Photos: Black Hat USA 2025 2025-08-07 at 11:38 By Help Net Security Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Google, Tines, Veracode, VioletX, Pentera, Keep Aware, Oleria, SpyCloud, Trend Micro and Picus Security. The post Photos: Black Hat USA 2025 […]
Photos: Black Hat USA 2025 Read More »
Beyond PQC: Building adaptive security programs for the unknown 2025-08-07 at 09:15 By Mirko Zorz In this Help Net Security interview, Jordan Avnaim, CISO at Entrust, discusses how to communicate the quantum computing threat to executive teams using a risk-based approach. He explains why post-quantum cryptography (PQC) is an urgent and long-term priority. Avnaim also
Beyond PQC: Building adaptive security programs for the unknown Read More »
AI can write your code, but nearly half of it may be insecure 2025-08-07 at 09:15 By Help Net Security While GenAI excels at producing functional code, it introduces security vulnerabilities in 45 percent of cases, according to Veracode’s 2025 GenAI Code Security Report, which analyzed code produced by over 100 LLMs across 80 real-world
AI can write your code, but nearly half of it may be insecure Read More »
Energy companies are blind to thousands of exposed services 2025-08-07 at 07:02 By Anamarija Pogorelec Many of America’s largest energy providers are exposed to known and exploitable vulnerabilities, and most security teams may not even see them, according to a new report from SixMap. Researchers assessed the external attack surface of 21 major energy companies,
Energy companies are blind to thousands of exposed services Read More »
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC 2025-08-06 at 16:33 By Zeljka Zorz Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details about the flaws have been public
Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC Read More »
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) 2025-08-06 at 15:05 By Zeljka Zorz Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) Read More »
Cybersecurity and the development of software-defined vehicles 2025-08-06 at 13:18 By Help Net Security In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not
Cybersecurity and the development of software-defined vehicles Read More »
Ransomware is up, zero-days are booming, and your IP camera might be next 2025-08-06 at 08:47 By Help Net Security Cyber attackers are finding new ways in through the overlooked and unconventional network corners. Forescout’s 2025H1 Threat Review reveals a surge in advanced tactics, with zero-day exploits up 46 percent and ransomware attacks averaging 20
Ransomware is up, zero-days are booming, and your IP camera might be next Read More »
AI in the SOC: Game-changer or more noise? 2025-08-06 at 08:02 By Help Net Security In this Help Net Security video, Kev Marriott, Senior Manager of Cyber at Immersive Labs, explores the challenges and opportunities of integrating AI into Security Operations Centers (SOCs). While AI can boost productivity by automating manual tasks and reducing alert
AI in the SOC: Game-changer or more noise? Read More »
CISOs say they’re prepared, their data says otherwise 2025-08-06 at 08:02 By Sinisa Markovic Most security teams believe they can act quickly when a threat emerges. But many don’t trust the very data they rely on to do so, and that’s holding them back. A new Axonius report, based on a survey of 500 U.S.-based
CISOs say they’re prepared, their data says otherwise Read More »
Millions of Dell laptops could be persistently backdoored in ReVault attacks 2025-08-05 at 21:19 By Zeljka Zorz A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve persistent access even across Windows reinstalls, Cisco Talos researchers have discovered. About the
Millions of Dell laptops could be persistently backdoored in ReVault attacks Read More »
Project Ire: Microsoft’s autonomous malware detection AI agent 2025-08-05 at 19:45 By Zeljka Zorz Microsoft is working on a AI agent whose main goal is autonomous malware detection and the prototype – dubbed Project Ire – is showing great potential, the company has announced on Tuesday. Tested on a dataset of known malicious and benign
Project Ire: Microsoft’s autonomous malware detection AI agent Read More »
Security tooling pitfalls for small teams: Cost, complexity, and low ROI 2025-08-05 at 10:11 By Mirko Zorz In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, cloud-native teams. He explains how simplicity, integration, and automation are key for
Security tooling pitfalls for small teams: Cost, complexity, and low ROI Read More »
BloodHound 8.0 debuts with major upgrades in attack path management 2025-08-05 at 10:11 By Help Net Security SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities. BloodHound OpenGraph The release introduces BloodHound OpenGraph, a major advancement in identity attack path management that uncovers
BloodHound 8.0 debuts with major upgrades in attack path management Read More »
Back to basics webinar: The ecosystem of CIS Security best practices 2025-08-05 at 08:17 By Help Net Security Generative AI models, multi-cloud strategies, Internet of Things devices, third-party suppliers, and a growing list of regulatory compliance obligations all require the same security response: come together as a community to prioritize the basics. Watch this on-demand
Back to basics webinar: The ecosystem of CIS Security best practices Read More »
SonicWall firewalls targeted in ransomware attacks, possibly via zero-day 2025-08-04 at 14:34 By Zeljka Zorz Attackers wielding the Akira ransomware and possibly a zero-day exploit have been spotted targeting SonicWall firewalls since July 15, 2025. “In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through
SonicWall firewalls targeted in ransomware attacks, possibly via zero-day Read More »
AIBOMs are the new SBOMs: The missing link in AI risk management 2025-08-04 at 09:11 By Mirko Zorz In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains
AIBOMs are the new SBOMs: The missing link in AI risk management Read More »
Average global data breach cost now $4.44 million 2025-08-04 at 08:37 By Anamarija Pogorelec IBM released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the
Average global data breach cost now $4.44 million Read More »
Open-source password recovery utility Hashcat 7.0.0 released 2025-08-04 at 08:10 By Anamarija Pogorelec Hashcat is an open-source password recovery tool that supports five attack modes and more than 300 highly optimized hashing algorithms. It runs on CPUs, GPUs, and other hardware accelerators across Linux, Windows, and macOS, and includes features for distributed password cracking at
Open-source password recovery utility Hashcat 7.0.0 released Read More »
Smart steps to keep your AI future-ready 2025-08-01 at 09:36 By Mirko Zorz In this Help Net Security interview, Rohan Sen, Principal, Cyber, Data, and Tech Risk, PwC US, discusses how organizations can design autonomous AI agents with strong governance from day one. As AI becomes more embedded in business ecosystems, overlooking agent-level security can
Smart steps to keep your AI future-ready Read More »