Hot stuff

The messy data trails of telehealth are becoming a security nightmare

The messy data trails of telehealth are becoming a security nightmare 2025-12-16 at 09:24 By Mirko Zorz In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems […]

The messy data trails of telehealth are becoming a security nightmare Read More »

Kali Linux 2025.4: New tools and “quality-of-life” improvements

Kali Linux 2025.4: New tools and “quality-of-life” improvements 2025-12-15 at 13:48 By Zeljka Zorz OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and usability: Kali’s GNOME desktop environment now organizes Kali tools into folders via the

Kali Linux 2025.4: New tools and “quality-of-life” improvements Read More »

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) 2025-12-15 at 12:58 By Zeljka Zorz Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of Chrome, though at

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529) Read More »

How researchers are teaching AI agents to ask for permission the right way

How researchers are teaching AI agents to ask for permission the right way 2025-12-15 at 09:06 By Mirko Zorz People are starting to hand more decisions to AI agents, from booking trips to sorting digital files. The idea sounds simple. Tell the agent what you want, then let it work through the steps. The hard

How researchers are teaching AI agents to ask for permission the right way Read More »

Prometheus: Open-source metrics and monitoring systems and services

Prometheus: Open-source metrics and monitoring systems and services 2025-12-15 at 08:43 By Anamarija Pogorelec Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs, and

Prometheus: Open-source metrics and monitoring systems and services Read More »

What types of compliance should your password manager support?

What types of compliance should your password manager support? 2025-12-15 at 07:49 By Sinisa Markovic Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that regulators watch how organizations protect passwords, track access, and document security decisions. That

What types of compliance should your password manager support? Read More »

40 open-source tools redefining how security teams secure the stack

40 open-source tools redefining how security teams secure the stack 2025-12-11 at 09:07 By Anamarija Pogorelec Open source security software has become a key way for teams to get flexibility, transparency, and capability without licensing costs. The free tools in this roundup address problems security teams deal with, from managing large environments to catching misconfigurations

40 open-source tools redefining how security teams secure the stack Read More »

Henkel CISO on the messy truth of monitoring factories built across decades

Henkel CISO on the messy truth of monitoring factories built across decades 2025-12-10 at 09:08 By Mirko Zorz In this Help Net Security interview, Stefan Braun, CISO at Henkel, discusses how smart manufacturing environments introduce new cybersecurity risks. He explains where single points of failure hide, how attackers exploit legacy systems, and why monitoring must

Henkel CISO on the messy truth of monitoring factories built across decades Read More »

The hidden dynamics shaping who produces influential cybersecurity research

The hidden dynamics shaping who produces influential cybersecurity research 2025-12-10 at 08:52 By Mirko Zorz Cybersecurity leaders spend much of their time watching how threats and tools change. A new study asks a different question, how has the research community itself changed over the past two decades. Researchers from the University of Southampton examined two

The hidden dynamics shaping who produces influential cybersecurity research Read More »

Building SOX compliance through smarter training and stronger password practices

Building SOX compliance through smarter training and stronger password practices 2025-12-10 at 07:00 By Sinisa Markovic A SOX audit can reveal uncomfortable truths about how a company handles access to financial systems. Even organizations that invest in strong infrastructure often discover that everyday password habits weaken the controls they thought were solid. CISOs know that

Building SOX compliance through smarter training and stronger password practices Read More »

AI-driven threats are heading straight for the factory floor

AI-driven threats are heading straight for the factory floor 2025-12-09 at 09:07 By Mirko Zorz In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, discusses how industrial organizations are adapting to a shift in cyber risk driven by AI. She notes that in-house capability, especially for OT response and recovery, is

AI-driven threats are heading straight for the factory floor Read More »

AI agents break rules in unexpected ways

AI agents break rules in unexpected ways 2025-12-09 at 08:31 By Mirko Zorz AI agents are starting to take on tasks that used to be handled by people. These systems plan steps, call tools, and carry out actions without a person approving every move. This shift is raising questions for security leaders. A new research

AI agents break rules in unexpected ways Read More »

Download: Evaluating Password Monitoring Vendors

Download: Evaluating Password Monitoring Vendors 2025-12-08 at 16:10 By Help Net Security Organizations using Active Directory must update their password policies to block and detect compromised passwords. However, comparing vendors in this area can be challenging. By asking the right questions, you can identify the right partner and avoid introducing new technical, security, and compliance

Download: Evaluating Password Monitoring Vendors Read More »

December 2025 Patch Tuesday forecast: And it’s a wrap

December 2025 Patch Tuesday forecast: And it’s a wrap 2025-12-08 at 09:56 By Help Net Security It’s hard to believe that we’re in December of 2025 already and the end of the year is fast approaching. Looking back on the year, there are two major items that really stand out in my mind. First, there

December 2025 Patch Tuesday forecast: And it’s a wrap Read More »

NVIDIA research shows how agentic AI fails under attack

NVIDIA research shows how agentic AI fails under attack 2025-12-08 at 09:56 By Sinisa Markovic Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models,

NVIDIA research shows how agentic AI fails under attack Read More »

How to tell if your password manager meets HIPAA expectations

How to tell if your password manager meets HIPAA expectations 2025-12-08 at 08:03 By Sinisa Markovic Most healthcare organizations focus on encryption, network monitoring, and phishing prevention, although one simple source of risk still slips through the cracks. Password management continues to open doors for attackers more often than leaders expect. Weak, reused, or shared

How to tell if your password manager meets HIPAA expectations Read More »

Malicious Rust packages targeted Web3 developers

Malicious Rust packages targeted Web3 developers 2025-12-04 at 17:06 By Zeljka Zorz A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded 7257 times. Another package (uniswap-utils) by the same author

Malicious Rust packages targeted Web3 developers Read More »

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has

Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »

Smart grids are trying to modernize and attackers are treating it like an invitation

Smart grids are trying to modernize and attackers are treating it like an invitation 2025-12-04 at 09:05 By Mirko Zorz In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack

Smart grids are trying to modernize and attackers are treating it like an invitation Read More »

A day in the life of the internet tells a bigger story

A day in the life of the internet tells a bigger story 2025-12-04 at 08:43 By Sinisa Markovic On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by

A day in the life of the internet tells a bigger story Read More »

Scroll to Top