Hot stuff

Building a mature automotive cybersecurity program beyond checklists

agentic AI, Agero, automotive security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, security controls, security metrics, strategy /

Building a mature automotive cybersecurity program beyond checklists 2025-10-02 at 09:41 By Mirko Zorz In this Help Net Security interview, Robert Sullivan, CIO & CISO at Agero, shares his perspective on automotive cybersecurity. He discusses strategies for developing mature security programs, meeting regulatory requirements, and addressing supply chain risks. Sullivan also looks ahead to how […]

React to this headline:

Loading spinner

Building a mature automotive cybersecurity program beyond checklists Read More »

GPT needs to be rewired for security

Artificial Intelligence, automation, cybersecurity, Don't miss, Exaforce, Expert analysis, Expert corner, Hot stuff, LLMs, News, opinion, SOC /

GPT needs to be rewired for security 2025-10-02 at 09:18 By Help Net Security LLMs and agentic systems already shine at everyday productivity, including transcribing and summarizing meetings, extracting action items, prioritizing critical emails, and even planning travel. But in the SOC (where mistakes have real cost), today’s models stumble on work that demands high

React to this headline:

Loading spinner

GPT needs to be rewired for security Read More »

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S.

AI, Australia, Canada, Don't miss, Europe, financial industry, Germany, Government, healthcare, Hot stuff, India, Insider Threat, Japan, News, North Korea, Okta, remote working, Singapore, software development, tips, UK, USA /

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. 2025-10-01 at 17:24 By Zeljka Zorz North Korea’s clandestine IT Worker (ITW) program, which is long known for targeting U.S. technology firms and crypto firms, has broadened its scope to attempt to infiltrate a variety of industries worldwide, including finance, healthcare, public

React to this headline:

Loading spinner

North Korea’s IT workers are targeting firms beyond tech, crypto, and the U.S. Read More »

Google Drive for desktop will spot, stop and remedy ransomware damage

cloud storage, Don't miss, Encryption, Google, Google Drive, Hot stuff, macOS, News, Ransomware, Windows /

Google Drive for desktop will spot, stop and remedy ransomware damage 2025-10-01 at 16:33 By Zeljka Zorz Google has rolled out AI-powered ransomware detection and file restoration features in Drive for desktop, Google’s official file syncing and access app for Windows and macOS. Currently in open beta, this new layer of defense is not meant

React to this headline:

Loading spinner

Google Drive for desktop will spot, stop and remedy ransomware damage Read More »

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts

0-day, Cisco, Don't miss, firewall, Government, government-backed attacks, GreyNoise, Hot stuff, News, Shadowserver /

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts 2025-10-01 at 13:36 By Zeljka Zorz Despite Cisco and various cybersecurity agencies warning about attackers actively exploting zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) in Cisco Adaptive Security Appliances (ASA) for months, there are still around 48,000 vulnerable appliances out there. The number is provided by

React to this headline:

Loading spinner

Too many Cisco ASA firewalls still unsecure despite zero-day attack alerts Read More »

Hackers love LOTL, this approach shuts them down

Bitdefender, cyberattacks, cybersecurity, Don't miss, Hot stuff, News, Risk Management /

Hackers love LOTL, this approach shuts them down 2025-10-01 at 09:04 By Zeljka Zorz Every time cyber defenders and companies discover new ways to block intrusions, attackers change their tactics and find a way around the defenses. “Living off the Land” (LOTL) is a prime example: since many detection tools became good at flagging malware,

React to this headline:

Loading spinner

Hackers love LOTL, this approach shuts them down Read More »

How to stop a single vendor breach from taking down your business

CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, Intel 471, News, Risk Management, strategy, third party compromise, tips, Video /

How to stop a single vendor breach from taking down your business 2025-10-01 at 07:38 By Help Net Security In this Help Net Security video, William Dixon, Senior Executive at Intel 471, examines the future of third-party cyber risk and why it is a growing concern for organizations worldwide. As businesses become more interconnected, the

React to this headline:

Loading spinner

How to stop a single vendor breach from taking down your business Read More »

CISA says it will fill the gap as some federal funding for MS-ISAC dries up

Center for Internet Security, CISA, cybersecurity, DHS, Don't miss, Government, Hot stuff, News, USA /

CISA says it will fill the gap as some federal funding for MS-ISAC dries up 2025-09-30 at 18:45 By Zeljka Zorz The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon

React to this headline:

Loading spinner

CISA says it will fill the gap as some federal funding for MS-ISAC dries up Read More »

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI

Don't miss, Hot stuff, News, Picus Security, Whitepapers and webinars /

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI 2025-09-30 at 15:00 By Help Net Security Join Picus Security, SANS, Hacker Valley, and leading CISOs at The BAS Summit 2025 to learn how AI is redefining Breach and Attack Simulation (BAS) and why it’s becoming the new benchmark for cyber resilience. Attend the webinar

React to this headline:

Loading spinner

Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI Read More »

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)

backup, consumer, data security, Don't miss, Hot stuff, NAS, News, SMBs, vulnerability, Western Digital /

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) 2025-09-30 at 14:11 By Zeljka Zorz Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has urged users to upgrade as soon as possible. About CVE-2025-30247 Western Digital’s My Cloud

