Hot stuff

United Airlines CISO on building resilience when disruption is inevitable

United Airlines CISO on building resilience when disruption is inevitable 2026-02-09 at 09:09 By Mirko Zorz Aviation runs on complex digital systems built for stability, safety, and long lifecycles. That reality creates a unique cybersecurity challenge for airlines, where disruption can quickly become an operational and public trust crisis. In this Help Net Security interview, […]

United Airlines CISO on building resilience when disruption is inevitable Read More »

CISA orders US federal agencies to replace unsupported edge devices

CISA orders US federal agencies to replace unsupported edge devices 2026-02-06 at 18:24 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) issued a new binding operational directive aimed at reducing a long-standing cyber risk across federal networks: outdated “edge devices” that are not longer supported by vendors and aren’t receiving timely security

CISA orders US federal agencies to replace unsupported edge devices Read More »

State-backed phishing attacks targeting military officials and journalists on Signal

State-backed phishing attacks targeting military officials and journalists on Signal 2026-02-06 at 16:53 By Zeljka Zorz German security authorities are warning that a likely state-backed hacking group is engaged in attempts at phishing senior political figures, military officials, diplomats, and investigative journalists across Germany and Europe via Signal. The authorities also noted that while these

State-backed phishing attacks targeting military officials and journalists on Signal Read More »

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) 2026-02-06 at 13:12 By Zeljka Zorz For the third time in two weeks, CISA added a vulnerability (CVE-2026-24423) affecting SmarterTools’ SmarterMail email and collaboration server to its Known Exploited Vulnerabilities catalog, and this one is being exploited in ransomware attacks. A glut of SmarterMail vulnerabilities On January

Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423) Read More »

February 2026 Patch Tuesday forecast: Lots of OOB love this month

February 2026 Patch Tuesday forecast: Lots of OOB love this month 2026-02-06 at 09:54 By Help Net Security Valentine’s Day is just around the corner and Microsoft has been giving us a lot of love with a non-stop supply of patches starting with January 2026 Patch Tuesday. The January releases addressed 92 vulnerabilities in Windows

February 2026 Patch Tuesday forecast: Lots of OOB love this month Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

Why a decade-old EnCase driver still works as an EDR killer

Why a decade-old EnCase driver still works as an EDR killer 2026-02-05 at 14:02 By Zeljka Zorz Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This

Why a decade-old EnCase driver still works as an EDR killer Read More »

Smart glasses are back, privacy issues included

Smart glasses are back, privacy issues included 2026-02-05 at 09:11 By Sinisa Markovic AI smart glasses are the latest addition to fashion, and they include a camera, a microphone, AI, and privacy risks. After Google Glass failed to gain traction more than a decade ago, the category is seeing renewed interest as companies redesign the

Smart glasses are back, privacy issues included Read More »

Global Threat Map: Open-source real-time situational awareness platform

Global Threat Map: Open-source real-time situational awareness platform 2026-02-04 at 08:32 By Mirko Zorz Global Threat Map is an open-source project offering security teams a live view of reported cyber activity across the globe, pulling together open data feeds into a single interactive map. It visualizes indicators such as malware distribution, phishing activity, and attack

Global Threat Map: Open-source real-time situational awareness platform Read More »

How Secure by Design helps developers build secure software

How Secure by Design helps developers build secure software 2026-02-04 at 08:06 By Help Net Security Security isn’t just a feature, it’s a foundation. As cyber threats grow more sophisticated and regulations tighten, developers are being asked to do more than just write clean code. They’re being asked to build software that’s secure by design

How Secure by Design helps developers build secure software Read More »

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509)

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) 2026-02-03 at 17:21 By Zeljka Zorz Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft

Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) Read More »

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets 2026-02-03 at 15:34 By Zeljka Zorz Rapid7 researchers have attributed the recent hijacking of the Notepad++ update mechanism to Lotus Blossom (aka Billbug), a Chinese state-sponsored group known for targeting organizations in Southeast Asia for espionage purposes. On Wednesday, Kaspersky researchers shared the insights they’ve gleaned

Notepad++ supply chain attack: Researchers reveal details, IoCs, targets Read More »

Why boards must prioritize non-human identity governance

Why boards must prioritize non-human identity governance 2026-02-03 at 08:36 By Help Net Security Boards of Directors (BoDs) do three things exceptionally well when cyber is framed correctly. They set risk appetite, they allocate capital, and they demand evidence that the business can withstand disruption without losing momentum. Why cyber keeps becoming a board topic

Why boards must prioritize non-human identity governance Read More »

ShinyHunters flip the script on MFA in new data theft attacks

ShinyHunters flip the script on MFA in new data theft attacks 2026-02-02 at 18:50 By Zeljka Zorz Multi-factor authentication (MFA) is supposed to defend against phishing attacks, but threat actors operating under the ShinyHunters banner are using it as a pretext in ongoing social engineering attacks aimed at bypassing it. Among those successfully targeted in

ShinyHunters flip the script on MFA in new data theft attacks Read More »

How state-sponsored attackers hijacked Notepad++ updates

How state-sponsored attackers hijacked Notepad++ updates 2026-02-02 at 15:38 By Zeljka Zorz Suspected Chinese state-sponsored attackers hijacked the Notepad++ update mechanism by compromising the software project’s shared hosting server and intercepting and redirecting update traffic destined for notepad-plus-plus.org, the software’s maintainer Don Ho confirmed on Monday. The attack timeline In early December 2025, security researcher

How state-sponsored attackers hijacked Notepad++ updates Read More »

Open-source AI pentesting tools are getting uncomfortably good

Open-source AI pentesting tools are getting uncomfortably good 2026-02-02 at 09:10 By Help Net Security AI has come a long way in the pentesting world. We are now seeing open-source tools that can genuinely mimic how a human tester works, not just fire off scans. I dug into three of them, BugTrace-AI, Shannon, and CAI,

Open-source AI pentesting tools are getting uncomfortably good Read More »

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) 2026-01-30 at 05:32 By Zeljka Zorz Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited in zero-day attacks and has been added to CISA’s Known Exploited Vulnerabilities catalog. Investigating potential

Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281) Read More »

Google disrupts proxy network used by 550+ threat groups

Google disrupts proxy network used by 550+ threat groups 2026-01-29 at 18:27 By Zeljka Zorz Google has disrupted Ipidea, a massive residential proxy network consisting of user devices that are being used as the last-mile link in cyberattack chains. “In a single seven day period in January 2026, GTIG observed over 550 individual threat groups

Google disrupts proxy network used by 550+ threat groups Read More »

eScan AV supply chain compromise: Users targeted with malicious updates

eScan AV supply chain compromise: Users targeted with malicious updates 2026-01-29 at 17:29 By Zeljka Zorz The update infrastructure for eScan antivirus, a product of Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent downloader to enterprise and consumer endpoints. The supply chain compromise also resulted in the eScan

eScan AV supply chain compromise: Users targeted with malicious updates Read More »

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! 2026-01-29 at 11:34 By Zeljka Zorz SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers to upgrade to v2026.1 as soon as possible. The vulnerabilities The WHD vulnerabilities fixed

SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP! Read More »

Scroll to Top