Don’t miss

NIST proposes new metric to gauge exploited vulnerabilities

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a […]

React to this headline:

Loading spinner

NIST proposes new metric to gauge exploited vulnerabilities Read More »

Cyber threats are changing and here’s what you should watch for

Cyber threats are changing and here’s what you should watch for 2025-05-26 at 07:33 By Help Net Security In this Help Net Security video, Stefan Tanase, Cyber Intelligence Expert at CSIS, gives an overview of how cybercriminals are changing their tactics, including using legitimate tools to avoid detection and developing more advanced info-stealing malware. Tanase

React to this headline:

Loading spinner

Cyber threats are changing and here’s what you should watch for Read More »

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

React to this headline:

Loading spinner

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

TikTok videos + ClickFix tactic = Malware infection

TikTok videos + ClickFix tactic = Malware infection 2025-05-23 at 15:53 By Zeljka Zorz Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-made, and are

React to this headline:

Loading spinner

TikTok videos + ClickFix tactic = Malware infection Read More »

DanaBot botnet disrupted, QakBot leader indicted

DanaBot botnet disrupted, QakBot leader indicted 2025-05-23 at 14:17 By Zeljka Zorz Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame 2.0 Coordinated by

React to this headline:

Loading spinner

DanaBot botnet disrupted, QakBot leader indicted Read More »

Is privacy becoming a luxury? A candid look at consumer data use

Is privacy becoming a luxury? A candid look at consumer data use 2025-05-23 at 09:02 By Mirko Zorz In this Help Net Security interview, Dr. Joy Wu, Assistant Professor, UBC Sauder School of Business, discusses the psychological and societal impacts of data monetization, why current privacy disclosures often fall short, and what it will take

React to this headline:

Loading spinner

Is privacy becoming a luxury? A candid look at consumer data use Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

React to this headline:

Loading spinner

Unpatched Windows Server vulnerability allows full domain compromise Read More »

Signal blocks Microsoft Recall from screenshotting conversations

Signal blocks Microsoft Recall from screenshotting conversations 2025-05-22 at 14:01 By Zeljka Zorz Signal has released a new version of its end-to-end encrypted communication app for Windows that prevents Microsoft Recall and users from screenshotting text-based conversations happening in the app. The new “Screen security” setting is enabled by default and can be easily disabled

React to this headline:

Loading spinner

Signal blocks Microsoft Recall from screenshotting conversations Read More »

The hidden gaps in your asset inventory, and how to close them

The hidden gaps in your asset inventory, and how to close them 2025-05-22 at 09:06 By Mirko Zorz In this Help Net Security interview, Tim Grieveson, CSO at ThingsRecon, breaks down the first steps security teams should take to regain visibility, the most common blind spots in asset discovery, and why context should drive risk

React to this headline:

Loading spinner

The hidden gaps in your asset inventory, and how to close them Read More »

CTM360 report: Ransomware exploits trust more than tech

CTM360 report: Ransomware exploits trust more than tech 2025-05-22 at 08:35 By Anamarija Pogorelec A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in through misplaced trust and weak identity safeguards. This

React to this headline:

Loading spinner

CTM360 report: Ransomware exploits trust more than tech Read More »

Lumma Stealer Malware-as-a-Service operation disrupted

Lumma Stealer Malware-as-a-Service operation disrupted 2025-05-21 at 21:21 By Zeljka Zorz A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most significant infostealer threat at the moment. What is Lumma Stealer? Lumma Stealer is Malware-as-a-Service offering beloved by a wide

React to this headline:

Loading spinner

Lumma Stealer Malware-as-a-Service operation disrupted Read More »

Data-stealing VS Code extensions removed from official Marketplace

Data-stealing VS Code extensions removed from official Marketplace 2025-05-21 at 16:19 By Zeljka Zorz Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that install malware that steals cryptocurrency wallet credentials. “Based on shared infrastructure and obfuscation characteristics, we attribute all three

React to this headline:

Loading spinner

Data-stealing VS Code extensions removed from official Marketplace Read More »

What good threat intelligence looks like in practice

What good threat intelligence looks like in practice 2025-05-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Anuj Goel, CEO of Cyware, discusses how threat intelligence is no longer a nice to have, it’s a core cyber defense requirement. But turning intelligence into action remains a challenge for many organizations. The path

React to this headline:

Loading spinner

What good threat intelligence looks like in practice Read More »

AutoPatchBench: Meta’s new way to test AI bug fixing tools

AutoPatchBench: Meta’s new way to test AI bug fixing tools 2025-05-21 at 08:02 By Mirko Zorz AutoPatchBench is a new benchmark that tests how well AI tools can fix code bugs. It focuses on C and C++ vulnerabilities found through fuzzing. The benchmark includes 136 real bugs and their verified fixes, taken from the ARVO

React to this headline:

Loading spinner

AutoPatchBench: Meta’s new way to test AI bug fixing tools Read More »

Third-party cyber risks and what you can do

Third-party cyber risks and what you can do 2025-05-21 at 07:31 By Help Net Security When a third-party tech vendor suffers a cyber incident, your business can feel the effects immediately. That’s why it’s crucial to treat vendor risk as part of your cybersecurity posture. In this Help Net Security video, Mike Toole, Director of

React to this headline:

Loading spinner

Third-party cyber risks and what you can do Read More »

Product showcase: Secure digital and physical access with the Swissbit iShield Key 2

Product showcase: Secure digital and physical access with the Swissbit iShield Key 2 2025-05-20 at 16:16 By Help Net Security To meet today’s complex security requirements, organizations need solutions that are not only secure, but also practical and scalable. The Swissbit iShield Key 2 offers a compelling answer by combining two critical security functions –

React to this headline:

Loading spinner

Product showcase: Secure digital and physical access with the Swissbit iShield Key 2 Read More »

Trojanized KeePass opens doors for ransomware attackers

Trojanized KeePass opens doors for ransomware attackers 2025-05-20 at 14:04 By Zeljka Zorz A suspected initial access broker has been leveraging trojanized versions of the open-source KeePass password manager to set the stage for ransomware attacks, WithSecure researchers have discovered. KeeLoader: Passoword manager that acts as data stealer and malware loader In February 2025, WithSecure’s

React to this headline:

Loading spinner

Trojanized KeePass opens doors for ransomware attackers Read More »

Closing security gaps in multi-cloud and SaaS environments

Closing security gaps in multi-cloud and SaaS environments 2025-05-20 at 09:06 By Mirko Zorz In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research on the state of cloud and SaaS security. He talks about how siloed visibility, fragmented tools, and a lack of incident

React to this headline:

Loading spinner

Closing security gaps in multi-cloud and SaaS environments Read More »

Containers are just processes: The illusion of namespace security

Containers are just processes: The illusion of namespace security 2025-05-20 at 08:31 By Help Net Security In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code.

React to this headline:

Loading spinner

Containers are just processes: The illusion of namespace security Read More »

Scroll to Top