Don’t miss

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News /

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) 2025-08-20 at 22:42 By Zeljka Zorz Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable […]

React to this headline:

Loading spinner

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) Read More »

Alleged Rapper Bot DDoS botnet master arrested, charged

arrest, botnet, DDoS, Don't miss, extortion, Hot stuff, News, USA /

Alleged Rapper Bot DDoS botnet master arrested, charged 2025-08-20 at 21:47 By Zeljka Zorz US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugene, Oregon, is accused of

React to this headline:

Loading spinner

Alleged Rapper Bot DDoS botnet master arrested, charged Read More »

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

Don't miss, exploit, Hot stuff, News, Onapsis, SAP, SAP security, Shadowserver, vulnerability /

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram

React to this headline:

Loading spinner

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »

Password crisis in healthcare: Meeting and exceeding HIPAA requirements

authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, healthcare, HIPAA, Hot stuff, News, passwords, Passwork, regulation /

Password crisis in healthcare: Meeting and exceeding HIPAA requirements 2025-08-20 at 19:25 By Help Net Security In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders

React to this headline:

Loading spinner

Password crisis in healthcare: Meeting and exceeding HIPAA requirements Read More »

Commvault plugs holes in backup suite that allow remote code execution

backup, Commvault, Don't miss, enterprise, Government, Hot stuff, News, WatchTowr /

Commvault plugs holes in backup suite that allow remote code execution 2025-08-20 at 17:33 By Zeljka Zorz Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday by researchers at watchTowr Labs, who

React to this headline:

Loading spinner

Commvault plugs holes in backup suite that allow remote code execution Read More »

The 6 challenges your business will face in implementing MLSecOps

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, OpenSSF, opinion, software /

The 6 challenges your business will face in implementing MLSecOps 2025-08-20 at 09:04 By Help Net Security Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps addresses this critical gap in security perimeters by combining AI

React to this headline:

Loading spinner

The 6 challenges your business will face in implementing MLSecOps Read More »

LudusHound: Open-source tool brings BloodHound data to life

cybersecurity, Don't miss, GitHub, News, open source, red team, software, SpecterOps /

LudusHound: Open-source tool brings BloodHound data to life 2025-08-20 at 08:31 By Mirko Zorz LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment using previously gathered BloodHound data. Red teams can use this

React to this headline:

Loading spinner

LudusHound: Open-source tool brings BloodHound data to life Read More »

The AI security crisis no one is preparing for

access management, Artificial Intelligence, Curity, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, Non Human Identities, security controls, strategy, threat /

The AI security crisis no one is preparing for 2025-08-20 at 08:03 By Mirko Zorz In this Help Net Security interview, Jacob Ideskog, CTO of Curity, discusses the risks AI agents pose to organizations. As these agents become embedded in enterprise systems, the potential for misuse, data leakage, and unauthorized access grows. Ideskog warns that

React to this headline:

Loading spinner

The AI security crisis no one is preparing for Read More »

Webinar: Why AI and SaaS are now the same attack surface

Don't miss, Hot stuff, News, Vorlon Security, Whitepapers and webinars /

Webinar: Why AI and SaaS are now the same attack surface 2025-08-19 at 17:54 By Help Net Security The lines between SaaS and AI are vanishing. AI agents are now first-class citizens in your SaaS universe: accessing sensitive data, triggering workflows, and introducing new risks that legacy SaaS security posture management tools (SSPM) miss. Security

React to this headline:

Loading spinner

Webinar: Why AI and SaaS are now the same attack surface Read More »

Android VPN apps used by millions are covertly connected AND insecure

Android, Don't miss, Hot stuff, mobile apps, News, Privacy, research, VPN /

Android VPN apps used by millions are covertly connected AND insecure 2025-08-19 at 17:07 By Zeljka Zorz Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs)

React to this headline:

Loading spinner

Android VPN apps used by millions are covertly connected AND insecure Read More »

What happens when penetration testing goes virtual and gets an AI coach

Artificial Intelligence, Don't miss, Features, framework, Hot stuff, News, penetration testing, research, Sectigo, skill development, training /

What happens when penetration testing goes virtual and gets an AI coach 2025-08-19 at 09:32 By Mirko Zorz Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs)

React to this headline:

Loading spinner

What happens when penetration testing goes virtual and gets an AI coach Read More »

As AI grows smarter, your identity security must too

AWS, cybersecurity, Don't miss, Expert analysis, Hot stuff, SailPoint /

As AI grows smarter, your identity security must too 2025-08-19 at 08:35 By Help Net Security AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents

React to this headline:

Loading spinner

As AI grows smarter, your identity security must too Read More »

What makes airport and airline systems so vulnerable to attack?

