Hot stuff

Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel

cybersecurity, Don't miss, framework, Hot stuff, MITRE, MITRE ATT&CK, News, Video /

Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel 2025-05-19 at 07:04 By Help Net Security In this Help Net Security video, Adam Pennington, MITRE ATT&CK Lead, breaks down what’s new in the ATT&CK v17 release. He highlights the addition of the ESXi platform, new and updated techniques for Linux, refinements to mitigation guidance, and […]

React to this headline:

Loading spinner

Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

React to this headline:

Loading spinner

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Deepfake attacks could cost you more than money

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, Features, Hot stuff, Incident Response, News, policy, X-PHY /

Deepfake attacks could cost you more than money 2025-05-16 at 09:04 By Mirko Zorz In this Help Net Security interview, Camellia Chan, CEO at X-PHY, discusses the dangers of deepfakes in real-world incidents, including their use in financial fraud and political disinformation. She explains AI-driven defense strategies and recommends updating incident response plans and internal

React to this headline:

Loading spinner

Deepfake attacks could cost you more than money Read More »

Coinbase suffers data breach, gets extorted (but won’t pay)

Coinbase, Cryptocurrency Exchange, cybercrime, data breach, Don't miss, extortion, Hot stuff, Insider Threat, News /

Coinbase suffers data breach, gets extorted (but won’t pay) 2025-05-15 at 17:35 By Zeljka Zorz Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and Exchange Commission (SEC). The

React to this headline:

Loading spinner

Coinbase suffers data breach, gets extorted (but won’t pay) Read More »

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers

Don't miss, Hot stuff, Huntress, News, PoC, Samsung, SANS ISC, vulnerability /

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers 2025-05-15 at 14:18 By Zeljka Zorz Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar,

React to this headline:

Loading spinner

Samsung patches MagicINFO 9 Server vulnerability exploited by attackers Read More »

Building cybersecurity culture in science-driven organizations

CISO, collaboration, cybersecurity, Don't miss, Features, Hot stuff, News, Novonesis, standards, strategy, tips /

Building cybersecurity culture in science-driven organizations 2025-05-15 at 08:31 By Mirko Zorz In this Help Net Security interview, Anne Sofie Roed Rasmussen, CISO at Novonesis, discusses how a science-driven organization approaches cybersecurity, aligning innovation with protection, measuring cultural progress, managing shadow IT, and earning trust from scientific leaders. How do you measure progress when it

React to this headline:

Loading spinner

Building cybersecurity culture in science-driven organizations Read More »

How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World”

books, cybersecurity, Don't miss, generative AI, Hot stuff, News, opinion, Privacy, tips /

How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World” 2025-05-15 at 07:34 By Mirko Zorz In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her upcoming book Digital Safety in a Dangerous World, which will feature her expert advice, as well

React to this headline:

Loading spinner

How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World” Read More »

Google strengthens secure enterprise access from BYOD Android devices

Android, BYOD, Don't miss, enterprise, Hot stuff, mobile devices, News, secure access, smartphones, zero trust /

Google strengthens secure enterprise access from BYOD Android devices 2025-05-14 at 19:21 By Zeljka Zorz Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate resources and data. Device Trust from Android Enterprise (Source: Google) What is Device

React to this headline:

Loading spinner

Google strengthens secure enterprise access from BYOD Android devices Read More »

Southwest Airlines CISO on tackling cyber risks in the aviation industry

CISO, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, travel industry /

Southwest Airlines CISO on tackling cyber risks in the aviation industry 2025-05-14 at 08:33 By Mirko Zorz In this Help Net Security interview, Carrie Mills, VP and CISO, Southwest Airlines talks about the cybersecurity challenges facing the aviation industry. She explains how being part of critical infrastructure, a major consumer brand, and an airline each

React to this headline:

Loading spinner

Southwest Airlines CISO on tackling cyber risks in the aviation industry Read More »

Insider risk management needs a human strategy

access control, Capterra, CISO, Code42, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, Insider Threat, Ivanti, Kai Roer, MIND, News, opinion, Praxis Security Labs, Protasec, Risk Management, strategy, tips, Veracode /

