Don’t miss

Property renters targeted in simple BEC scam

BEC scams, Don't miss, France, Hot stuff, News, phishing, Proofpoint, social engineering /

Property renters targeted in simple BEC scam 2025-04-30 at 14:32 By Zeljka Zorz Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam preying on renters “Most campaigns are sent from compromised mailboxes belonging to educational institutions in […]

React to this headline:

Loading spinner

Property renters targeted in simple BEC scam Read More »

Product showcase: Ledger Flex secure crypto wallet

Crypto, cybersecurity, Don't miss, hardware, Hot stuff, Ledger, News, Product showcase /

Product showcase: Ledger Flex secure crypto wallet 2025-04-30 at 09:02 By Sinisa Markovic The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it suitable for both beginners and more experienced users. Ledger Flex stores your private keys offline. This

React to this headline:

Loading spinner

Product showcase: Ledger Flex secure crypto wallet Read More »

Villain: Open-source framework for managing and enhancing reverse shells

Don't miss, framework, GitHub, News, open source, software /

Villain: Open-source framework for managing and enhancing reverse shells 2025-04-30 at 08:04 By Mirko Zorz Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, Villain enhances these shells with added functionality, offering commands and utilities, and allowing for shell sessions sharing across

React to this headline:

Loading spinner

Villain: Open-source framework for managing and enhancing reverse shells Read More »

Securing the invisible: Supply chain security trends

CISO, cybersecurity, Don't miss, Eclypsium, i-confidential, News, supply chain attacks, zero trust /

Securing the invisible: Supply chain security trends 2025-04-30 at 07:34 By Anamarija Pogorelec Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses by weaponizing

React to this headline:

Loading spinner

Securing the invisible: Supply chain security trends Read More »

Why cyber resilience must be part of every organization’s DNA

Artificial Intelligence, cybersecurity, Don't miss, LevelBlue, News, report, RSAC 2025, survey /

Why cyber resilience must be part of every organization’s DNA 2025-04-30 at 07:05 By Help Net Security As AI brings about excitement and transformative potential, the report reveals that organizations are forging ahead with innovations despite increased security concerns, according to LevelBlue’s 2025 Futures Report. In fact, just 29% of executives surveyed say they are

React to this headline:

Loading spinner

Why cyber resilience must be part of every organization’s DNA Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

0-day, cyber espionage, Don't miss, enterprise, exploit, Google, government-backed attacks, Hot stuff, News, report, spyware, tips, trends /

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

React to this headline:

Loading spinner

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

CISA warns about actively exploited Broadcom, Commvault vulnerabilities

Broadcom, CISA, Commvault, data center, Don't miss, email security, Hot stuff, Japan, News, USA /

CISA warns about actively exploited Broadcom, Commvault vulnerabilities 2025-04-29 at 15:47 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT admins

React to this headline:

Loading spinner

CISA warns about actively exploited Broadcom, Commvault vulnerabilities Read More »

Marks & Spencer cyber incident linked to ransomware group

disruption, Don't miss, Europe, Hot stuff, News, Ransomware, Retail, UK /

Marks & Spencer cyber incident linked to ransomware group 2025-04-29 at 14:18 By Zeljka Zorz The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted. The Telegraph’s sources say ransomware was deployed by a unnamed criminal gang. Bleeping Computer’s

React to this headline:

Loading spinner

Marks & Spencer cyber incident linked to ransomware group Read More »

Eyes, ears, and now arms: IoT is alive

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Nabto, News, opinion, regulation /

Eyes, ears, and now arms: IoT is alive 2025-04-29 at 09:36 By Help Net Security I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now,

React to this headline:

Loading spinner

Eyes, ears, and now arms: IoT is alive Read More »

What’s worth automating in cyber hygiene, and what’s not

1Password, authentication, automation, BitSight, CISO, credentials, cyber hygiene, cybersecurity, Don't miss, enterprise, Features, Hot stuff, News, passwords, patching, strategy, Swimlane, tips /

What’s worth automating in cyber hygiene, and what’s not 2025-04-29 at 09:05 By Mirko Zorz Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. Teams are scattered. Some machines haven’t been rebooted in months. Automation can help. But

React to this headline:

Loading spinner

What’s worth automating in cyber hygiene, and what’s not Read More »

Want faster products and stronger trust? Build security in, not bolt it on

automation, cybersecurity, Don't miss, Features, Group 1001, Hot stuff, Insurance, News, opinion, security metrics /

