Hot stuff

SafeLine Bot Management: Self-hosted alternative to Cloudflare

bot, cybersecurity, Don't miss, Hot stuff, News, SafePoint, traffic monitoring /

SafeLine Bot Management: Self-hosted alternative to Cloudflare 2025-04-17 at 16:52 By Help Net Security Modern websites are under constant pressure from automated traffic: scraping, credential stuffing, inventory hoarding, and other malicious bot behaviors. While Cloudflare Bot Management is a powerful cloud-native solution that leverages massive data and machine learning, not every organization wants to rely […]

React to this headline:

Loading spinner

SafeLine Bot Management: Self-hosted alternative to Cloudflare Read More »

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

0patch, APT, Check Point, Don't miss, enterprise, exploit, Government, HarfangLab, Hot stuff, News, phishing, vulnerability, Windows /

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) 2025-04-17 at 16:52 By Zeljka Zorz CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitation in the wild has been observed

React to this headline:

Loading spinner

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) Read More »

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

0-day, apple, APT, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News, security update /

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) 2025-04-17 at 12:02 By Zeljka Zorz Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200

React to this headline:

Loading spinner

Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Read More »

When AI agents go rogue, the fallout hits the enterprise

Artificial Intelligence, AutoRABIT, CXO, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, SOC, strategy, tips /

When AI agents go rogue, the fallout hits the enterprise 2025-04-17 at 08:45 By Mirko Zorz In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems. Issues like hallucinations, prompt injections, and embedded biases can turn these systems into vulnerable targets. Lord

React to this headline:

Loading spinner

When AI agents go rogue, the fallout hits the enterprise Read More »

Cozy Bear targets EU diplomats with wine-tasting invites (again)

backdoor, cyber espionage, Don't miss, EU, Hot stuff, News, phishing, Russian Federation /

Cozy Bear targets EU diplomats with wine-tasting invites (again) 2025-04-16 at 17:40 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared. Cozy Bear uses wine-tastings and dinners as a lure In early 2024, Zscaler flagged a low-volume

React to this headline:

Loading spinner

Cozy Bear targets EU diplomats with wine-tasting invites (again) Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

CardinalOps, CVE, Don't miss, Edera, Hot stuff, MITRE, News, VulnCheck, vulnerability disclosure, vulnerability management /

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

When companies merge, so do their cyber threats

Black Creek Cyber Security, CISO, CXO, cybersecurity, Data Protection, data security, Don't miss, Features, Hot stuff, Lumifi, market, News, regulation, strategy, tips, Twinstake /

When companies merge, so do their cyber threats 2025-04-16 at 09:13 By Mirko Zorz For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction. Strong due diligence, smart risk planning, and a shared security

React to this headline:

Loading spinner

When companies merge, so do their cyber threats Read More »

Strategic AI readiness for cybersecurity: From hype to reality

Artificial Intelligence, Aryaka, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, News, opinion, strategy /

Strategic AI readiness for cybersecurity: From hype to reality 2025-04-16 at 08:34 By Help Net Security AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity. Many companies could encounter serious repercussions, such as increased volumes of advanced cyber threats, if they fail to exploit AI

React to this headline:

Loading spinner

Strategic AI readiness for cybersecurity: From hype to reality Read More »

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected

Australia, Canada, data breach, data theft, Don't miss, EU, Hot stuff, News, UK, USA /

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected 2025-04-15 at 17:21 By Zeljka Zorz American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach resulted in information of an unknown number of customers of Hertz and

React to this headline:

Loading spinner

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected Read More »

Critical flaws fixed in Nagios Log Server

Don't miss, enterprise, exploit, Hot stuff, log management, Nagios Log Server, News, PoC, SMBs, vulnerability /

Critical flaws fixed in Nagios Log Server 2025-04-15 at 13:47 By Zeljka Zorz The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server. About the flaws The vulnerabilities, discovered and reported by security researchers Seth Kraft and Alex Tisdale, include: 1. A stored XSS vulnerability

