Don’t miss

OpenNHP: Cryptography-driven zero trust protocol

Don't miss, Encryption, GitHub, News, open source, software, zero trust /

OpenNHP: Cryptography-driven zero trust protocol 2025-02-05 at 07:01 By Mirko Zorz OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing via encrypted DNS Protects […]

React to this headline:

Loading spinner

OpenNHP: Cryptography-driven zero trust protocol Read More »

The API security crisis and why businesses are at risk

API security, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Video, Wallarm /

The API security crisis and why businesses are at risk 2025-02-05 at 06:30 By Help Net Security In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks.

React to this headline:

Loading spinner

The API security crisis and why businesses are at risk Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

React to this headline:

Loading spinner

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Casio UK site compromised, equipped with web skimmer

data theft, Don't miss, Hot stuff, Jscrambler, magento, News, web hacks /

Casio UK site compromised, equipped with web skimmer 2025-02-04 at 13:20 By Zeljka Zorz Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that the same skimmer has been added to at least seventeen (and possibly

React to this headline:

Loading spinner

Casio UK site compromised, equipped with web skimmer Read More »

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

Cryptocurrency, Don't miss, extortion, finance, fraud, Hot stuff, News, USA, vulnerability /

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities 2025-02-04 at 12:16 By Help Net Security A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court

React to this headline:

Loading spinner

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities Read More »

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR

Don't miss, News, Stellar Cyber, Whitepapers and webinars /

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR 2025-02-04 at 10:45 By Help Net Security Join cybersecurity expert Jonathan Mayled from 5-hour Energy as he uncovers the limitations of log-based SIEMs and the transformative role of AI-driven Network Detection and Response (NDR). Logs alone can’t deliver the visibility and context required to secure modern,

React to this headline:

Loading spinner

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR Read More »

Aim for crypto-agility, prepare for the long haul

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Fortanix, Hot stuff, News, opinion, quantum computing, standards /

Aim for crypto-agility, prepare for the long haul 2025-02-04 at 07:33 By Help Net Security While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning,

React to this headline:

Loading spinner

Aim for crypto-agility, prepare for the long haul Read More »

What you can do to prevent workforce fraud

authentication, cybersecurity, Don't miss, Features, fraud, Government, Hot stuff, identity verification, News, Nisos, opinion, professional, remote working, threats /

What you can do to prevent workforce fraud 2025-02-04 at 07:19 By Mirko Zorz In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses face

React to this headline:

Loading spinner

What you can do to prevent workforce fraud Read More »

DeepSeek’s popularity exploited to push malicious packages via PyPI

data theft, DeepSeek, Don't miss, Hot stuff, Malware, News, Positive Technologies, PyPI, Python /

DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started

React to this headline:

Loading spinner

DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »

The hidden dangers of a toxic cybersecurity workplace

burnout, collaboration, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, professional, SANS /

The hidden dangers of a toxic cybersecurity workplace 2025-02-03 at 07:35 By Mirko Zorz In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear

React to this headline:

Loading spinner

The hidden dangers of a toxic cybersecurity workplace Read More »

BadDNS: Open-source tool checks for subdomain takeovers

Don't miss, GitHub, News, open source, penetration testing, scanning, software /

BadDNS: Open-source tool checks for subdomain takeovers 2025-02-03 at 07:03 By Mirko Zorz BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and

React to this headline:

Loading spinner

BadDNS: Open-source tool checks for subdomain takeovers Read More »

How to use iCloud Private Relay for enhanced privacy

apple, cybersecurity, Don't miss, how-to, News, Privacy, Safari /

How to use iCloud Private Relay for enhanced privacy 2025-02-03 at 06:04 By Help Net Security iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that

React to this headline:

Loading spinner

How to use iCloud Private Relay for enhanced privacy Read More »

Patient monitors with backdoor are sending info to China, CISA warns

backdoor, CISA, Don't miss, healthcare, Hot stuff, medical data, medical devices, News, Privacy, vulnerability /

Patient monitors with backdoor are sending info to China, CISA warns 2025-01-31 at 14:03 By Zeljka Zorz Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download

React to this headline:

Loading spinner

Patient monitors with backdoor are sending info to China, CISA warns Read More »

Deploying AI at the edge: The security trade-offs and how to manage them

Artificial Intelligence, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, Latent AI, network, News, opinion /

Deploying AI at the edge: The security trade-offs and how to manage them 2025-01-31 at 07:34 By Mirko Zorz Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer

React to this headline:

Loading spinner

Deploying AI at the edge: The security trade-offs and how to manage them Read More »

Cybercrime forums Cracked and Nulled seized, operators arrested

arrest, cybercrime, Don't miss, Europe, Germany, Hot stuff, law enforcement, News /

Cybercrime forums Cracked and Nulled seized, operators arrested 2025-01-30 at 18:50 By Zeljka Zorz Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites “nulled.to”

React to this headline:

Loading spinner

Cybercrime forums Cracked and Nulled seized, operators arrested Read More »

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Arctic Wolf Networks, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, remote management, SimpleHelp /

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server

React to this headline:

Loading spinner

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Chrome, computer forensics, DNS, Don't miss, GitHub, News, open source, software /

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

React to this headline:

Loading spinner

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

How to use Hide My Email to protect your inbox from spam

apple, Don't miss, email security, how-to, News, Privacy /

How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email

React to this headline:

Loading spinner

How to use Hide My Email to protect your inbox from spam Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

Scroll to Top