Hot stuff

Download: Cyber defense guide for the financial sector

Center for Internet Security, Don't miss, Hot stuff, News, Whitepapers and webinars /

Download: Cyber defense guide for the financial sector 2025-09-09 at 15:46 By Help Net Security Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s cybersecurity, you must contend with evolving regulatory obligations, outdated IT infrastructure, and other challenges. How do you […]

React to this headline:

Loading spinner

Download: Cyber defense guide for the financial sector Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Arctic Wolf Networks, data theft, Don't miss, enterprise, Hot stuff, malvertising, Malware, malware analysis, News, SMBs /

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

React to this headline:

Loading spinner

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Connected cars are racing ahead, but security is stuck in neutral

car, connected cars, cyber risk, Don't miss, Features, hardware, Hot stuff, News, supply chain /

Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential

React to this headline:

Loading spinner

Connected cars are racing ahead, but security is stuck in neutral Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

credentials, data theft, Don't miss, Hot stuff, Mandiant, News, Salesforce, Salesloft, supply chain compromise /

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

React to this headline:

Loading spinner

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Cybersecurity research is getting new ethics rules, here’s what you need to know

conferences, cybersecurity, Don't miss, Features, guide, Hot stuff, how-to, News, research, tips /

Cybersecurity research is getting new ethics rules, here’s what you need to know 2025-09-08 at 09:01 By Mirko Zorz Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such

React to this headline:

Loading spinner

Cybersecurity research is getting new ethics rules, here’s what you need to know Read More »

Cyber defense cannot be democratized

Artificial Intelligence, attacks, cyber resilience, cybersecurity, DevOps, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, SkyHawk Security /

Cyber defense cannot be democratized 2025-09-08 at 08:14 By Help Net Security The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt

React to this headline:

Loading spinner

Cyber defense cannot be democratized Read More »

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

Don't miss, enterprise, Hot stuff, NCSC-NL, News, SAP, SAP security, SecurityBridge, vulnerability /

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report

React to this headline:

Loading spinner

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »

Stealthy attack serves poisoned web pages only to AI agents

agentic AI, AI, Don't miss, Hot stuff, JFrog, News, prompt injection, research /

Stealthy attack serves poisoned web pages only to AI agents 2025-09-05 at 14:30 By Zeljka Zorz AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous

React to this headline:

Loading spinner

Stealthy attack serves poisoned web pages only to AI agents Read More »

September 2025 Patch Tuesday forecast: The CVE matrix

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator

React to this headline:

Loading spinner

September 2025 Patch Tuesday forecast: The CVE matrix Read More »

CyberFlex: Flexible Pen testing as a Service with EASM

Don't miss, Hot stuff, News, Outpost24, Video /

CyberFlex: Flexible Pen testing as a Service with EASM 2025-09-04 at 16:58 By Help Net Security About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model.

React to this headline:

Loading spinner

CyberFlex: Flexible Pen testing as a Service with EASM Read More »

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Android, Don't miss, Google, Hot stuff, Motorola Solutions, News, Samsung, security update, vulnerability /

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code

React to this headline:

Loading spinner

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »

macOS vulnerability allowed Keychain and iOS app decryption without a password

apple, conferences, CVE, cybersecurity, Don't miss, Hot stuff, macOS, News, security update, vulnerability /

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the

React to this headline:

Loading spinner

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

0-day, Don't miss, enterprise, Hot stuff, Mandiant, News, Sitecore, SMBs /

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

React to this headline:

Loading spinner

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare, credentials, data breach, Don't miss, Hot stuff, News, OAuth, Proofpoint, Rubrik, SaaS, Salesforce, supply chain compromise /

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated

React to this headline:

Loading spinner

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »

How gaming experience can help with a cybersecurity career

CAPSLOCK, CompTIA, cybersecurity, cybersecurity jobs, Don't miss, game, Hot stuff, News, online gaming, skill development, strategy, tips, Varonis /

How gaming experience can help with a cybersecurity career 2025-09-03 at 08:41 By Sinisa Markovic Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of

React to this headline:

Loading spinner

How gaming experience can help with a cybersecurity career Read More »

Detecting danger: EASM in the modern security stack

Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, Outpost24, threat, Threat Intelligence /

Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that

React to this headline:

Loading spinner

Detecting danger: EASM in the modern security stack Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Astrix Security, data breach, Don't miss, Gmail, Google, Hot stuff, Mandiant, News, OAuth, PagerDuty, Palo Alto Networks, Salesforce, SpyCloud, Tanium, WideField, Zscaler /

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

React to this headline:

Loading spinner

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Can AI agents catch what your SOC misses?

Artificial Intelligence, cybersecurity, Don't miss, Features, framework, Hot stuff, network monitoring, News, open source, research, security operations, SOC /

Can AI agents catch what your SOC misses? 2025-09-02 at 10:45 By Mirko Zorz A new research project called NetMoniAI shows how AI agents might reshape network monitoring and security. Developed by a team at Texas Tech University, the framework brings together two ideas: distributed monitoring at the edge and AI-driven analysis at the center.

React to this headline:

Loading spinner

Can AI agents catch what your SOC misses? Read More »

AIDEFEND: Free AI defense framework

Artificial Intelligence, cybersecurity, Don't miss, framework, Hot stuff, News, open source /

AIDEFEND: Free AI defense framework 2025-09-01 at 09:21 By Mirko Zorz AIDEFEND (Artificial Intelligence Defense Framework) is an open knowledge base dedicated to AI security, providing defensive countermeasures and best practices to help security pros safeguard AI and machine learning systems. Practicality is at the core of AIDEFEND. The framework is designed to be “highly

React to this headline:

Loading spinner

AIDEFEND: Free AI defense framework Read More »

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

CISO, cyber resilience, cybersecurity, Don't miss, Features, framework, Hot stuff, machine learning, MITRE ATT&CK, News, OWASP, reconnaissance, research, security operations, SOC /

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior 2025-09-01 at 09:21 By Mirko Zorz A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models

React to this headline:

Loading spinner

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior Read More »

Scroll to Top