React to this headline:

Loading spinner

Critical flaws fixed in Nagios Log Server Read More »

Why shorter SSL/TLS certificate lifespans matter

certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Sectigo, SSL/TLS /

Why shorter SSL/TLS certificate lifespans matter 2025-04-15 at 09:31 By Help Net Security Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve leaned on certificates with maximum validity term stretching for months and, in some

React to this headline:

Loading spinner

Why shorter SSL/TLS certificate lifespans matter Read More »

Cybercriminal groups embrace corporate structures to scale, sustain operations

cyberattacks, cybercriminals, cybersecurity, Don't miss, Features, hacking, Hot stuff, law enforcement, Netarx, News /

Cybercriminal groups embrace corporate structures to scale, sustain operations 2025-04-15 at 08:33 By Mirko Zorz In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection. He covers the strategic collaborations behind major attacks, business-like parallels,

React to this headline:

Loading spinner

Cybercriminal groups embrace corporate structures to scale, sustain operations Read More »

Package hallucination: LLMs may deliver malicious code to careless devs

Artificial Intelligence, Don't miss, Hot stuff, JavaScript, LLMs, Malware, News, programming, Python, software development /

Package hallucination: LLMs may deliver malicious code to careless devs 2025-04-14 at 15:46 By Zeljka Zorz LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation). A known occurrence Many software

React to this headline:

Loading spinner

Package hallucination: LLMs may deliver malicious code to careless devs Read More »

The quiet data breach hiding in AI workflows

access control, Artificial Intelligence, CISO, cybersecurity, data security, Don't miss, Features, Hot stuff, how-to, LayerX, LLMs, News, opinion, strategy, tips /

The quiet data breach hiding in AI workflows 2025-04-14 at 08:30 By Mirko Zorz As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern. To

React to this headline:

Loading spinner

The quiet data breach hiding in AI workflows Read More »

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices

BSI, Don't miss, Fortinet, FortiOS, Hot stuff, News, vulnerability /

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices 2025-04-11 at 21:05 By Zeljka Zorz A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original

React to this headline:

Loading spinner

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices Read More »

Why security culture is crypto’s strongest asset

Crypto, Cryptocurrency, cybersecurity, Don't miss, Features, Grayscale, Hot stuff, News, opinion, strategy /

Why security culture is crypto’s strongest asset 2025-04-11 at 08:46 By Mirko Zorz In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, and securing both hot and cold wallets. From a threat modeling perspective, what unique adversary tactics do you

React to this headline:

Loading spinner

Why security culture is crypto’s strongest asset Read More »

Trump orders revocation of security clearances for Chris Krebs, SentinelOne

Don't miss, Government, Hot stuff, News, SentinelOne, USA /

Trump orders revocation of security clearances for Chris Krebs, SentinelOne 2025-04-10 at 15:50 By Zeljka Zorz US President Donald Trump has signed an Executive Order on Wednesday to revoke security clearance held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), and his colleagues at SentinelOne. “The Order also suspends

React to this headline:

Loading spinner

Trump orders revocation of security clearances for Chris Krebs, SentinelOne Read More »

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)

Don't miss, Fortinet, Hot stuff, networking, News, vulnerability /

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) 2025-04-10 at 13:18 By Zeljka Zorz Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow unauthenticated attackers to gain access to and administrative privileges on vulnerable devices. About CVE-2024-48887 Fortinet

React to this headline:

Loading spinner

FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) Read More »

How to find out if your AI vendor is a security risk

API security, Artificial Intelligence, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, Vorlon Security /

How to find out if your AI vendor is a security risk 2025-04-10 at 08:31 By Help Net Security One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information

React to this headline:

Loading spinner

How to find out if your AI vendor is a security risk Read More »

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)

Don't miss, Hot stuff, Meta, News, vulnerability, WhatsApp, Windows /

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) 2025-04-09 at 16:00 By Zeljka Zorz WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that

React to this headline:

Loading spinner

WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) Read More »

Scroll to Top