React to this headline:

Loading spinner

Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247) Read More »

The hidden risks inside open-source code

cybersecurity, Don't miss, Features, Hot stuff, News, open source, research, Risk Management, software, supply chain /

The hidden risks inside open-source code 2025-09-30 at 09:12 By Mirko Zorz Open-source software is everywhere. It runs the browsers we use, the apps we rely on, and the infrastructure that keeps businesses connected. For many security leaders, it is simply part of the environment, not something they think about every day. That is where

React to this headline:

Loading spinner

The hidden risks inside open-source code Read More »

Cyber risk quantification helps CISOs secure executive support

Artificial Intelligence, CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, strategy, supply chain, Zurich Resilience Solutions /

Cyber risk quantification helps CISOs secure executive support 2025-09-30 at 08:44 By Mirko Zorz In this Help Net Security interview, Vivien Bilquez, Global Head of Cyber Resilience at Zurich Resilience Solutions, discusses how organizations are rethinking cyber resilience. He talks about the priorities CISOs should focus on and the risks that are often overlooked. Bilquez

React to this headline:

Loading spinner

Cyber risk quantification helps CISOs secure executive support Read More »

Akira ransomware: From SonicWall VPN login to encryption in under four hours

Arctic Wolf Networks, credentials, Don't miss, enterprise, Hot stuff, MFA, News, Ransomware, SMBs, SonicWall, vulnerability /

Akira ransomware: From SonicWall VPN login to encryption in under four hours 2025-09-29 at 18:47 By Zeljka Zorz Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned. Armed with SonicWall SSL VPN credentials stolen in earlier

React to this headline:

Loading spinner

Akira ransomware: From SonicWall VPN login to encryption in under four hours Read More »

How attackers poison AI tools and defenses

Artificial Intelligence, Barracuda Networks, cyberattacks, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, Hot stuff, News, opinion, resilience /

How attackers poison AI tools and defenses 2025-09-29 at 09:06 By Help Net Security Cyberattackers are using generative AI to draft polished spam, create malicious code and write persuasive phishing lures. They are also learning how to turn AI systems themselves into points of compromise. Recent findings highlight this shift. Researchers from Columbia University and

React to this headline:

Loading spinner

How attackers poison AI tools and defenses Read More »

The CISO’s guide to stronger board communication

boardroom, CISO, cybersecurity, Darwinium, Don't miss, Hot stuff, News, strategy, tips, Video /

The CISO’s guide to stronger board communication 2025-09-29 at 08:04 By Help Net Security In this Help Net Security video, Alisdair Faulkner, CEO of Darwinium, explores how the role of the CISO has changed over the past decade. Faulkner shares insights on how CISOs can communicate with the board, overcome common pitfalls such as overly

React to this headline:

Loading spinner

The CISO’s guide to stronger board communication Read More »

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035)

0-day, Don't miss, enterprise, Fortra, Hot stuff, News, Rapid7, WatchTowr /

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) 2025-09-26 at 17:50 By Zeljka Zorz CVE-2025-10035, a perfect CVSS 10.0 vulnerability in the Fortra GoAnywhere managed file transfer solution, has apparently been exploited in zero-day attacks before the patch was released on September 15, 2025. Evidence of in-the-wild exploitation revealed On September 18, Fortra

React to this headline:

Loading spinner

Attackers exploited critical Fortra GoAnywhere flaw in zero-day attacks (CVE-2025-10035) Read More »

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks

0-day, backdoor, CISA, Cisco, Don't miss, firewall, Government, government-backed attacks, Hot stuff, malware analysis, NCSC, News /

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks 2025-09-26 at 14:19 By Zeljka Zorz A widespread campaign aimed at breaching organizations via zero-day vulnerabilities in Cisco Adaptive Security Appliances (ASA) has been revealed by the US, UK, Canadian and Australian cybersecurity agencies. The suspected state-sponsored threat actor behind it is believed to be the one

React to this headline:

Loading spinner

Cisco ASA zero-day vulnerabilities exploited in sophisticated attacks Read More »

European Windows 10 users get an additional year of free security updates

consumer, Don't miss, Europe, Hot stuff, Microsoft, News, security update, Windows /

European Windows 10 users get an additional year of free security updates 2025-09-25 at 21:26 By Zeljka Zorz Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up their settings, apps, or credentials to

React to this headline:

Loading spinner

European Windows 10 users get an additional year of free security updates Read More »

Microsoft spots LLM-obfuscated phishing attack

Don't miss, Hot stuff, LLMs, malware detection, Microsoft, News, phishing /

Microsoft spots LLM-obfuscated phishing attack 2025-09-25 at 19:00 By Zeljka Zorz Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code (along with Kali Linux)

React to this headline:

Loading spinner

Microsoft spots LLM-obfuscated phishing attack Read More »

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)

0-day, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs /

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) 2025-09-25 at 15:33 By Zeljka Zorz Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About CVE-2025-20352 Cisco IOS software can be found on older models of Cisco Catalyst switches, Integrated

React to this headline:

Loading spinner

Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352) Read More »

Scroll to Top