Hot stuff

Package hallucination: LLMs may deliver malicious code to careless devs

Artificial Intelligence, Don't miss, Hot stuff, JavaScript, LLMs, Malware, News, programming, Python, software development /

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software […]

React to this headline:

Loading spinner

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

The quiet data breach hiding in AI workflows

access control, Artificial Intelligence, CISO, cybersecurity, data security, Don't miss, Features, Hot stuff, how-to, LayerX, LLMs, News, opinion, strategy, tips /

The quiet data breach hiding in AI workflows 2025-04-14 at 08:30 By Mirko Zorz As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To

React to this headline:

Loading spinner

The quiet data breach hiding in AI workflows Read More »

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices

BSI, Don't miss, Fortinet, FortiOS, Hot stuff, News, vulnerability /

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices 2025-04-11 at 21:05 By Zeljka Zorz A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original

React to this headline:

Loading spinner

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices Read More »

Why security culture is crypto’s strongest asset

Crypto, Cryptocurrency, cybersecurity, Don't miss, Features, Grayscale, Hot stuff, News, opinion, strategy /

Why security culture is crypto’s strongest asset 2025-04-11 at 08:46 By Mirko Zorz In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, and securing both hot and cold wallets. From a threat modeling perspective, what unique adversary tactics do you

React to this headline:

Loading spinner

Why security culture is crypto’s strongest asset Read More »

Trump orders revocation of security clearances for Chris Krebs, SentinelOne

Don't miss, Government, Hot stuff, News, SentinelOne, USA /

Trump orders revocation of security clearances for Chris Krebs, SentinelOne 2025-04-10 at 15:50 By Zeljka Zorz US President Donald Trump has signed an Executive Order on Wednesday to revoke security clearance held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), and his colleagues at SentinelOne. “The Order also suspends

React to this headline:

Loading spinner

Trump orders revocation of security clearances for Chris Krebs, SentinelOne Read More »

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)

Don't miss, Fortinet, Hot stuff, networking, News, vulnerability /

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) 2025-04-10 at 13:18 By Zeljka Zorz Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow unauthenticated attackers to gain access to and administrative privileges on vulnerable devices. About CVE-2024-48887 Fortinet

React to this headline:

Loading spinner

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) Read More »

How to find out if your AI vendor is a security risk

API security, Artificial Intelligence, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, Vorlon Security /

How to find out if your AI vendor is a security risk 2025-04-10 at 08:31 By Help Net Security One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information

React to this headline:

Loading spinner

How to find out if your AI vendor is a security risk Read More »

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

Don't miss, Hot stuff, Meta, News, vulnerability, WhatsApp, Windows /

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) 2025-04-09 at 16:00 By Zeljka Zorz WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that

React to this headline:

Loading spinner

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) Read More »

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)

0-day, CISA, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News /

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged

React to this headline:

Loading spinner

RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »

Why CISOs are doubling down on cyber crisis simulations

CISO, Cloud Range, crisis management, cybersecurity, Don't miss, Features, Hack The Box, Hot stuff, how-to, Immersive, News, opinion, Sophos, strategy, tips /

Why CISOs are doubling down on cyber crisis simulations 2025-04-09 at 09:03 By Mirko Zorz Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting,

React to this headline:

Loading spinner

Why CISOs are doubling down on cyber crisis simulations Read More »

Transforming cybersecurity into a strategic business enabler

CISO, cyber risk, cybersecurity, Don't miss, Ecolab, enterprise, Features, Hot stuff, News, Risk Management, security standard, strategy, tips /

Transforming cybersecurity into a strategic business enabler 2025-04-09 at 08:20 By Mirko Zorz In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise

React to this headline:

Loading spinner

Transforming cybersecurity into a strategic business enabler Read More »

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)

0-day, Don't miss, Hot stuff, Immersive, Microsoft, News, Patch Tuesday, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) 2025-04-08 at 22:16 By Zeljka Zorz April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be – and

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) Read More »

Excessive agency in LLMs: The growing risk of unchecked autonomy

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, LLMs, News, opinion /

Excessive agency in LLMs: The growing risk of unchecked autonomy 2025-04-08 at 08:39 By Help Net Security For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these

React to this headline:

Loading spinner

Excessive agency in LLMs: The growing risk of unchecked autonomy Read More »

Observability is security’s way back into the cloud conversation

Cloud, cloud adoption, cybersecurity, Don't miss, Features, Hot stuff, New Relic, News, opinion, strategy /

Observability is security’s way back into the cloud conversation 2025-04-08 at 08:02 By Mirko Zorz In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in

React to this headline:

Loading spinner

Observability is security’s way back into the cloud conversation Read More »

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334)

Don't miss, Hot stuff, News, vulnerability, Windows, WinRAR /

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) 2025-04-07 at 14:36 By Zeljka Zorz WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334

React to this headline:

Loading spinner

WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) Read More »

CISOs battle security platform fatigue

BeyondTrust, CISO, Don't miss, Features, Gigamon, Hot stuff, Ivanti, News, opinion, Panaseer, strategy, Syxsense, tips, Tuskira /

CISOs battle security platform fatigue 2025-04-07 at 08:31 By Mirko Zorz It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age

React to this headline:

Loading spinner

CISOs battle security platform fatigue Read More »

The shift to identity-first security and why it matters

access management, Artificial Intelligence, BeyondID, CISO, cybersecurity, Don't miss, Features, Hot stuff, News /

The shift to identity-first security and why it matters 2025-04-07 at 08:10 By Mirko Zorz In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in

React to this headline:

Loading spinner

The shift to identity-first security and why it matters Read More »

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection

AWS, cloud security, Don't miss, GitHub, Hot stuff, News, open source, software /

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection 2025-04-07 at 07:35 By Mirko Zorz YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of

React to this headline:

Loading spinner

YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection Read More »

The rise of compromised LLM attacks

Artificial Intelligence, Don't miss, Hot stuff, LLMs, News, Vectra AI, Video /

The rise of compromised LLM attacks 2025-04-07 at 07:03 By Help Net Security In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather in how

React to this headline:

Loading spinner

The rise of compromised LLM attacks Read More »

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday, Windows /

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft 2025-04-04 at 08:50 By Help Net Security Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and

React to this headline:

Loading spinner

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft Read More »

Scroll to Top