Hot stuff

Why should companies or organizations convert to FIDO security keys?

Why should companies or organizations convert to FIDO security keys? 2025-06-25 at 08:09 By Mirko Zorz In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights […]

React to this headline:

Loading spinner

Why should companies or organizations convert to FIDO security keys? Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

React to this headline:

Loading spinner

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) 2025-06-24 at 12:45 By Zeljka Zorz A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised

React to this headline:

Loading spinner

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) Read More »

Why work-life balance in cybersecurity must start with executive support

Why work-life balance in cybersecurity must start with executive support 2025-06-24 at 08:34 By Mirko Zorz In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace

React to this headline:

Loading spinner

Why work-life balance in cybersecurity must start with executive support Read More »

Microsoft will start removing legacy drivers from Windows Update

Microsoft will start removing legacy drivers from Windows Update 2025-06-23 at 17:47 By Zeljka Zorz Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. This is intended to be an ongoing process and Microsoft is planning to introduce

React to this headline:

Loading spinner

Microsoft will start removing legacy drivers from Windows Update Read More »

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets 2025-06-23 at 16:38 By Zeljka Zorz The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as

React to this headline:

Loading spinner

CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets Read More »

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the

React to this headline:

Loading spinner

Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »

How CISOs can justify security investments in financial terms

How CISOs can justify security investments in financial terms 2025-06-23 at 09:06 By Mirko Zorz In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and

React to this headline:

Loading spinner

How CISOs can justify security investments in financial terms Read More »

Quantum risk is already changing cybersecurity

Quantum risk is already changing cybersecurity 2025-06-23 at 08:18 By Mirko Zorz A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness Gap Before It’s

React to this headline:

Loading spinner

Quantum risk is already changing cybersecurity Read More »

Microsoft boosts default security of Windows 365 Cloud PCs

Microsoft boosts default security of Windows 365 Cloud PCs 2025-06-20 at 15:05 By Zeljka Zorz Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as

React to this headline:

Loading spinner

Microsoft boosts default security of Windows 365 Cloud PCs Read More »

Strategies to secure long-life IoT devices

Strategies to secure long-life IoT devices 2025-06-20 at 09:07 By Mirko Zorz In this Help Net Security interview, Rob ter Linden, CISO at Signify, discusses priorities for CISOs working on IoT security, including the need for compliant infrastructure, easy device management, and preparing for future tech like quantum computing and AI. He also covers challenges

React to this headline:

Loading spinner

Strategies to secure long-life IoT devices Read More »

Why AI code assistants need a security reality check

Why AI code assistants need a security reality check 2025-06-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities

React to this headline:

Loading spinner

Why AI code assistants need a security reality check Read More »

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) 2025-06-18 at 14:49 By Zeljka Zorz Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable

React to this headline:

Loading spinner

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) Read More »

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security 2025-06-18 at 09:02 By Help Net Security As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of

React to this headline:

Loading spinner

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security Read More »

Researchers unearth keyloggers on Outlook login pages

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

React to this headline:

Loading spinner

Researchers unearth keyloggers on Outlook login pages Read More »

Hackers love events. Why aren’t more CISOs paying attention?

Hackers love events. Why aren’t more CISOs paying attention? 2025-06-17 at 09:04 By Mirko Zorz When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and shareholder meetings bring a different kind of cybersecurity exposure. These events gather people, devices, and

React to this headline:

Loading spinner

Hackers love events. Why aren’t more CISOs paying attention? Read More »

Before scaling GenAI, map your LLM usage and risk zones

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

React to this headline:

Loading spinner

Before scaling GenAI, map your LLM usage and risk zones Read More »

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles 2025-06-16 at 16:18 By Zeljka Zorz Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning

React to this headline:

Loading spinner

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles Read More »

Why banks’ tech-first approach leaves governance gaps

Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance

React to this headline:

Loading spinner

Why banks’ tech-first approach leaves governance gaps Read More »

Scroll to Top