Hot stuff

Four arrested in connection with M&S, Co-op ransomware attacks

Don't miss, Hot stuff, National Crime Agency, News, Ransomware, Retail, social engineering, UK /

Four arrested in connection with M&S, Co-op ransomware attacks 2025-07-10 at 17:19 By Zeljka Zorz Four individuals suspected of having been involved in the ransomware attacks that hit UK-based retailers earlier this year have been arrested by the UK National Crime Agency. “Two males aged 19, another aged 17, and a 20-year-old female were apprehended […]

React to this headline:

Loading spinner

Four arrested in connection with M&S, Co-op ransomware attacks Read More »

Ruckus network management solutions riddled with unpatched vulnerabilities

Carnegie Mellon University, Claroty, Don't miss, Hot stuff, networking, News, Ruckus Networks, vulnerability, vulnerability disclosure, wireless /

Ruckus network management solutions riddled with unpatched vulnerabilities 2025-07-10 at 15:52 By Zeljka Zorz Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have

React to this headline:

Loading spinner

Ruckus network management solutions riddled with unpatched vulnerabilities Read More »

What EU’s PQC roadmap means on the ground

certificates, cybersecurity, Don't miss, Encryption, EU, F5 Networks, Features, Hot stuff, News, quantum computing, regulation, standards /

What EU’s PQC roadmap means on the ground 2025-07-10 at 09:11 By Mirko Zorz In this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and addresses both the technical and regulatory challenges of migrating to PQC. Warburton also outlines practical steps

React to this headline:

Loading spinner

What EU’s PQC roadmap means on the ground Read More »

Train smarter, respond faster: Close the skill gaps in your SOC

cybersecurity, Don't miss, Hot stuff, News, skill development, SOC, training, TryHackMe /

Train smarter, respond faster: Close the skill gaps in your SOC 2025-07-09 at 16:05 By Zeljka Zorz “In today’s fast-paced digital landscape” – as AI chatbots are fond of phrasing it – a cyber attack targeting your organization is a statistical certainty. But is your security team ready to respond when it happens? Can they

React to this headline:

Loading spinner

Train smarter, respond faster: Close the skill gaps in your SOC Read More »

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981)

Don't miss, Hot stuff, Ivanti, Microsoft Edge, MS Office, News, Patch Tuesday, Qualys, SharePoint, Tenable, Trend Micro, Windows, Windows Server /

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) 2025-07-09 at 14:31 By Zeljka Zorz For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an uninitialized memory

React to this headline:

Loading spinner

Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) Read More »

Why your security team feels stuck

CISO, cybersecurity, Don't miss, Features, FireMon, Hot stuff, how-to, News, opinion, security operations, strategy, tips, Transcend /

Why your security team feels stuck 2025-07-09 at 08:44 By Mirko Zorz Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and

React to this headline:

Loading spinner

Why your security team feels stuck Read More »

It’s time to give AI security its own playbook and the people to run it

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, News, Palo Alto Networks /

It’s time to give AI security its own playbook and the people to run it 2025-07-09 at 08:04 By Mirko Zorz In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents.

React to this headline:

Loading spinner

It’s time to give AI security its own playbook and the people to run it Read More »

Kanvas: Open-source incident response case management tool

cybersecurity, Don't miss, GitHub, Hot stuff, Incident Response, MITRE, News, open source, software, WithSecure /

Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different

React to this headline:

Loading spinner

Kanvas: Open-source incident response case management tool Read More »

6 eye-opening books on AI’s rise, risks, and realities

Artificial Intelligence, books, cybersecurity, Don't miss, Hot stuff, News /

6 eye-opening books on AI’s rise, risks, and realities 2025-07-09 at 07:02 By Anamarija Pogorelec AI is changing how we detect, prevent, and respond to cyber threats. From traditional networks to emerging spaces, it is shaping security operations, identity management, and threat response. This collection of AI books offers diverse perspectives, including practical implementations, strategic

React to this headline:

Loading spinner

6 eye-opening books on AI’s rise, risks, and realities Read More »

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777)

Citrix, Don't miss, exploit, Horizon3.ai, Hot stuff, NetScaler, News, PoC, ReliaQuest, WatchTowr /

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) 2025-07-08 at 18:32 By Zeljka Zorz With PoC exploits for CVE-2025-5777 (aka CitrixBleed 2) now public and reports of active exploitation of the flaw since mid-June, you should check whether your Citrix NetScaler ADC and/or Gateway instances have been probed and compromised by attackers.

