Don’t miss

Malwoverview: First response tool for threat hunting

Don't miss, GitHub, News, open source, software /

Malwoverview: First response tool for threat hunting 2025-03-26 at 07:32 By Mirko Zorz Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes. “Malwoverview is simple and direct, integrating multiple public sandboxes to retrieve and display only relevant information. It enables […]

React to this headline:

Loading spinner

Malwoverview: First response tool for threat hunting Read More »

How does your data end up on the dark web?

cybercrime, cybersecurity, dark web, Don't miss, how-to, News, tips /

How does your data end up on the dark web? 2025-03-26 at 07:01 By Help Net Security The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing. The deep web is just everything online that’s not

React to this headline:

Loading spinner

How does your data end up on the dark web? Read More »

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover

AWS, containers, Don't miss, Google, Hot stuff, Kubernetes, News, vulnerability, Wiz /

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering

React to this headline:

Loading spinner

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »

Review: The Developer’s Playbook for Large Language Model Security

Artificial Intelligence, books, cybersecurity, Don't miss, Exabeam, Hot stuff, News, Reviews, strategy, tips /

Review: The Developer’s Playbook for Large Language Model Security 2025-03-25 at 18:06 By Mirko Zorz With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to

React to this headline:

Loading spinner

Review: The Developer’s Playbook for Large Language Model Security Read More »

Microsoft’s new AI agents take on phishing, patching, alert fatigue

Artificial Intelligence, Aviatrix, BlueVoyant, cybersecurity, Don't miss, Fletch, Microsoft, News, OneTrust, Tanium /

Microsoft’s new AI agents take on phishing, patching, alert fatigue 2025-03-25 at 18:06 By Mirko Zorz Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with some of the most time-consuming security challenges, such as phishing, data protection, and identity management. Phishing is still one of the most

React to this headline:

Loading spinner

Microsoft’s new AI agents take on phishing, patching, alert fatigue Read More »

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses

CISO, cybersecurity, Cynomi, Don't miss, Hot stuff, News /

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses 2025-03-25 at 16:13 By Help Net Security By now, it’s no secret—cyber threats are on the rise, and the need for strong cybersecurity is greater than ever. Globally small and medium-sized businesses (SMBs) are prime targets for cyberattacks, yet many can’t afford a full-time Chief

React to this headline:

Loading spinner

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses Read More »

Spring clean your security data: The case for cybersecurity data hygiene

Auguria, cyber hygiene, cybersecurity, data management, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, SIEM, SOC, strategy /

Spring clean your security data: The case for cybersecurity data hygiene 2025-03-25 at 08:41 By Help Net Security Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations

React to this headline:

Loading spinner

Spring clean your security data: The case for cybersecurity data hygiene Read More »

How AI agents could undermine computing infrastructure security

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, News, opinion, Teleport, threats, Video /

How AI agents could undermine computing infrastructure security 2025-03-25 at 07:34 By Help Net Security In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks. Unlike traditional software, AI agents aren’t fully deterministic, making them more vulnerable to

React to this headline:

Loading spinner

How AI agents could undermine computing infrastructure security Read More »

Protecting your personal information from data brokers

cybersecurity, data, data security, Don't miss, how-to, News, regulation, strategy, tips /

Protecting your personal information from data brokers 2025-03-24 at 18:01 By Help Net Security How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where

React to this headline:

Loading spinner

Protecting your personal information from data brokers Read More »

Report: Fortune 500 employee-linked account exposure

Don't miss, Enzoic, News, Whitepapers and webinars /

Report: Fortune 500 employee-linked account exposure 2025-03-24 at 16:01 By Help Net Security A backbone of our economy, Fortune 500 companies employ more than 31 million people worldwide. According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts became newly

React to this headline:

Loading spinner

Report: Fortune 500 employee-linked account exposure Read More »

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Cloudflare, Don't miss, framework, Hot stuff, News, Next.js, open source, PoC, ProjectDiscovery, vulnerability, web application security, web development /

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

How AI, corruption and digital tools fuel Europe’s criminal underworld

cybercrime, Don't miss, EU, Europe, Europol, law enforcement, News, report /

How AI, corruption and digital tools fuel Europe’s criminal underworld 2025-03-24 at 09:31 By Help Net Security Europol has released its 2025 report on serious and organized crime in the EU. The EU Serious and Organised Crime Threat Assessment (EU-SOCTA) is based on intelligence from EU countries and global law enforcement. The findings are stark.

React to this headline:

Loading spinner

How AI, corruption and digital tools fuel Europe’s criminal underworld Read More »

Finders Keypers: Open-source AWS KMS key usage finder

AWS, Don't miss, GitHub, News, open source, software /

Finders Keypers: Open-source AWS KMS key usage finder 2025-03-24 at 07:32 By Mirko Zorz Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the

React to this headline:

Loading spinner

Finders Keypers: Open-source AWS KMS key usage finder Read More »

Malicious ads target Semrush users to steal Google account credentials

Don't miss, Google, Hot stuff, malvertising, Malwarebytes, News, SEO /

Malicious ads target Semrush users to steal Google account credentials 2025-03-21 at 14:35 By Zeljka Zorz Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign Malwarebytes researchers have spotted a campaign consisting of a slew of malicious ads

React to this headline:

Loading spinner

Malicious ads target Semrush users to steal Google account credentials Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

backup, disaster recovery, Don't miss, enterprise, Hot stuff, MSP, Nakivo, News, PoC, SMBs, vulnerability, WatchTowr /

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

The hidden risk in SaaS: Why companies need a digital identity exit strategy

authentication, Curity, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, regulation, SaaS, strategy /

The hidden risk in SaaS: Why companies need a digital identity exit strategy 2025-03-21 at 08:31 By Help Net Security In the face of sudden trade restrictions, sanctions, or policy shifts, relying on SaaS providers outside your region for identity services is a gamble that companies can no longer afford to take. With trade disputes

React to this headline:

Loading spinner

The hidden risk in SaaS: Why companies need a digital identity exit strategy Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

backup, Don't miss, enterprise, Hot stuff, News, PoC, Rapid7, SMBs, Veeam Software, vulnerability, WatchTowr /

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

RansomHub affiliate leverages multi-function Betruger backdoor

backdoor, Don't miss, Hot stuff, Malware, News, Ransomware, Symantec /

RansomHub affiliate leverages multi-function Betruger backdoor 2025-03-20 at 12:03 By Zeljka Zorz A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The Betruger backdoor The malware can take screenshots, log keystroke, scan networks, dump credentials, upload files to a command and control

React to this headline:

Loading spinner

RansomHub affiliate leverages multi-function Betruger backdoor Read More »

Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates

Don't miss, Kali Linux, News, OffSec, open source, penetration testing, software /

Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates 2025-03-20 at 09:32 By Help Net Security Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a

React to this headline:

Loading spinner

Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates Read More »

5 pitfalls that can delay cyber incident response and recovery

automation, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Incident Response, News, opinion, ShadowHQ, threats /

5 pitfalls that can delay cyber incident response and recovery 2025-03-20 at 08:35 By Help Net Security The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes

React to this headline:

Loading spinner

5 pitfalls that can delay cyber incident response and recovery Read More »

Scroll to Top