Hot stuff

Researchers expose large-scale YouTube malware distribution network

Researchers expose large-scale YouTube malware distribution network 2025-10-23 at 17:37 By Zeljka Zorz Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.” The network published more than 3,000 videos across compromised or fake channels, luring viewers with game cheats, cracked […]

React to this headline:

Loading spinner

Researchers expose large-scale YouTube malware distribution network Read More »

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) 2025-10-23 at 17:10 By Zeljka Zorz CVE-2025-61932, an “improper verification of source of a communication channel” vulnerability affecting Lanscope Endpoint Manager, has been exploited as a zero-day since April 2025, the Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) warned on Wednesday. According to information received

React to this headline:

Loading spinner

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932) Read More »

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) 2025-10-23 at 14:39 By Zeljka Zorz Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About

React to this headline:

Loading spinner

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) Read More »

Faster LLM tool routing comes with new security considerations

Faster LLM tool routing comes with new security considerations 2025-10-23 at 09:23 By Sinisa Markovic Large language models depend on outside tools to perform real-world tasks, but connecting them to those tools often slows them down or causes failures. A new study from the University of Hong Kong proposes a way to fix that. The

React to this headline:

Loading spinner

Faster LLM tool routing comes with new security considerations Read More »

Attackers target retailers’ gift card systems using cloud-only techniques

Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and

React to this headline:

Loading spinner

Attackers target retailers’ gift card systems using cloud-only techniques Read More »

Attackers turn trusted OAuth apps into cloud backdoors

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

React to this headline:

Loading spinner

Attackers turn trusted OAuth apps into cloud backdoors Read More »

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog,

React to this headline:

Loading spinner

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

Agentic AI security: Building the next generation of access controls

Agentic AI security: Building the next generation of access controls 2025-10-21 at 10:03 By Help Net Security As artificial intelligence (AI) solutions continue to evolve, the rise of agentic AI—intelligent systems that can act autonomously on behalf of an organization—presents new security challenges. Research from Delinea’s 2025 AI in Identity Security Demands a New Playbook

React to this headline:

Loading spinner

Agentic AI security: Building the next generation of access controls Read More »

When everything’s connected, everything’s at risk

When everything’s connected, everything’s at risk 2025-10-21 at 09:02 By Mirko Zorz In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems,

React to this headline:

Loading spinner

When everything’s connected, everything’s at risk Read More »

10 data security companies to watch in 2026

10 data security companies to watch in 2026 2025-10-21 at 08:52 By Sinisa Markovic At Help Net Security, we’ve been tracking the cybersecurity world for nearly three decades. Through our Industry News section, we’ve watched countless companies rise, and push the limits of what’s possible in data protection. Some vendors consistently stand out, not just

React to this headline:

Loading spinner

10 data security companies to watch in 2026 Read More »

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due

React to this headline:

Loading spinner

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

React to this headline:

Loading spinner

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Most AI privacy research looks the wrong way

Most AI privacy research looks the wrong way 2025-10-20 at 13:19 By Mirko Zorz Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from

React to this headline:

Loading spinner

Most AI privacy research looks the wrong way Read More »

Microsoft revokes 200 certs used to sign malicious Teams installers

Microsoft revokes 200 certs used to sign malicious Teams installers 2025-10-17 at 15:59 By Zeljka Zorz By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on

React to this headline:

Loading spinner

Microsoft revokes 200 certs used to sign malicious Teams installers Read More »

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) 2025-10-17 at 15:29 By Zeljka Zorz Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. “The operation targeted victims running older Linux systems that do not have endpoint detection response solutions,” Trend Micro

React to this headline:

Loading spinner

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) Read More »

A new approach to blockchain spam: Local reputation over global rules

A new approach to blockchain spam: Local reputation over global rules 2025-10-17 at 10:18 By Mirko Zorz Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains

React to this headline:

Loading spinner

A new approach to blockchain spam: Local reputation over global rules Read More »

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,

React to this headline:

Loading spinner

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »

When trusted AI connections turn hostile

When trusted AI connections turn hostile 2025-10-16 at 09:02 By Mirko Zorz Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while staying undetected by

React to this headline:

Loading spinner

When trusted AI connections turn hostile Read More »

Identifying risky candidates: Practical steps for security leaders

Identifying risky candidates: Practical steps for security leaders 2025-10-16 at 08:32 By Help Net Security Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,

React to this headline:

Loading spinner

Identifying risky candidates: Practical steps for security leaders Read More »

Scroll to Top