Don’t miss

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and […]

React to this headline:

Loading spinner

How Brandolini’s law informs our everyday infosec reality Read More »

From legacy to SaaS: Why complexity is the enemy of enterprise security

access management, authentication, Bridge IT, CISO, cybersecurity, digital transformation, Don't miss, enterprise, Features, Hot stuff, identity verification, MFA, News, SaaS, security awareness, strategy, tips, zero trust /

From legacy to SaaS: Why complexity is the enemy of enterprise security 2025-08-11 at 08:32 By Mirko Zorz In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance

React to this headline:

Loading spinner

From legacy to SaaS: Why complexity is the enemy of enterprise security Read More »

Review: From Day Zero to Zero Day

books, Don't miss, how-to, News, Review, Reviews, skill development, strategy, tips, vulnerability assessment /

Review: From Day Zero to Zero Day 2025-08-11 at 08:02 By Mirko Zorz From Day Zero to Zero Day is a practical guide for cybersecurity pros who want to move beyond reading about vulnerabilities and start finding them. It gives a methodical look at how real vulnerability research is done. About the author Eugene Lim

React to this headline:

Loading spinner

Review: From Day Zero to Zero Day Read More »

August 2025 Patch Tuesday forecast: Try, try, again

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, SharePoint /

August 2025 Patch Tuesday forecast: Try, try, again 2025-08-08 at 09:30 By Help Net Security July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly

React to this headline:

Loading spinner

August 2025 Patch Tuesday forecast: Try, try, again Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

React to this headline:

Loading spinner

Third-party partners or ticking time bombs? Read More »

What GPT‑5 means for IT teams, devs, and the future of AI at work

Artificial Intelligence, Azoma, ChatGPT, Don't miss, generative AI, LLMs, News /

What GPT‑5 means for IT teams, devs, and the future of AI at work 2025-08-07 at 20:58 By Sinisa Markovic OpenAI has released GPT‑5, the newest version of its large language model. It’s now available to developers and ChatGPT users, and it brings some real changes to how AI can be used in business and

React to this headline:

Loading spinner

What GPT‑5 means for IT teams, devs, and the future of AI at work Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

CISA, cloud security, Don't miss, Email, enterprise, Hot stuff, hybrid IT, Microsoft Exchange, News /

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

React to this headline:

Loading spinner

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Don't miss, firewall, GuidePoint Security, Hot stuff, Huntress, News, SonicWall, vulnerability /

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls 2025-08-07 at 14:34 By Zeljka Zorz Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which

React to this headline:

Loading spinner

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls Read More »

Photos: Black Hat USA 2025

Black Hat USA 2025, Check Point, conferences, Don't miss, EasyDMARC, Elastic, Google, Gurucul, HackerOne, Keep Aware, News, Oleria, Pentera, Picus Security, SpyCloud, Stellar Cyber, Tines, Trend Micro, Veracode, VioletX, Vonahi Security /

Photos: Black Hat USA 2025 2025-08-07 at 11:38 By Help Net Security Here’s a look inside Black Hat USA 2025. The featured vendors are: Stellar Cyber, Vonahi Security, Gurucul, Check Point, HackerOne, EasyDMARC, Elastic, Google, Tines, Veracode, VioletX, Pentera, Keep Aware, Oleria, SpyCloud, Trend Micro and Picus Security. The post Photos: Black Hat USA 2025

React to this headline:

Loading spinner

Photos: Black Hat USA 2025 Read More »

Beyond PQC: Building adaptive security programs for the unknown

CISO, Crypto, cybersecurity, Don't miss, Entrust, Features, Hot stuff, News, quantum computing /

Beyond PQC: Building adaptive security programs for the unknown 2025-08-07 at 09:15 By Mirko Zorz In this Help Net Security interview, Jordan Avnaim, CISO at Entrust, discusses how to communicate the quantum computing threat to executive teams using a risk-based approach. He explains why post-quantum cryptography (PQC) is an urgent and long-term priority. Avnaim also

React to this headline:

Loading spinner

Beyond PQC: Building adaptive security programs for the unknown Read More »

AI can write your code, but nearly half of it may be insecure

Artificial Intelligence, cybersecurity, Don't miss, generative AI, LLMs, News, programming, report, Risk Management, Veracode /

AI can write your code, but nearly half of it may be insecure 2025-08-07 at 09:15 By Help Net Security While GenAI excels at producing functional code, it introduces security vulnerabilities in 45 percent of cases, according to Veracode’s 2025 GenAI Code Security Report, which analyzed code produced by over 100 LLMs across 80 real-world