CISO, cybersecurity, Don't miss, Hot stuff, Keysight Technologies, News, opinion, strategy, tips, travel industry, Video /

What makes airport and airline systems so vulnerable to attack? 2025-08-19 at 07:32 By Help Net Security In this Help Net Security video, Recep Ozdag, VP and GM at Keysight Technologies, explains why airline and airport systems are so difficult to secure. He explores the complex aviation ecosystem, from legacy systems and third-party vendors to

React to this headline:

Loading spinner

What makes airport and airline systems so vulnerable to attack? Read More »

New NIST guide explains how to detect morphed images

authentication, cybercrime, Don't miss, how-to, News, NIST, research, scams, tips /

New NIST guide explains how to detect morphed images 2025-08-18 at 18:00 By Sinisa Markovic Face morphing software can blend two people’s photos into one image, making it possible for someone to fool identity checks at buildings, airports, borders, and other secure places. These morphed images can trick face recognition systems into linking the photo

React to this headline:

Loading spinner

New NIST guide explains how to detect morphed images Read More »

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices

Asia, cybercrime, data theft, Don't miss, Europe, Hot stuff, Malware, Morphisec, News, spear-phishing, USA /

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices 2025-08-18 at 16:12 By Zeljka Zorz Attackers pushing the Noodlophile infostealer are targeting businesses with spear-phishing emails threatening legal action due to copyright or intellectual property infringement, Morphisec researchers have warned. The campaign The emails, ostensibly sent by a law firm, are tailored to

React to this headline:

Loading spinner

Noodlophile infostealer is hiding behind fake copyright and PI infringement notices Read More »

How security teams are putting AI to work right now

Artificial Intelligence, Blackwire Labs, CISO, Conifers, cybersecurity, Don't miss, enterprise, Features, generative AI, Hot stuff, LLMs, News, strategy, tips, Tufin /

How security teams are putting AI to work right now 2025-08-18 at 09:42 By Mirko Zorz AI is moving from proof-of-concept into everyday security operations. In many SOCs, it is now used to cut down alert noise, guide analysts during investigations, and speed up incident response. What was once seen as experimental technology is starting

React to this headline:

Loading spinner

How security teams are putting AI to work right now Read More »

Buttercup: Open-source AI-driven system detects and patches vulnerabilities

darpa, Don't miss, GitHub, Hot stuff, News, open source, software, Trail of Bits /

Buttercup: Open-source AI-driven system detects and patches vulnerabilities 2025-08-18 at 09:42 By Help Net Security Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source software. Developed by Trail of Bits, it recently earned second place in DARPA’s AI Cyber Challenge (AIxCC). Main components Buttercup is made up of four main

React to this headline:

Loading spinner

Buttercup: Open-source AI-driven system detects and patches vulnerabilities Read More »

Review: Data Engineering for Cybersecurity

books, cybersecurity, Don't miss, News, No Starch Press, Review, Reviews, skill development /

Review: Data Engineering for Cybersecurity 2025-08-18 at 08:12 By Mirko Zorz Data Engineering for Cybersecurity sets out to bridge a gap many security teams encounter: knowing what to do with the flood of logs, events, and telemetry they collect. About the author James Bonifield has a decade of experience analyzing malicious activity, implementing data pipelines,

React to this headline:

Loading spinner

Review: Data Engineering for Cybersecurity Read More »

Weak alerting and slipping prevention raise risk levels for CISOs

CISO, cyber risk, cybersecurity, Don't miss, News, Picus Security, report, strategy, survey, tips /

Weak alerting and slipping prevention raise risk levels for CISOs 2025-08-18 at 07:47 By Mirko Zorz Prevention effectiveness is falling, detection gaps remain wide, and attackers are exploiting weaknesses in data protection and credentials. Data theft prevention has dropped to 3 percent, password cracking success rates have nearly doubled, and new threat groups are bypassing

React to this headline:

Loading spinner

Weak alerting and slipping prevention raise risk levels for CISOs Read More »

How military leadership prepares veterans for cybersecurity success

cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, NTT, skill development, threats, training /

How military leadership prepares veterans for cybersecurity success 2025-08-15 at 09:47 By Mirko Zorz In this Help Net Security interview, Warren O’Driscoll, Head of Security Practice at NTT DATA UK and Ireland, discusses how military leadership training equips veterans with the mindset, resilience, and strategic thinking needed to excel in cybersecurity. Drawing on habits such

React to this headline:

Loading spinner

How military leadership prepares veterans for cybersecurity success Read More »

Scroll to Top