Hot stuff

Passwords are still breaking compliance programs

Passwords are still breaking compliance programs 2026-01-06 at 07:32 By Sinisa Markovic The security stack has grown, but audits still stumble on passwords. CISOs see this every year. An organization may have strong endpoint tools, layered network defenses, and a documented access policy. Then the audit turns to shared credentials, spreadsheet-based password storage, or accounts […]

Passwords are still breaking compliance programs Read More »

Pharma’s most underestimated cyber risk isn’t a breach

Pharma’s most underestimated cyber risk isn’t a breach 2026-01-05 at 08:47 By Mirko Zorz Chirag Shah, Global Information Security Officer & DPO at Model N examines how cyber risk in pharma and life sciences is shifting beyond traditional breaches toward data misuse, AI-driven exposure and regulatory pressure. He explains why executives still underestimate silent control

Pharma’s most underestimated cyber risk isn’t a breach Read More »

AI security risks are also cultural and developmental

AI security risks are also cultural and developmental 2026-01-05 at 08:32 By Anamarija Pogorelec Security teams spend much of their time tracking vulnerabilities, abuse patterns, and system failures. A new study argues that many AI risks sit deeper than technical flaws. Cultural assumptions, uneven development, and data gaps shape how AI systems behave, where they

AI security risks are also cultural and developmental Read More »

OpenAEV: Open-source adversarial exposure validation platform

OpenAEV: Open-source adversarial exposure validation platform 2026-01-05 at 08:02 By Sinisa Markovic OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns used by security teams. The project focuses on organizing exercises that blend technical actions with operational and human response elements, all managed through a single system. Scenarios

OpenAEV: Open-source adversarial exposure validation platform Read More »

Five identity-driven shifts reshaping enterprise security in 2026

Five identity-driven shifts reshaping enterprise security in 2026 2025-12-24 at 11:18 By Help Net Security 2026 marks the tipping point when artificial intelligence begins to fundamentally reshape cyber risk. After several years of widespread adoption, AI moves beyond influencing how we work and starts transforming the enterprise itself. AI is now embedded at every layer

Five identity-driven shifts reshaping enterprise security in 2026 Read More »

What if your face could say “don’t record me”? Researchers think it’s possible

What if your face could say “don’t record me”? Researchers think it’s possible 2025-12-24 at 10:01 By Sinisa Markovic Phones, smart glasses, and other camera-equipped devices capture scenes that include people who never agreed to be recorded. A newly published study examines what it would take for bystanders to signal their privacy choices directly to

What if your face could say “don’t record me”? Researchers think it’s possible Read More »

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits 2025-12-23 at 14:47 By Zeljka Zorz Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept (PoC) exploits for known vulnerabilities. Delivering the malware The recently uncovered Webrat can steal data from

Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits Read More »

WatchGuard Firebox firewalls under attack (CVE-2025-14733)

WatchGuard Firebox firewalls under attack (CVE-2025-14733) 2025-12-22 at 13:24 By Zeljka Zorz More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used

WatchGuard Firebox firewalls under attack (CVE-2025-14733) Read More »

Building cyber talent through competition, residency, and real-world immersion

Building cyber talent through competition, residency, and real-world immersion 2025-12-22 at 09:01 By Mirko Zorz In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity & Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the cyber talent pipeline breaks down and what it takes to fix it. She discusses skill

Building cyber talent through competition, residency, and real-world immersion Read More »

AI isn’t one system, and your threat model shouldn’t be either

AI isn’t one system, and your threat model shouldn’t be either 2025-12-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters,

AI isn’t one system, and your threat model shouldn’t be either Read More »

Crypto theft in 2025: North Korean hackers continue to dominate

Crypto theft in 2025: North Korean hackers continue to dominate 2025-12-18 at 17:42 By Zeljka Zorz When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion

Crypto theft in 2025: North Korean hackers continue to dominate Read More »

More than half of public vulnerabilities bypass leading WAFs

More than half of public vulnerabilities bypass leading WAFs 2025-12-18 at 13:42 By Help Net Security Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven

More than half of public vulnerabilities bypass leading WAFs Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Privacy risks sit inside the ads that fill your social media feed

Privacy risks sit inside the ads that fill your social media feed 2025-12-18 at 08:34 By Sinisa Markovic Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for

Privacy risks sit inside the ads that fill your social media feed Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) 2025-12-17 at 16:31 By Zeljka Zorz Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) Read More »

Why vulnerability reports stall inside shared hosting companies

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

European police busts Ukraine scam call centers

European police busts Ukraine scam call centers 2025-12-16 at 15:25 By Zeljka Zorz Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. “The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and

European police busts Ukraine scam call centers Read More »

SoundCloud breached, hit by DoS attacks

SoundCloud breached, hit by DoS attacks 2025-12-16 at 14:05 By Zeljka Zorz Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages. It

SoundCloud breached, hit by DoS attacks Read More »

Scroll to Top