Hot stuff

Sensitive data of Eurail, Interrail travelers compromised in data breach

Sensitive data of Eurail, Interrail travelers compromised in data breach 2026-01-15 at 17:04 By Zeljka Zorz A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers. What data was accessed? Eurail B.V. operates on behalf […]

Sensitive data of Eurail, Interrail travelers compromised in data breach Read More »

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) 2026-01-15 at 15:27 By Zeljka Zorz A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. About CVE-2025-64155 CVE-2025-64155 may allow unauthenticated, remote attackers to execute unauthorized code or

PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155) Read More »

LinkedIn wants to make verification a portable trust signal

LinkedIn wants to make verification a portable trust signal 2026-01-15 at 08:34 By Mirko Zorz In this Help Net Security interview, Oscar Rodriguez, VP Trust Product at LinkedIn, discusses how verification is becoming a portable trust signal across the internet. He explains how LinkedIn is extending professional identity beyond its platform to address rising AI-driven

LinkedIn wants to make verification a portable trust signal Read More »

Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026

Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026 2026-01-14 at 16:03 By Help Net Security Join former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing, Lane Billings, on January 20th for an exclusive insider look at how email security vendors will be evaluated in 2026. Backed by years

Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026 Read More »

CISO Assistant: Open-source cybersecurity management and GRC

CISO Assistant: Open-source cybersecurity management and GRC 2026-01-14 at 13:25 By Mirko Zorz CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to

CISO Assistant: Open-source cybersecurity management and GRC Read More »

Firmware scanning time, cost, and where teams run EMBA

Firmware scanning time, cost, and where teams run EMBA 2026-01-14 at 13:25 By Mirko Zorz Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the

Firmware scanning time, cost, and where teams run EMBA Read More »

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience 2026-01-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CISO and CTO at Rakuten Viber, discusses how messaging platforms have become critical infrastructure during crises and conflicts. He explains how it influences cybersecurity priorities, from encryption and abuse prevention

Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience Read More »

Teaching cybersecurity by letting students break things

Teaching cybersecurity by letting students break things 2026-01-13 at 09:01 By Sinisa Markovic Cybersecurity students show higher engagement when the work feels tangible. A new study from Airbus Cybersecurity and Dauphine University describes what happens when courses move beyond lectures and place students inside structured hacking scenarios, social engineering exercises, and competitive games. From theory

Teaching cybersecurity by letting students break things Read More »

There was no data breach, Instagram says

There was no data breach, Instagram says 2026-01-12 at 13:20 By Zeljka Zorz News of a possible Instagram data breach spread over the weekend after Malwarebytes reported that cybercriminals had stolen sensitive information from 17.5 million Instagram accounts, potentially leading to a surge in password reset requests. Users have been complaining last week about receiving

There was no data breach, Instagram says Read More »

Rethinking OT security for project heavy shipyards

Rethinking OT security for project heavy shipyards 2026-01-12 at 09:09 By Mirko Zorz In this Help Net Security interview, Hans Quivooij, CISO at Damen Shipyards Group, discusses securing OT and ICS in the shipyard. He outlines how project-based operations, rotating contractors, and temporary systems expand the threat surface and complicate access control. Quivooij also covers

Rethinking OT security for project heavy shipyards Read More »

pfSense: Open-source firewall and routing platform

pfSense: Open-source firewall and routing platform 2026-01-12 at 08:33 By Sinisa Markovic Firewalls, VPN access, and traffic rules need steady attention, often with limited budgets and staff. In that context, the open source pfSense Community Edition (CE) continues to show up in production environments, supported by a long-standing user community. pfSense CE is the free,

pfSense: Open-source firewall and routing platform Read More »

What security teams can learn from torrent metadata

What security teams can learn from torrent metadata 2026-01-12 at 08:10 By Mirko Zorz Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that same

What security teams can learn from torrent metadata Read More »

January 2026 Patch Tuesday forecast: And so it continues

January 2026 Patch Tuesday forecast: And so it continues 2026-01-09 at 11:26 By Help Net Security Welcome to a new year of my Patch Tuesday forecast blog where I provide a summary of Microsoft and other vendor’s security patch activity (and reported issues) for the month, talk about some of the latest trends, processes, and

January 2026 Patch Tuesday forecast: And so it continues Read More »

How AI agents are turning security inside-out

How AI agents are turning security inside-out 2026-01-09 at 09:30 By Help Net Security AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built

How AI agents are turning security inside-out Read More »

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) 2026-01-08 at 16:43 By Zeljka Zorz An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. The vulnerability’s inclusion in the catalog is unsurprising, as technical

Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164) Read More »

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) 2026-01-08 at 14:08 By Zeljka Zorz Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations. The three vulnerabilities were unearthed and

PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258) Read More »

Passwords are where PCI DSS compliance often breaks down

Passwords are where PCI DSS compliance often breaks down 2026-01-08 at 07:36 By Sinisa Markovic Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the

Passwords are where PCI DSS compliance often breaks down Read More »

UK announces grand plan to secure online public services

UK announces grand plan to secure online public services 2026-01-07 at 15:32 By Zeljka Zorz The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it. Setting up a Government Cyber Unit “Cyber attacks can

UK announces grand plan to secure online public services Read More »

Fake Booking.com emails and BSODs used to infect hospitality staff

Fake Booking.com emails and BSODs used to infect hospitality staff 2026-01-07 at 13:06 By Zeljka Zorz Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros,

Fake Booking.com emails and BSODs used to infect hospitality staff Read More »

Turning plain language into firewall rules

Turning plain language into firewall rules 2026-01-06 at 09:00 By Sinisa Markovic Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule

Turning plain language into firewall rules Read More »

Scroll to Top