Don’t miss

Open-source malware doubles, data exfiltration attacks dominate

cybercrime, Data exfiltration, Don't miss, Malware, News, open source, report, Sonatype /

Open-source malware doubles, data exfiltration attacks dominate 2025-04-03 at 07:02 By Help Net Security There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from […]

React to this headline:

Loading spinner

Open-source malware doubles, data exfiltration attacks dominate Read More »

Review: Zero to Engineer

books, Don't miss, News, Review, Reviews, skill development /

Review: Zero to Engineer 2025-04-03 at 06:37 By Mirko Zorz Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree. The book draws from the author’s unlikely journey – from being expelled from high school to earning six figures in the tech industry.

React to this headline:

Loading spinner

Review: Zero to Engineer Read More »

How to map and manage your cyber attack surface with EASM

attacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Outpost24 /

How to map and manage your cyber attack surface with EASM 2025-04-02 at 16:10 By Help Net Security In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article,

React to this headline:

Loading spinner

How to map and manage your cyber attack surface with EASM Read More »

Google is making sending end-to-end encrypted emails easy

Don't miss, email security, Encryption, enterprise, Gmail, Google Workspace, Hot stuff, News, Outlook, Privacy, secure communications, SMBs /

Google is making sending end-to-end encrypted emails easy 2025-04-02 at 15:03 By Zeljka Zorz Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails

React to this headline:

Loading spinner

Google is making sending end-to-end encrypted emails easy Read More »

North Korean IT workers set their sights on European organizations

blockchain, CMS, data theft, Don't miss, EU, extortion, Hot stuff, Insider Threat, News, North Korea, UK, web application, web development /

North Korean IT workers set their sights on European organizations 2025-04-02 at 13:05 By Zeljka Zorz North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to

React to this headline:

Loading spinner

North Korean IT workers set their sights on European organizations Read More »

Balancing data protection and clinical usability in healthcare

cybersecurity, Data Protection, Don't miss, Features, healthcare, Hot stuff, Main Line Health, News, opinion /

Balancing data protection and clinical usability in healthcare 2025-04-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. He explains the difficulties of protecting patient information, securing legacy systems, and maintaining

React to this headline:

Loading spinner

Balancing data protection and clinical usability in healthcare Read More »

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

Bluetooth, Don't miss, framework, GitHub, Hot stuff, News, open source, software /

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework 2025-04-02 at 07:35 By Mirko Zorz BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, it includes 43 different exploits. Some are public, and others were made specifically

React to this headline:

Loading spinner

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework Read More »

Your smart home may not be as secure as you think

cybersecurity, Don't miss, hardware, how-to, News, Privacy, smart home /

Your smart home may not be as secure as you think 2025-04-02 at 06:31 By Help Net Security The Internet of Things (IoT) has become a major part of daily life. Smartphones, smart thermostats, security cameras, and other connected devices make tasks easier and improve comfort, efficiency, and productivity. But as the number of devices

React to this headline:

Loading spinner

Your smart home may not be as secure as you think Read More »

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

CrushFTP, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, Shadowserver, VulnCheck /

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) 2025-04-01 at 18:49 By Zeljka Zorz Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through

React to this headline:

Loading spinner

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) Read More »

Building a reasonable cyber defense program

Center for Internet Security, Don't miss, Hot stuff, News /

Building a reasonable cyber defense program 2025-04-01 at 16:04 By Help Net Security If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable” cybersecurity controls

React to this headline:

Loading spinner

Building a reasonable cyber defense program Read More »

Attackers are probing Palo Alto Networks GlobalProtect portals

Don't miss, enterprise, GreyNoise, Hot stuff, News, Palo Alto Networks, scanning, VPN /

Attackers are probing Palo Alto Networks GlobalProtect portals 2025-04-01 at 14:21 By Zeljka Zorz Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise. “The

React to this headline:

Loading spinner

Attackers are probing Palo Alto Networks GlobalProtect portals Read More »

Why global tensions are a cybersecurity problem for every business

CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, News, strategy, threats /

Why global tensions are a cybersecurity problem for every business 2025-04-01 at 09:03 By Mirko Zorz With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling

React to this headline:

Loading spinner

Why global tensions are a cybersecurity problem for every business Read More »

How to build an effective cybersecurity simulation

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Immersive Labs, News, opinion, skill development, strategy, tips, training /

How to build an effective cybersecurity simulation 2025-04-01 at 08:32 By Help Net Security Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their

React to this headline:

Loading spinner

How to build an effective cybersecurity simulation Read More »

Generative AI Is reshaping financial fraud. Can security keep up?

Artificial Intelligence, cybersecurity, DataVisor, Don't miss, Features, fraud, Hot stuff, machine learning, News, opinion, strategy /

Generative AI Is reshaping financial fraud. Can security keep up? 2025-04-01 at 07:35 By Mirko Zorz In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay

React to this headline:

Loading spinner

Generative AI Is reshaping financial fraud. Can security keep up? Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

China, CISA, cyber espionage, Don't miss, Hot stuff, Ivanti, Malware, Mandiant, Microsoft, News /

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

React to this headline:

Loading spinner

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

Windows 11 quick machine recovery: Restoring devices with boot issues

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, SMBs, Windows /

Windows 11 quick machine recovery: Restoring devices with boot issues 2025-03-31 at 12:46 By Zeljka Zorz Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators

React to this headline:

Loading spinner

Windows 11 quick machine recovery: Restoring devices with boot issues Read More »

Two things you need in place to successfully adopt AI

Artificial Intelligence, code, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, LLMs, News, opinion, policy, Security Journey /

Two things you need in place to successfully adopt AI 2025-03-31 at 08:32 By Help Net Security Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy

React to this headline:

Loading spinner

Two things you need in place to successfully adopt AI Read More »

Exegol: Open-source hacking environment

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Exegol: Open-source hacking environment 2025-03-31 at 08:02 By Mirko Zorz Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project can have its own Docker

React to this headline:

Loading spinner

Exegol: Open-source hacking environment Read More »

Only 2-5% of application security alerts require immediate action

Application Security, cybersecurity, Don't miss, News, Ox Security, report, survey, vulnerability management /

Only 2-5% of application security alerts require immediate action 2025-03-31 at 07:51 By Help Net Security The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million

React to this headline:

Loading spinner

Only 2-5% of application security alerts require immediate action Read More »

How to recognize and prevent deepfake scams

Artificial Intelligence, cybercrime, cybersecurity, deepfakes, Don't miss, how-to, News, tips /

How to recognize and prevent deepfake scams 2025-03-31 at 06:42 By Help Net Security Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened. These altered clips spread across

React to this headline:

Loading spinner

How to recognize and prevent deepfake scams Read More »

Scroll to Top