Hot stuff

Why we must go beyond tooling and CVEs to illuminate security blind spots

Why we must go beyond tooling and CVEs to illuminate security blind spots 2025-07-18 at 09:41 By Help Net Security In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs […]

React to this headline:

Loading spinner

Why we must go beyond tooling and CVEs to illuminate security blind spots Read More »

Making security and development co-owners of DevSecOps

Making security and development co-owners of DevSecOps 2025-07-18 at 09:41 By Mirko Zorz In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips on ownership

React to this headline:

Loading spinner

Making security and development co-owners of DevSecOps Read More »

Review: Passwork 7.0, self-hosted password manager for business

Review: Passwork 7.0, self-hosted password manager for business 2025-07-17 at 13:09 By Help Net Security Over the years, the number of services we use has exploded, and so has the need to protect our credentials. Back in what I like to call “the age of innocence,” we scribbled passwords on paper or reused “password123” across

React to this headline:

Loading spinner

Review: Passwork 7.0, self-hosted password manager for business Read More »

What a mature OT security program looks like in practice

What a mature OT security program looks like in practice 2025-07-17 at 09:08 By Mirko Zorz In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program. She outlines the key differences between short-term fixes and long-term resilience, and

React to this headline:

Loading spinner

What a mature OT security program looks like in practice Read More »

Why silent authentication is the smarter way to secure BYOD

Why silent authentication is the smarter way to secure BYOD 2025-07-17 at 09:08 By Help Net Security In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity challenges of BYOD. He breaks down how it works, why it matters, and

React to this headline:

Loading spinner

Why silent authentication is the smarter way to secure BYOD Read More »

Machine unlearning gets a practical privacy upgrade

Machine unlearning gets a practical privacy upgrade 2025-07-17 at 09:08 By Mirko Zorz Machine learning models are everywhere now, from chatbots to credit scoring tools, and they carry traces of the data they were trained on. When someone asks to have their personal data erased under laws like the GDPR, their data also needs to

React to this headline:

Loading spinner

Machine unlearning gets a practical privacy upgrade Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

React to this headline:

Loading spinner

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) 2025-07-16 at 16:32 By Zeljka Zorz For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a high-severity vulnerability that stems from incorrect validation of untrusted input in ANGLE – the Almost

React to this headline:

Loading spinner

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) Read More »

Product showcase: Enzoic for Active Directory

Product showcase: Enzoic for Active Directory 2025-07-16 at 08:19 By Help Net Security Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. In essence, it serves as an always-on sentinel for AD, preventing users from choosing compromised or weak passwords

React to this headline:

Loading spinner

Product showcase: Enzoic for Active Directory Read More »

Experts unpack the biggest cybersecurity surprises of 2025

Experts unpack the biggest cybersecurity surprises of 2025 2025-07-16 at 08:19 By Mirko Zorz 2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to share the biggest surprises they’ve seen so far this year and what

React to this headline:

Loading spinner

Experts unpack the biggest cybersecurity surprises of 2025 Read More »

Real-world numbers for estimating security audit costs

Real-world numbers for estimating security audit costs 2025-07-16 at 08:10 By Help Net Security At the end of Star Wars: A New Hope, Luke Skywalker races through the Death Star trench, hearing the ghostly voice of Obi-Wan Kenobi telling him to trust him. Luke places blind trust in an intangible energy that surrounds him, he

React to this headline:

Loading spinner

Real-world numbers for estimating security audit costs Read More »

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation 2025-07-15 at 16:19 By Zeljka Zorz UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot process). “While AMI (the original firmware supplier) has

React to this headline:

Loading spinner

Vulnerable firmware for Gigabyte motherboards could allow bootkit installation Read More »

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech 2025-07-15 at 09:00 By Mirko Zorz For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the

React to this headline:

Loading spinner

Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech Read More »

Securing vehicles as they become platforms for code and data

Securing vehicles as they become platforms for code and data 2025-07-15 at 08:31 By Mirko Zorz In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet management cybersecurity. He points to growing risks like API breaches, tampering with onboard

React to this headline:

Loading spinner

Securing vehicles as they become platforms for code and data Read More »

How service providers can turn cybersecurity into a scalable MRR engine

How service providers can turn cybersecurity into a scalable MRR engine 2025-07-15 at 08:04 By Help Net Security A growing number of MSPs, MSSPs, and consultancies are moving beyond one-and-done engagements and transforming from tactical vendors into strategic advisors. They’re shifting toward recurring cybersecurity programs that not only improve client outcomes but also generate compounding

React to this headline:

Loading spinner

How service providers can turn cybersecurity into a scalable MRR engine Read More »

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) 2025-07-14 at 16:34 By Zeljka Zorz With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon. About CVE-2025-25257 CVE-2025-25257 is found

React to this headline:

Loading spinner

Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257) Read More »

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare 2025-07-14 at 09:32 By Mirko Zorz In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity

React to this headline:

Loading spinner

FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare Read More »

Bitdefender PHASR: Proactive hardening demo overview

Bitdefender PHASR: Proactive hardening demo overview 2025-07-14 at 08:35 By Help Net Security Discover how Bitdefender PHASR enables organizations to identify and remediate security misconfigurations before attackers can exploit them. This demo walks through PHASR’s proactive hardening capabilities, showing how it transforms visibility into actionable protection. The post Bitdefender PHASR: Proactive hardening demo overview appeared

React to this headline:

Loading spinner

Bitdefender PHASR: Proactive hardening demo overview Read More »

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) 2025-07-11 at 15:32 By Zeljka Zorz Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses,

React to this headline:

Loading spinner

Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) Read More »

Where policy meets profit: Navigating the new frontier of defense tech startups

Where policy meets profit: Navigating the new frontier of defense tech startups 2025-07-11 at 08:33 By Mirko Zorz In this Help Net Security interview, Thijs Povel, Managing Partner at Ventures.eu, discusses how the firm evaluates emerging technologies through the lens of defense and resilience. He explains how founders from both defense and adjacent sectors are

React to this headline:

Loading spinner

Where policy meets profit: Navigating the new frontier of defense tech startups Read More »

Scroll to Top