Hot stuff

Healthcare CISOs must secure more than what’s regulated

automation, CISO, cybersecurity, DevSecOps, Don't miss, Ensora Health, Features, healthcare, Hot stuff, News, regulation, strategy /

Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also […]

React to this headline:

Loading spinner

Healthcare CISOs must secure more than what’s regulated Read More »

Qantas data breach could affect 6 million customers

Australia, Closed Door Security, data breach, Don't miss, Entrust, FBI, Hot stuff, News, Qantas, social engineering /

Qantas data breach could affect 6 million customers 2025-07-02 at 14:04 By Zeljka Zorz Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said that

React to this headline:

Loading spinner

Qantas data breach could affect 6 million customers Read More »

Cybersecurity essentials for the future: From hype to what works

access management, CISO, cyber resilience, cyber risk, cybersecurity, DirectDefense, Don't miss, enterprise, Features, Hot stuff, News, Risk Management, Secure Code Warrior, strategy, tips /

Cybersecurity essentials for the future: From hype to what works 2025-07-02 at 09:03 By Mirko Zorz Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s easy to get distracted. But at the end of the day, the goal stays

React to this headline:

Loading spinner

Cybersecurity essentials for the future: From hype to what works Read More »

How FinTechs are turning GRC into a strategic enabler

Artificial Intelligence, Compliance, cybersecurity, Don't miss, EU, Europe, Features, financial industry, Fintech, framework, GRC, Hot stuff, News, regulation, Risk Management, Riverty /

How FinTechs are turning GRC into a strategic enabler 2025-07-02 at 08:36 By Mirko Zorz In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in response to tighter regulations and global growth. He discusses the impact of frameworks

React to this headline:

Loading spinner

How FinTechs are turning GRC into a strategic enabler Read More »

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC

Apricorn, data security, Don't miss, Encryption, hardware, Hot stuff, News, Product showcase /

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC 2025-07-02 at 07:31 By Anamarija Pogorelec The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging from 4GB to 512GB and holds FIPS 140-2 Level 3 validation. The device

React to this headline:

Loading spinner

Product showcase: Protect your data with Apricorn Aegis Secure Key 3NXC Read More »

Microsoft introduces protection against email bombing

Don't miss, Email, Hot stuff, Microsoft, Microsoft Defender, News, social engineering, spam /

Microsoft introduces protection against email bombing 2025-07-01 at 18:54 By Zeljka Zorz By the end of July 2025, all Microsoft Defender for Office 365 customers should be protected from email bombing attacks by default, Microsoft has announced on Monday. What is email bombing? Email bombing (aka spam bombing) is an attack technique that results in

React to this headline:

Loading spinner

Microsoft introduces protection against email bombing Read More »

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

Debian, Don't miss, Hot stuff, Linux, macOS, News, Stratascale, SUSE, Ubuntu, vulnerability /

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) 2025-07-01 at 16:11 By Zeljka Zorz If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in Unix-like

React to this headline:

Loading spinner

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) Read More »

Google patches actively exploited Chrome (CVE‑2025‑6554)

0-day, Brave, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, Opera, security update, Vivaldi /

Google patches actively exploited Chrome (CVE‑2025‑6554) 2025-07-01 at 13:15 By Zeljka Zorz Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554

React to this headline:

Loading spinner

Google patches actively exploited Chrome (CVE‑2025‑6554) Read More »

Federal Reserve System CISO on aligning cyber risk management with transparency, trust

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Federal Reserve System, Hot stuff, News, opinion, resilience, Risk Management, strategy, threat, Threat Intelligence /

Federal Reserve System CISO on aligning cyber risk management with transparency, trust 2025-07-01 at 09:08 By Mirko Zorz In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven strategy. She explains how the Fed assesses potential disruptions to financial stability and

React to this headline:

Loading spinner

Federal Reserve System CISO on aligning cyber risk management with transparency, trust Read More »

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics

Bitdefender, Don't miss, Expert analysis, Expert corner, Hot stuff, News /

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics 2025-07-01 at 07:34 By Help Net Security This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted

React to this headline:

Loading spinner

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics Read More »

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

Censys, Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, ReliaQuest, vulnerability /

CitrixBleed 2 might be actively exploited (CVE-2025-5777) 2025-06-30 at 15:47 By Zeljka Zorz While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in

React to this headline:

Loading spinner

CitrixBleed 2 might be actively exploited (CVE-2025-5777) Read More »

Are we securing AI like the rest of the cloud?

