Virtual kidnapping scams prey on our worst fears 2025-06-16 at 08:02 By Sinisa Markovic Getting a call saying a family member has been kidnapped is terrifying. Fear and panic take over, making it hard to think clearly. That’s exactly what criminals count on when they use a scam called virtual kidnapping. What is virtual kidnapping? […]
React to this headline:
Virtual kidnapping scams prey on our worst fears Read More »
Review: Learning Kali Linux, 2nd Edition 2025-06-16 at 07:32 By Mirko Zorz Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new material on digital
React to this headline:
Review: Learning Kali Linux, 2nd Edition Read More »
Why CISOs need to understand the AI tech stack 2025-06-16 at 07:01 By Mirko Zorz As AI spreads, so do the risks. Security leaders are being asked to protect systems they don’t fully understand yet, and that’s a problem. A new report from the Paladin Global Institute, The AI Tech Stack: A Primer for Tech
React to this headline:
Why CISOs need to understand the AI tech stack Read More »
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest
React to this headline:
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) 2025-06-13 at 15:22 By Zeljka Zorz A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened in January and early February 2025. “We
React to this headline:
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) Read More »
Unpacking the security complexity of no-code development platforms 2025-06-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far
React to this headline:
Unpacking the security complexity of no-code development platforms Read More »
Researchers warn of ongoing Entra ID account takeover campaign 2025-06-12 at 19:50 By Zeljka Zorz Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release
React to this headline:
Researchers warn of ongoing Entra ID account takeover campaign Read More »
LockBit panel data leak shows Chinese orgs among the most targeted 2025-06-12 at 17:17 By Zeljka Zorz The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate panel has revealed. From that sum, the operators took their 20%
React to this headline:
LockBit panel data leak shows Chinese orgs among the most targeted Read More »
Identifying high-risk APIs across thousands of code repositories 2025-06-12 at 16:02 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from code before
React to this headline:
Identifying high-risk APIs across thousands of code repositories Read More »
Want fewer security fires to fight? Start with threat modeling 2025-06-12 at 09:01 By Mirko Zorz CISOs understand that threat modeling helps teams identify risks early and build safer systems. But outside the security org, the value isn’t always clear. When competing for budget or board attention, threat modeling often loses out to more visible
React to this headline:
Want fewer security fires to fight? Start with threat modeling Read More »
Build a mobile hacking rig with a Pixel and Kali NetHunter 2025-06-12 at 08:32 By Mirko Zorz A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck
React to this headline:
Build a mobile hacking rig with a Pixel and Kali NetHunter Read More »
Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains 2025-06-11 at 20:46 By Help Net Security More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL. Called Operation Secure, the effort ran from January to April 2025 and involved law
React to this headline:
Infostealer crackdown: Operation Secure takes down 20,000 malicious IPs and domains Read More »
Connectwise is rotating code signing certificates. What happened? 2025-06-11 at 17:48 By Zeljka Zorz Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions. The reason for the
React to this headline:
Connectwise is rotating code signing certificates. What happened? Read More »
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) 2025-06-11 at 14:16 By Zeljka Zorz For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution vulnerability
React to this headline:
Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) Read More »
OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It
React to this headline:
OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »
The path to better cybersecurity isn’t more data, it’s less noise 2025-06-11 at 08:31 By Sinisa Markovic In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than
React to this headline:
The path to better cybersecurity isn’t more data, it’s less noise Read More »
How to build AI into your business without breaking compliance 2025-06-11 at 08:02 By Mirko Zorz AI is supposed to make businesses faster, smarter, and more competitive, but most projects fall short. The Cloud Security Alliance (CSA) says the real issue is companies cramming AI into old, rigid processes that just can’t keep up. “AI
React to this headline:
How to build AI into your business without breaking compliance Read More »
Android Enterprise update puts mobile security first 2025-06-10 at 21:04 By Mirko Zorz Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. Many security incidents involve smartphones, often due to
React to this headline:
Android Enterprise update puts mobile security first Read More »
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016) 2025-06-10 at 13:31 By Zeljka Zorz Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. What is Wazuh? Wazuh is a popular open-source security information and event management (SIEM) and extended detection and response
React to this headline:
Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016) Read More »
The legal questions to ask when your systems go dark 2025-06-10 at 09:16 By Mirko Zorz At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate
React to this headline:
The legal questions to ask when your systems go dark Read More »