React to this headline:

Loading spinner

AI can write your code, but nearly half of it may be insecure Read More »

Energy companies are blind to thousands of exposed services

critical infrastructure, cybersecurity, Don't miss, energy sector, News, report, SixMap, vulnerability management /

Energy companies are blind to thousands of exposed services 2025-08-07 at 07:02 By Anamarija Pogorelec Many of America’s largest energy providers are exposed to known and exploitable vulnerabilities, and most security teams may not even see them, according to a new report from SixMap. Researchers assessed the external attack surface of 21 major energy companies,

React to this headline:

Loading spinner

Energy companies are blind to thousands of exposed services Read More »

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC

Adobe, Don't miss, Hot stuff, News, PoC, Searchlight Cyber, security update, vulnerability /

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC 2025-08-06 at 16:33 By Zeljka Zorz Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details about the flaws have been public

React to this headline:

Loading spinner

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC Read More »

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)

Don't miss, Endpoint Security, enterprise, Hot stuff, News, SMBs, Trend Micro, vulnerability /

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) 2025-08-06 at 15:05 By Zeljka Zorz Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch

React to this headline:

Loading spinner

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) Read More »

Cybersecurity and the development of software-defined vehicles

automotive security, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, supply chain, VicOne /

Cybersecurity and the development of software-defined vehicles 2025-08-06 at 13:18 By Help Net Security In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not

React to this headline:

Loading spinner

Cybersecurity and the development of software-defined vehicles Read More »

Ransomware is up, zero-days are booming, and your IP camera might be next

attacks, cyber resilience, cyber risk, cybercrime, cybersecurity, Don't miss, Forescout, News, Ransomware, report, threats /

Ransomware is up, zero-days are booming, and your IP camera might be next 2025-08-06 at 08:47 By Help Net Security Cyber attackers are finding new ways in through the overlooked and unconventional network corners. Forescout’s 2025H1 Threat Review reveals a surge in advanced tactics, with zero-day exploits up 46 percent and ransomware attacks averaging 20

React to this headline:

Loading spinner

Ransomware is up, zero-days are booming, and your IP camera might be next Read More »

AI in the SOC: Game-changer or more noise?

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Immersive, News, security operations, SOC, Video /

AI in the SOC: Game-changer or more noise? 2025-08-06 at 08:02 By Help Net Security In this Help Net Security video, Kev Marriott, Senior Manager of Cyber at Immersive Labs, explores the challenges and opportunities of integrating AI into Security Operations Centers (SOCs). While AI can boost productivity by automating manual tasks and reducing alert

React to this headline:

Loading spinner

AI in the SOC: Game-changer or more noise? Read More »

CISOs say they’re prepared, their data says otherwise

Artificial Intelligence, automation, Axonius, cybersecurity, data security, Don't miss, News, report, vulnerability management /

CISOs say they’re prepared, their data says otherwise 2025-08-06 at 08:02 By Sinisa Markovic Most security teams believe they can act quickly when a threat emerges. But many don’t trust the very data they rely on to do so, and that’s holding them back. A new Axonius report, based on a survey of 500 U.S.-based

React to this headline:

Loading spinner

CISOs say they’re prepared, their data says otherwise Read More »

Millions of Dell laptops could be persistently backdoored in ReVault attacks

Broadcom, Cisco, Dell, Don't miss, Endpoint Security, firmware, hardware, Hot stuff, News, vulnerability /

Millions of Dell laptops could be persistently backdoored in ReVault attacks 2025-08-05 at 21:19 By Zeljka Zorz A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve persistent access even across Windows reinstalls, Cisco Talos researchers have discovered. About the

React to this headline:

Loading spinner

Millions of Dell laptops could be persistently backdoored in ReVault attacks Read More »

Project Ire: Microsoft’s autonomous malware detection AI agent

AI, automation, Don't miss, Hot stuff, LLM, malware detection, Microsoft, Microsoft Defender, News, reverse engineering /

Project Ire: Microsoft’s autonomous malware detection AI agent 2025-08-05 at 19:45 By Zeljka Zorz Microsoft is working on a AI agent whose main goal is autonomous malware detection and the prototype – dubbed Project Ire – is showing great potential, the company has announced on Tuesday. Tested on a dataset of known malicious and benign

React to this headline:

Loading spinner

Project Ire: Microsoft’s autonomous malware detection AI agent Read More »

Scroll to Top