Artificial Intelligence, Backblaze, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, penetration testing /

Are we securing AI like the rest of the cloud? 2025-06-30 at 09:01 By Mirko Zorz In this Help Net Security interview, Chris McGranahan, Director of Security Architecture & Engineering at Backblaze, discusses how AI is shaping both offensive and defensive cybersecurity tactics. He talks about how AI is changing the threat landscape, the complications

React to this headline:

Loading spinner

Are we securing AI like the rest of the cloud? Read More »

How exposure-enriched SOC data can cut cyberattacks in half by 2028

cyberattacks, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, PlexTrac, risk, SOC /

How exposure-enriched SOC data can cut cyberattacks in half by 2028 2025-06-30 at 08:33 By Help Net Security Gartner projects that by 2028, organizations enriching their Security Operations Center (SOC) data with exposure insights will reduce the frequency and impact of cyberattacks by 50%. This bold forecast underscores a crucial shift: proactive exposure management is

React to this headline:

Loading spinner

How exposure-enriched SOC data can cut cyberattacks in half by 2028 Read More »

Europe’s AI strategy: Smart caution or missed opportunity?

Accenture, Artificial Intelligence, Aunoo AI, CXO, cyber resilience, Data Protection, Don't miss, enterprise, EU, Europe, Features, Hot stuff, investment, Lakera, News, predictions, report, Verax AI /

Europe’s AI strategy: Smart caution or missed opportunity? 2025-06-30 at 08:03 By Mirko Zorz Europe is banking on AI to help solve its economic problems. Productivity is stalling, and tech adoption is slow. Global competitors, especially the U.S., are pulling ahead. A new report from Accenture says AI could help reverse that trend, but only

React to this headline:

Loading spinner

Europe’s AI strategy: Smart caution or missed opportunity? Read More »

Why AI agents could be the next insider threat

Artificial Intelligence, BeyondID, CISO, cybersecurity, Don't miss, enterprise, Hot stuff, Insider Threat, News, strategy, tips, Video /

Why AI agents could be the next insider threat 2025-06-30 at 07:37 By Help Net Security In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and invisible to identity governance systems. With a special focus on the healthcare sector, Shrestha

React to this headline:

Loading spinner

Why AI agents could be the next insider threat Read More »

Money mule networks evolve into hierarchical, business-like criminal enterprises

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, ThreatMark /

Money mule networks evolve into hierarchical, business-like criminal enterprises 2025-06-27 at 09:12 By Mirko Zorz In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping

React to this headline:

Loading spinner

Money mule networks evolve into hierarchical, business-like criminal enterprises Read More »

Managing through chaos to secure networks

automation, BackBox, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion /

Managing through chaos to secure networks 2025-06-27 at 08:39 By Anamarija Pogorelec Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore availability and uptime.

React to this headline:

Loading spinner

Managing through chaos to secure networks Read More »

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain /

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also

React to this headline:

Loading spinner

Building cyber resilience in always-on industrial environments Read More »

Breaking the cycle of attack playbook reuse

Bitdefender, Don't miss, Endpoint Security, Expert analysis, Expert corner, Hot stuff, News /

Breaking the cycle of attack playbook reuse 2025-06-26 at 08:32 By Help Net Security Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment is

React to this headline:

Loading spinner

Breaking the cycle of attack playbook reuse Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability /

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

React to this headline:

Loading spinner

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

Scroll to Top