Don't miss - Security Ticks

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain / SecurityTicks

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also […]

React to this headline:

Building cyber resilience in always-on industrial environments Read More »

Breaking the cycle of attack playbook reuse

Bitdefender, Don't miss, Endpoint Security, Expert analysis, Expert corner, Hot stuff, News / SecurityTicks

Breaking the cycle of attack playbook reuse 2025-06-26 at 08:32 By Help Net Security Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment is

React to this headline:

Breaking the cycle of attack playbook reuse Read More »

Kanister: Open-source data protection workflow management tool

Cloud Native Computing Foundation, Data Protection, Don't miss, GitHub, Kubernetes, News, open source, software / SecurityTicks

Kanister: Open-source data protection workflow management tool 2025-06-26 at 08:04 By Help Net Security Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to

React to this headline:

Kanister: Open-source data protection workflow management tool Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability / SecurityTicks

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

React to this headline:

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

Windows 10: How to get security updates for free until 2026

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, security update, SMBs, Windows / SecurityTicks

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Windows 10: How to get security updates for free until 2026 Read More »

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up

Artificial Intelligence, Don't miss, HackerOne, News, penetration testing, XBOW / SecurityTicks

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up 2025-06-25 at 12:48 By Sinisa Markovic XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat

React to this headline:

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up Read More »

Why the SOC needs its “Moneyball” moment

Artificial Intelligence, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, Illumio, News, opinion, SOC / SecurityTicks

Why the SOC needs its “Moneyball” moment 2025-06-25 at 09:05 By Help Net Security In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data and

React to this headline:

Why the SOC needs its “Moneyball” moment Read More »

From posture to prioritization: The shift toward unified runtime platforms

Artificial Intelligence, CISO, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, Risk Management, skill development, strategy, Upwind / SecurityTicks

From posture to prioritization: The shift toward unified runtime platforms 2025-06-25 at 08:49 By Mirko Zorz In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk

React to this headline:

From posture to prioritization: The shift toward unified runtime platforms Read More »

Why should companies or organizations convert to FIDO security keys?

authentication, cybersecurity, Don't miss, Features, FIDO Alliance, hardware, Hot stuff, News, strategy, Swissbit, tips / SecurityTicks

Why should companies or organizations convert to FIDO security keys? 2025-06-25 at 08:09 By Mirko Zorz In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights

React to this headline:

Why should companies or organizations convert to FIDO security keys? Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

data theft, Don't miss, Hot stuff, Microsoft, News, SonicWall, trojan, VPN / SecurityTicks

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

React to this headline:

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

Don't miss, Hot stuff, News, Trend Micro, vulnerability, Windows, WinRAR / SecurityTicks

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) 2025-06-24 at 12:45 By Zeljka Zorz A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised

React to this headline:

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) Read More »

Why work-life balance in cybersecurity must start with executive support

burnout, CISO, communication, cybersecurity, Don't miss, Features, Hot stuff, News, professional / SecurityTicks

Why work-life balance in cybersecurity must start with executive support 2025-06-24 at 08:34 By Mirko Zorz In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace

React to this headline:

Why work-life balance in cybersecurity must start with executive support Read More »

Reconmap: Open-source vulnerability assessment, pentesting management platform

Don't miss, GitHub, News, open source, reconnaissance, software / SecurityTicks

Reconmap: Open-source vulnerability assessment, pentesting management platform 2025-06-24 at 08:03 By Help Net Security Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work together,

React to this headline:

Reconmap: Open-source vulnerability assessment, pentesting management platform Read More »

Microsoft will start removing legacy drivers from Windows Update

Don't miss, drivers, Hot stuff, Microsoft, News, Windows / SecurityTicks

Microsoft will start removing legacy drivers from Windows Update 2025-06-23 at 17:47 By Zeljka Zorz Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. This is intended to be an ongoing process and Microsoft is planning to introduce

React to this headline:

Microsoft will start removing legacy drivers from Windows Update Read More »

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets

Blockaid, C/side, Cryptocurrency, Don't miss, Hot stuff, JavaScript, News, supply chain attacks / SecurityTicks

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets 2025-06-23 at 16:38 By Zeljka Zorz The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as

React to this headline:

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, security update, vulnerability / SecurityTicks

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

React to this headline:

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

Stealthy backdoor found hiding in SOHO devices running Linux

Asus, backdoor, China, Cisco, CISO, cybercrime, D-Link, Don't miss, hardware, Linksys, Microsoft, News, router, Ruckus Networks, security cameras, SecurityScorecard, Synology / SecurityTicks

Stealthy backdoor found hiding in SOHO devices running Linux 2025-06-23 at 11:02 By Mirko Zorz SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to

React to this headline:

Stealthy backdoor found hiding in SOHO devices running Linux Read More »

Review: Redefining Hacking

Amazon, books, Cisco, Don't miss, News, Review, Reviews / SecurityTicks

Review: Redefining Hacking 2025-06-23 at 09:06 By Mirko Zorz Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on AI security, research, incident response, and

React to this headline:

Review: Redefining Hacking Read More »

How CISOs can justify security investments in financial terms

CBIZ, CISO, cybersecurity, Don't miss, Features, financial industry, Hot stuff, News, risk, Risk Management, strategy / SecurityTicks

How CISOs can justify security investments in financial terms 2025-06-23 at 09:06 By Mirko Zorz In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and

React to this headline:

How CISOs can justify security investments in financial terms Read More »

Quantum risk is already changing cybersecurity

CISO, cyber resilience, cyber risk, Cyber Threat Alliance, cybersecurity, Don't miss, Hot stuff, News, quantum computing, report, Risk Management / SecurityTicks

Quantum risk is already changing cybersecurity 2025-06-23 at 08:18 By Mirko Zorz A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s

React to this headline:

Quantum risk is already changing cybersecurity Read More »

Don’t miss