, Hot stuff, News /

How to build and grow a scalable vCISO practice as an MSP 2025-08-13 at 08:03 By Help Net Security The cybersecurity needs of small and midsize businesses have reached a critical point. Compliance mandates, increasing ransomware attacks, and cyber insurance requirements are driving demand for expert guidance. Yet, hiring a full-time Chief Information Security Officer

How to build and grow a scalable vCISO practice as an MSP Read More »

Global OT cyber risk could top $329 billion, new report warns

critical infrastructure, cyber risk, cybersecurity, Don't miss, Dragos, ICS/SCADA, Marsh McLennan, News, report, Risk Management /

Global OT cyber risk could top $329 billion, new report warns 2025-08-13 at 07:36 By Anamarija Pogorelec A new study from Dragos and Marsh McLennan puts hard numbers on the global financial risk tied to OT cyber incidents. The 2025 OT Security Financial Risk Report estimates that the most extreme scenarios could place more than

Global OT cyber risk could top $329 billion, new report warns Read More »

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)

Citrix, Don't miss, Europe, Fortinet, Hot stuff, NCSC-NL, NetScaler, News, Shadowserver /

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) 2025-08-12 at 17:51 By Zeljka Zorz FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting Citrix Bleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC (Application Delivery Controller) and Gateway devices. Since July 28, 2025, they have detected over 6,000 exploitation

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

0-day, APT, backdoor, BI.ZONE, Canada, cyber espionage, Don't miss, ESET, Europe, exploit, Hot stuff, News, Russian Federation, spear-phishing, WinRAR /

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

APT groups are getting personal, and CISOs should be concerned

APT, attacks, CISO, cybersecurity, Data Protection, Don't miss, Doppel, Features, Hot stuff, how-to, News, Privacy, strategy, threats, tips /

APT groups are getting personal, and CISOs should be concerned 2025-08-12 at 14:42 By Mirko Zorz Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store

APT groups are getting personal, and CISOs should be concerned Read More »

What makes a security program mature and how to get there faster

CISO, Don't miss, Hot stuff, News, PlexTrac, strategy, tips, Video /

What makes a security program mature and how to get there faster 2025-08-12 at 08:31 By Help Net Security Security leaders are flush with tools and data, but it’s not helping their programs mature. In this Help Net Security video, PlexTrac’s Dan DeCloss outlines the 3 key gaps holding security programs back and what sets

What makes a security program mature and how to get there faster Read More »

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Semperis, software /

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations 2025-08-12 at 08:01 By Help Net Security EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security professionals practice spotting and exploiting common misconfigurations. The tool creates a range

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations Read More »

Win-DDoS: Attackers can turn public domain controllers into DDoS agents

DDoS, Don't miss, DoS, enterprise, Hot stuff, News, SafeBreach, vulnerability, Windows, Windows Server /

Win-DDoS: Attackers can turn public domain controllers into DDoS agents 2025-08-11 at 16:02 By Zeljka Zorz SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed

Win-DDoS: Attackers can turn public domain controllers into DDoS agents Read More »

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and

How Brandolini’s law informs our everyday infosec reality Read More »

From legacy to SaaS: Why complexity is the enemy of enterprise security

access management, authentication, Bridge IT, CISO, cybersecurity, digital transformation, Don't miss, enterprise, Features, Hot stuff, identity verification, MFA, News, SaaS, security awareness, strategy, tips, zero trust /

From legacy to SaaS: Why complexity is the enemy of enterprise security 2025-08-11 at 08:32 By Mirko Zorz In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance

From legacy to SaaS: Why complexity is the enemy of enterprise security Read More »

Review: From Day Zero to Zero Day

books, Don't miss, how-to, News, Review, Reviews, skill development, strategy, tips, vulnerability assessment /

Review: From Day Zero to Zero Day 2025-08-11 at 08:02 By Mirko Zorz From Day Zero to Zero Day is a practical guide for cybersecurity pros who want to move beyond reading about vulnerabilities and start finding them. It gives a methodical look at how real vulnerability research is done. About the author Eugene Lim

Review: From Day Zero to Zero Day Read More »

August 2025 Patch Tuesday forecast: Try, try, again

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, SharePoint /

August 2025 Patch Tuesday forecast: Try, try, again 2025-08-08 at 09:30 By Help Net Security July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly

August 2025 Patch Tuesday forecast: Try, try, again Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

Third-party partners or ticking time bombs? Read More »

What GPT‑5 means for IT teams, devs, and the future of AI at work

Artificial Intelligence, Azoma, ChatGPT, Don't miss, generative AI, LLMs, News /

What GPT‑5 means for IT teams, devs, and the future of AI at work 2025-08-07 at 20:58 By Sinisa Markovic OpenAI has released GPT‑5, the newest version of its large language model. It’s now available to developers and ChatGPT users, and it brings some real changes to how AI can be used in business and

What GPT‑5 means for IT teams, devs, and the future of AI at work Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

CISA, cloud security, Don't miss, Email, enterprise, Hot stuff, hybrid IT, Microsoft Exchange, News /

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Don't miss, firewall, GuidePoint Security, Hot stuff, Huntress, News, SonicWall, vulnerability /

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls 2025-08-07 at 14:34 By Zeljka Zorz Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls Read More »

Scroll to Top