Don’t miss

Stealthy backdoor found hiding in SOHO devices running Linux

Asus, backdoor, China, Cisco, CISO, cybercrime, D-Link, Don't miss, hardware, Linksys, Microsoft, News, router, Ruckus Networks, security cameras, SecurityScorecard, Synology /

Stealthy backdoor found hiding in SOHO devices running Linux 2025-06-23 at 11:02 By Mirko Zorz SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to […]

React to this headline:

Loading spinner

Stealthy backdoor found hiding in SOHO devices running Linux Read More »

How CISOs can justify security investments in financial terms

CBIZ, CISO, cybersecurity, Don't miss, Features, financial industry, Hot stuff, News, risk, Risk Management, strategy /

How CISOs can justify security investments in financial terms 2025-06-23 at 09:06 By Mirko Zorz In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and

React to this headline:

Loading spinner

How CISOs can justify security investments in financial terms Read More »

Quantum risk is already changing cybersecurity

CISO, cyber resilience, cyber risk, Cyber Threat Alliance, cybersecurity, Don't miss, Hot stuff, News, quantum computing, report, Risk Management /

Quantum risk is already changing cybersecurity 2025-06-23 at 08:18 By Mirko Zorz A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s

React to this headline:

Loading spinner

Quantum risk is already changing cybersecurity Read More »

Microsoft boosts default security of Windows 365 Cloud PCs

cloud computing, Don't miss, Hot stuff, hybrid workforce, Microsoft 365, News, remote working, virtualization, Windows /

Microsoft boosts default security of Windows 365 Cloud PCs 2025-06-20 at 15:05 By Zeljka Zorz Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as

React to this headline:

Loading spinner

Microsoft boosts default security of Windows 365 Cloud PCs Read More »

Strategies to secure long-life IoT devices

Artificial Intelligence, authentication, CISO, cybersecurity, Don't miss, Features, Hot stuff, IoT, network, News, Signify /

Strategies to secure long-life IoT devices 2025-06-20 at 09:07 By Mirko Zorz In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges

React to this headline:

Loading spinner

Strategies to secure long-life IoT devices Read More »

Why AI code assistants need a security reality check

Artificial Intelligence, code, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, News, Sonar /

Why AI code assistants need a security reality check 2025-06-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities

React to this headline:

Loading spinner

Why AI code assistants need a security reality check Read More »

GPS tracker detection made easy with off-the-shelf hardware

451 Research, car, cyberstalking, Don't miss, hardware, Internet of Things, location tracking, News, Privacy, scanner, tracking /

GPS tracker detection made easy with off-the-shelf hardware 2025-06-19 at 08:33 By Mirko Zorz Cyberstalkers are increasingly turning to cheap GPS trackers to secretly monitor people in real time. These devices, which often cost less than $30 and run on 4G LTE networks, are small, easy to hide under a bumper or in a glovebox,

React to this headline:

Loading spinner

GPS tracker detection made easy with off-the-shelf hardware Read More »

91% noise: A look at what’s wrong with traditional SAST tools

Application Security, automation, cybersecurity, Don't miss, Ghost Security, News, report, scanning /

91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false

React to this headline:

Loading spinner

91% noise: A look at what’s wrong with traditional SAST tools Read More »

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, openSUSE, Qualys, Ubuntu, vulnerability /

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) 2025-06-18 at 14:49 By Zeljka Zorz Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable

React to this headline:

Loading spinner

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) Read More »

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Kubernetes, News, opinion, Rootly /

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security 2025-06-18 at 09:02 By Help Net Security As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of

React to this headline:

Loading spinner

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security Read More »

AI is changing cybersecurity roles, and entry-level jobs are at risk

Artificial Intelligence, automation, Cato Networks, cybersecurity, Don't miss, Exabeam, News, Perspective Intelligence, Wipro /

AI is changing cybersecurity roles, and entry-level jobs are at risk 2025-06-18 at 08:00 By Sinisa Markovic Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and to build enhanced incident response capabilities. What’s changing AI

React to this headline:

Loading spinner

AI is changing cybersecurity roles, and entry-level jobs are at risk Read More »

From cleaners to creepers: The risk of mobile privilege escalation

Android, Don't miss, mobile devices, mobile security, News, smartphones, Video, Zimperium /

From cleaners to creepers: The risk of mobile privilege escalation 2025-06-18 at 07:38 By Help Net Security In this Help Net Security video, Nico Chiaraviglio, Chief Scientist at Zimperium, explores how Android apps can be abused to escalate privileges, giving attackers access to sensitive data and system functions. Drawing on Zimperium’s recent research, he breaks

React to this headline:

Loading spinner

From cleaners to creepers: The risk of mobile privilege escalation Read More »

Researchers unearth keyloggers on Outlook login pages

credentials, data theft, Don't miss, Government, Hot stuff, Microsoft Exchange, News, Outlook, Positive Technologies /

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

React to this headline:

Loading spinner

Researchers unearth keyloggers on Outlook login pages Read More »

Hackers love events. Why aren’t more CISOs paying attention?

BforeAI, CISO, conferences, CXO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Span, strategy, tips /

Hackers love events. Why aren’t more CISOs paying attention? 2025-06-17 at 09:04 By Mirko Zorz When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and shareholder meetings bring a different kind of cybersecurity exposure. These events gather people, devices, and

React to this headline:

Loading spinner

Hackers love events. Why aren’t more CISOs paying attention? Read More »

Before scaling GenAI, map your LLM usage and risk zones

Application Security, ArmorCode, Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, Lakera, LLMs, News, OWASP, policy, Straiker, The Motley Fool /

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

React to this headline:

Loading spinner

Before scaling GenAI, map your LLM usage and risk zones Read More »

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles

automotive security, CISA, Don't miss, GPS, Hot stuff, location tracking, News, remote management, SinoTrack /

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles 2025-06-16 at 16:18 By Zeljka Zorz Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning

React to this headline:

Loading spinner

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles Read More »

Why banks’ tech-first approach leaves governance gaps

Banks, CIO, CISO, Compliance, CXO, cybersecurity, Don't miss, Features, financial industry, Hot stuff, Live Oak Bank, News, opinion, regulation, Risk Management, security metrics, strategy /

Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance

React to this headline:

Loading spinner

Why banks’ tech-first approach leaves governance gaps Read More »

MDEAutomator: Open-source endpoint management, incident response in MDE

cybersecurity, Don't miss, GitHub, Hot stuff, Microsoft, News, open source, software /

MDEAutomator: Open-source endpoint management, incident response in MDE 2025-06-16 at 08:36 By Help Net Security Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT and security teams looking

React to this headline:

Loading spinner

MDEAutomator: Open-source endpoint management, incident response in MDE Read More »

Scroll to Top