How to recognize and prevent deepfake scams 2025-03-31 at 06:42 By Help Net Security Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened. These altered clips spread across […]
How to recognize and prevent deepfake scams Read More »
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »
Android financial threats: What businesses need to know to protect themselves and their customers 2025-03-28 at 08:30 By Help Net Security The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates
Post-quantum cryptography and the future of online safety 2025-03-28 at 07:04 By Help Net Security In this Help Net Security video, Rebecca Krauthamer, CEO of QuSecure, explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare. She breaks down the so-called “quantum threat” and explains why it’s not just theoretical.
Post-quantum cryptography and the future of online safety Read More »
How to manage and protect your biometric data 2025-03-27 at 18:08 By Help Net Security Biometric data refers to unique physical or behavioral characteristics that are used to verify a person’s identity. Revoking or changing biometric data is more complicated than changing passwords. Unlike passwords, biometric identifiers like fingerprints or retina scans are unique and
How to manage and protect your biometric data Read More »
A closer look at The Ultimate Cybersecurity Careers Guide 2025-03-27 at 16:48 By Mirko Zorz In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and
A closer look at The Ultimate Cybersecurity Careers Guide Read More »
UK NCSC offers security guidance for domain and DNS registrars 2025-03-27 at 16:48 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says.
UK NCSC offers security guidance for domain and DNS registrars Read More »
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »
The hidden costs of security tool bloat and how to fix it 2025-03-27 at 08:07 By Mirko Zorz In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security stacks. Buckley shares insights on
The hidden costs of security tool bloat and how to fix it Read More »
Cyber insurance isn’t always what it seems 2025-03-27 at 07:39 By Mirko Zorz Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber insurance Myth:
Cyber insurance isn’t always what it seems Read More »
Hottest cybersecurity open-source tools of the month: March 2025 2025-03-27 at 07:01 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative
Hottest cybersecurity open-source tools of the month: March 2025 Read More »
China-linked FamousSparrow APT group resurfaces with enhanced capabilities 2025-03-26 at 17:02 By Help Net Security ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, they made an unexpected discovery in the victim’s system: malicious tools
China-linked FamousSparrow APT group resurfaces with enhanced capabilities Read More »
If you think you’re immune to phishing attempts, you’re wrong! 2025-03-26 at 16:17 By Zeljka Zorz Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list
If you think you’re immune to phishing attempts, you’re wrong! Read More »
Whitepaper: Voice of Security 2025 2025-03-26 at 16:02 By Help Net Security Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS. Understand the biggest challenges facing security teams today, and how they can stay ahead of the curve in the age
Whitepaper: Voice of Security 2025 Read More »
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) 2025-03-26 at 13:08 By Zeljka Zorz Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) Read More »
A CISO’s guide to securing AI models 2025-03-26 at 08:05 By Help Net Security In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns and
A CISO’s guide to securing AI models Read More »
Malwoverview: First response tool for threat hunting 2025-03-26 at 07:32 By Mirko Zorz Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to retrieve and display only relevant information. It enables
Malwoverview: First response tool for threat hunting Read More »
How does your data end up on the dark web? 2025-03-26 at 07:01 By Help Net Security The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything online that’s not
How does your data end up on the dark web? Read More »
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »
Review: The Developer’s Playbook for Large Language Model Security 2025-03-25 at 18:06 By Mirko Zorz With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to
Review: The Developer’s Playbook for Large Language Model Security Read More »