Want faster products and stronger trust? Build security in, not bolt it on 2025-04-29 at 08:42 By Mirko Zorz In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He explains why security must be embedded across IT, business lines, and product development, how

React to this headline:

Loading spinner

Want faster products and stronger trust? Build security in, not bolt it on Read More »

DDoS attacks jump 358% compared to last year

attacks, Cloudflare, cybercrime, cybersecurity, DDoS, Don't miss, News, threats /

DDoS attacks jump 358% compared to last year 2025-04-29 at 08:04 By Mirko Zorz Cloudflare says it mitigated 20.5 million DDoS attacks in the first quarter of 2025. This is a 358% increase compared to the same time last year. Their Q1 2025 DDoS report highlights a rise in the number and size of attacks,

React to this headline:

Loading spinner

DDoS attacks jump 358% compared to last year Read More »

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)

Don't miss, enterprise, Government, Hot stuff, News, Onapsis, ReliaQuest, SAP /

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) 2025-04-28 at 13:00 By Zeljka Zorz CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest

React to this headline:

Loading spinner

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) Read More »

Threat actors are scanning your environment, even if you’re not

Don't miss, Hot stuff, News, Outpost24 /

Threat actors are scanning your environment, even if you’re not 2025-04-28 at 08:32 By Zeljka Zorz In a world where organizations’ digital footprint is constantly changing and attackers regularly capitalize on security failings in exposed IT assets, making the effort to minimize your external attack surface is a no-brainer. The goal is simple: Make your

React to this headline:

Loading spinner

Threat actors are scanning your environment, even if you’re not Read More »

GoSearch: Open-source OSINT tool for uncovering digital footprints

digital forensics, Don't miss, GitHub, Hudson Rock, News, OSINT, penetration testing, software /

GoSearch: Open-source OSINT tool for uncovering digital footprints 2025-04-28 at 08:01 By Help Net Security GoSearch is an open-source OSINT tool built to uncover digital footprints linked to specific usernames. Designed for speed and accuracy, it lets users quickly track someone’s online presence across multiple platforms. GoSearch incorporates data from Hudson Rock’s Cybercrime Database, offering

React to this headline:

Loading spinner

GoSearch: Open-source OSINT tool for uncovering digital footprints Read More »

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)

Don't miss, Hot stuff, News, OPSWAT, Ruby, security update, vulnerability, web application security /

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) 2025-04-25 at 12:39 By Zeljka Zorz Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others). Two of the flaws – CVE-2025-25184 and CVE-2025-27111 – could allow attackers to manipulate

React to this headline:

Loading spinner

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) Read More »

Top must-visit companies at RSAC 2025

Aurva, Chainloop, Don't miss, Enkrypt AI, Ivanti, Microsoft, News, PlexTrac, PowerDMARC, RSAC 2025, Simbian, SkyHawk Security, ThriveDX /

Top must-visit companies at RSAC 2025 2025-04-25 at 07:34 By Help Net Security RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight

React to this headline:

Loading spinner

Top must-visit companies at RSAC 2025 Read More »

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)

backup, Commvault, Data Protection, Don't miss, Hot stuff, News, PoC, vulnerability, WatchTowr /

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) 2025-04-24 at 15:35 By Zeljka Zorz If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution.

React to this headline:

Loading spinner

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) Read More »

Skyhawk Security brings preemptive cloud app defense to RSAC 2025

Don't miss, News, RSAC 2025, SkyHawk Security /

Skyhawk Security brings preemptive cloud app defense to RSAC 2025 2025-04-24 at 14:32 By Mirko Zorz Skyhawk Security is adding new protection for custom-built cloud applications. The company announced the update to its AI-powered Autonomous Purple Team for RSAC 2025 Conference, which starts April 28 in San Francisco. The AI-based purple team identifies security weaknesses

React to this headline:

Loading spinner

Skyhawk Security brings preemptive cloud app defense to RSAC 2025 Read More »

Understanding 2024 cyber attack trends

cloud security, cyberattacks, Don't miss, Hot stuff, Insider Threat, Mandiant, News, Ransomware, tips, trends /

Understanding 2024 cyber attack trends 2025-04-24 at 13:04 By Zeljka Zorz Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights In 2024, Mandiant handled more incidents in the financial sector than in any other industry: 17.4%. Other popular

React to this headline:

Loading spinner

Understanding 2024 cyber attack trends Read More »

Scroll to Top