Insider risk management needs a human strategy 2025-05-14 at 08:01 By Mirko Zorz Insider risk is not just about bad actors. Most of the time, it’s about mistakes. Someone sends a sensitive file to the wrong address, or uploads a document to their personal cloud to work from home. In many cases, there is no

React to this headline:

Loading spinner

Insider risk management needs a human strategy Read More »

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days

Don't miss, Hot stuff, Immersive, Microsoft, Microsoft Edge, News, Patch Tuesday, SharePoint, Tenable, Trend Micro /

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days 2025-05-13 at 23:00 By Zeljka Zorz On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory

React to this headline:

Loading spinner

Patch Tuesday: Microsoft fixes 5 actively exploited zero-days Read More »

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)

0-day, Don't miss, Fortinet, Hot stuff, IP phones, News /

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) 2025-05-13 at 21:48 By Zeljka Zorz Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-2025-32756 CVE-2025-32756 is a stack-based overflow vulnerability that

React to this headline:

Loading spinner

Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) Read More »

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428)

CERT-EU, Don't miss, Endpoint Security, Hot stuff, Ivanti, News, security update, vulnerability /

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The

React to this headline:

Loading spinner

Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »

Product showcase: Go beyond VPNs and Tor with NymVPN

Don't miss, Hot stuff, News, Nym, Product showcase, VPN /

Product showcase: Go beyond VPNs and Tor with NymVPN 2025-05-13 at 16:01 By Help Net Security If you care about online privacy, you probably already know: Centralized VPNs and even Tor aren’t enough anymore. Traditional VPNs require you to trust a single company with your internet activity. Even if they promise “no logs,” you’re still

React to this headline:

Loading spinner

Product showcase: Go beyond VPNs and Tor with NymVPN Read More »

CISOs must speak business to earn executive trust

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PagerDuty, strategy /

CISOs must speak business to earn executive trust 2025-05-13 at 09:33 By Mirko Zorz In this Help Net Security interview, Pritesh Parekh, VP, CISO at PagerDuty talks about how CISOs can change perceptions of their role, build influence across the organization, communicate risk in business terms, and use automation to support business goals. What do

React to this headline:

Loading spinner

CISOs must speak business to earn executive trust Read More »

AI vs AI: How cybersecurity pros can use criminals’ tools against them

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Oxylabs /

AI vs AI: How cybersecurity pros can use criminals’ tools against them 2025-05-13 at 09:01 By Help Net Security For a while now, AI has played a part in cybersecurity. Now, agentic AI is taking center stage. Based on pre-programmed plans and objectives, agentic AI can make choices which optimize results without a need for

React to this headline:

Loading spinner

AI vs AI: How cybersecurity pros can use criminals’ tools against them Read More »

Breaking down silos in cybersecurity

CISO, collaboration, cybersecurity, Cymetry One, Don't miss, Hot stuff, Ionix, News, opinion, Risk Management, strategy /

Breaking down silos in cybersecurity 2025-05-13 at 08:34 By Help Net Security All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As

React to this headline:

Loading spinner

Breaking down silos in cybersecurity Read More »

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors

Don't miss, enterprise, Forescout, Government, Hot stuff, Incident Response, Mandiant, News, Onapsis, SAP, web shell /

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable

React to this headline:

Loading spinner

Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »

How to give better cybersecurity presentations (without sounding like a robot)

CISO, conferences, CXO, Don't miss, Features, Hot stuff, how-to, News, skill development, strategy, tips /

How to give better cybersecurity presentations (without sounding like a robot) 2025-05-12 at 08:35 By Mirko Zorz Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only

React to this headline:

Loading spinner

How to give better cybersecurity presentations (without sounding like a robot) Read More »

Fake AI platforms deliver malware diguised as video content

Artificial Intelligence, cybercrime, Don't miss, Hot stuff, Malware, Morphisec, News, scams, SMBs, social engineering /

Fake AI platforms deliver malware diguised as video content 2025-05-09 at 16:53 By Zeljka Zorz A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but

React to this headline:

Loading spinner

Fake AI platforms deliver malware diguised as video content Read More »

Scroll to Top