enterprise

Secrets are leaking everywhere, and bots are to blame

Secrets are leaking everywhere, and bots are to blame 2025-07-31 at 07:30 By Anamarija Pogorelec Secrets like API keys, tokens, and credentials are scattered across messaging apps, spreadsheets, CI/CD logs, and even support tickets. According to Entro Security’s NHI & Secrets Risk Report H1 2025, non-human identities (NHIs), including bots, service accounts, and automation tools, […]

React to this headline:

Loading spinner

Secrets are leaking everywhere, and bots are to blame Read More »

Boards shift focus to tech and navigate cautious investors

Boards shift focus to tech and navigate cautious investors 2025-07-30 at 07:00 By Anamarija Pogorelec Corporate boards are adjusting to a more uncertain proxy landscape, according to EY’s 2025 Proxy Season Review. The report highlights four key 2025 proxy season trends shaping governance this year: more oversight of technology, fewer shareholder proposals (especially on sustainability),

React to this headline:

Loading spinner

Boards shift focus to tech and navigate cautious investors Read More »

Fighting AI with AI: How Darwinium is reshaping fraud defense

Fighting AI with AI: How Darwinium is reshaping fraud defense 2025-07-29 at 16:07 By Mirko Zorz AI agents are showing up in more parts of the customer journey, from product discovery to checkout. And fraudsters are also putting them to work, often with alarming success. In response, cyberfraud prevention leader Darwinium is launching two AI-powered

React to this headline:

Loading spinner

Fighting AI with AI: How Darwinium is reshaping fraud defense Read More »

Why behavioral intelligence is becoming the bank fraud team’s best friend

Why behavioral intelligence is becoming the bank fraud team’s best friend 2025-07-29 at 09:03 By Mirko Zorz In this Help Net Security interview, Seth Ruden, Senior Director of Global Advisory at BioCatch, discusses how financial institutions are addressing fraud. He explains how banks are using behavioral biometrics, device fingerprinting, and network intelligence to enhance fraud

React to this headline:

Loading spinner

Why behavioral intelligence is becoming the bank fraud team’s best friend Read More »

Microsoft rolls out Windows 11 “quick recovery” feature

Microsoft rolls out Windows 11 “quick recovery” feature 2025-07-23 at 18:31 By Zeljka Zorz With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default for Home users. “For nearly four decades, the blue screen shown during an unexpected

React to this headline:

Loading spinner

Microsoft rolls out Windows 11 “quick recovery” feature Read More »

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) 2025-07-21 at 15:42 By Zeljka Zorz Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to

React to this headline:

Loading spinner

Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309) Read More »

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) 2025-07-03 at 14:19 By Zeljka Zorz Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and

React to this headline:

Loading spinner

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) Read More »

Cybersecurity essentials for the future: From hype to what works

Cybersecurity essentials for the future: From hype to what works 2025-07-02 at 09:03 By Mirko Zorz Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s easy to get distracted. But at the end of the day, the goal stays

React to this headline:

Loading spinner

Cybersecurity essentials for the future: From hype to what works Read More »

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

CitrixBleed 2 might be actively exploited (CVE-2025-5777) 2025-06-30 at 15:47 By Zeljka Zorz While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in

React to this headline:

Loading spinner

CitrixBleed 2 might be actively exploited (CVE-2025-5777) Read More »

Europe’s AI strategy: Smart caution or missed opportunity?

Europe’s AI strategy: Smart caution or missed opportunity? 2025-06-30 at 08:03 By Mirko Zorz Europe is banking on AI to help solve its economic problems. Productivity is stalling, and tech adoption is slow. Global competitors, especially the U.S., are pulling ahead. A new report from Accenture says AI could help reverse that trend, but only

React to this headline:

Loading spinner

Europe’s AI strategy: Smart caution or missed opportunity? Read More »

Why AI agents could be the next insider threat

Why AI agents could be the next insider threat 2025-06-30 at 07:37 By Help Net Security In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and invisible to identity governance systems. With a special focus on the healthcare sector, Shrestha

React to this headline:

Loading spinner

Why AI agents could be the next insider threat Read More »

Windows 10: How to get security updates for free until 2026

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Loading spinner

Windows 10: How to get security updates for free until 2026 Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

React to this headline:

Loading spinner

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

Android Enterprise update puts mobile security first

Android Enterprise update puts mobile security first 2025-06-10 at 21:04 By Mirko Zorz Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. Many security incidents involve smartphones, often due to

React to this headline:

Loading spinner

Android Enterprise update puts mobile security first Read More »

Attackers fake IT support calls to steal Salesforce data

Attackers fake IT support calls to steal Salesforce data 2025-06-04 at 17:47 By Zeljka Zorz Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters

React to this headline:

Loading spinner

Attackers fake IT support calls to steal Salesforce data Read More »

Microsoft unveils “centralized” software update tool for Windows

Microsoft unveils “centralized” software update tool for Windows 2025-05-29 at 14:49 By Zeljka Zorz Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations upgrade their computer fleet to Windows 11 with the help of Windows Backup for Organizations. The

React to this headline:

Loading spinner

Microsoft unveils “centralized” software update tool for Windows Read More »

Unpatched Windows Server vulnerability allows full domain compromise

Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server

React to this headline:

Loading spinner

Unpatched Windows Server vulnerability allows full domain compromise Read More »

Google strengthens secure enterprise access from BYOD Android devices

Google strengthens secure enterprise access from BYOD Android devices 2025-05-14 at 19:21 By Zeljka Zorz Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate resources and data. Device Trust from Android Enterprise (Source: Google) What is Device

React to this headline:

Loading spinner

Google strengthens secure enterprise access from BYOD Android devices Read More »

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable

React to this headline:

Loading spinner

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »

PoC exploit for SysAid pre-auth RCE released, upgrade quickly!

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! 2025-05-07 at 15:45 By Zeljka Zorz WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on

React to this headline:

Loading spinner

PoC exploit for SysAid pre-auth RCE released, upgrade quickly! Read More »

Scroll to Top