React to this headline:

Loading spinner

Check for CitrixBleed 2 exploitation even if you patched quickly! (CVE-2025-5777) Read More »

Exposure management is the answer to: “Am I working on the right things?”

cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, penetration testing, PlexTrac, strategy, vulnerability management /

Exposure management is the answer to: “Am I working on the right things?” 2025-07-08 at 09:07 By Mirko Zorz In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment

React to this headline:

Loading spinner

Exposure management is the answer to: “Am I working on the right things?” Read More »

July 2025 Patch Tuesday forecast: Take a break from the grind

Adobe, Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

July 2025 Patch Tuesday forecast: Take a break from the grind 2025-07-07 at 09:33 By Help Net Security There was a barrage of updates released the week of June 2025 Patch Tuesday. This included security updates from Adobe, Google, Microsoft, Mozilla, and others. But it has been ‘calm’ the past couple of weeks. The news

React to this headline:

Loading spinner

July 2025 Patch Tuesday forecast: Take a break from the grind Read More »

AI built it, but can you trust it?

Application Security, Artificial Intelligence, CISO, cybersecurity, DevSecOps, Don't miss, Features, Hot stuff, Minimus, News, software development /

AI built it, but can you trust it? 2025-07-07 at 09:02 By Mirko Zorz In this Help Net Security interview, John Morello, CTO at Minimus, discusses the security risks in AI-driven development, where many dependencies are pulled in quickly. He explains why it’s hard to secure software stacks that no one fully understands. He also

React to this headline:

Loading spinner

AI built it, but can you trust it? Read More »

Review: Attack Surface Management

books, cybersecurity, Don't miss, Hot stuff, News, O'Reilly, Reviews, strategy, tips /

Review: Attack Surface Management 2025-07-07 at 08:04 By Mirko Zorz Attack Surface Management (ASM) has become one of those buzzwords that gets used a lot but rarely explained in detail. The authors of this book offer a practical guide that aims to change that. About the authors Ron Eddings is the Executive Producer at Hacker

React to this headline:

Loading spinner

Review: Attack Surface Management Read More »

NTLM relay attacks are back from the dead

attacks, authentication, certificate authority, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Microsoft, News, opinion, servers, SpecterOps /

NTLM relay attacks are back from the dead 2025-07-04 at 09:32 By Help Net Security NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved problem, it is not – and, in fact, it may be getting worse. Anecdotally, they are

React to this headline:

Loading spinner

NTLM relay attacks are back from the dead Read More »

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetFella, News, opinion, professional, skill development, training /

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future 2025-07-04 at 08:38 By Help Net Security While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizations and individuals remain unaware of the risks they face online. Phishing schemes and social

React to this headline:

Loading spinner

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future Read More »

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code

Artificial Intelligence, cyber risk, Don't miss, Hot stuff, LLMs, Malware, Netcraft, News, phishing /

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code 2025-07-03 at 16:03 By Zeljka Zorz Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ramp up their efforts to get them to spew

React to this headline:

Loading spinner

You can’t trust AI chatbots not to serve you phishing pages, malicious downloads, or bad code Read More »

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309)

Cisco, communication, Don't miss, enterprise, Hot stuff, News, SMBs, vulnerability /

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) 2025-07-03 at 14:19 By Zeljka Zorz Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could allow unauthenticated remote attackers to log into a vulnerable Cisco Unified Communications Manager (Unified CM) and

React to this headline:

Loading spinner

Cisco fixes maximum-severity flaw in enterprise unified comms platform (CVE-2025-20309) Read More »

Healthcare CISOs must secure more than what’s regulated

automation, CISO, cybersecurity, DevSecOps, Don't miss, Ensora Health, Features, healthcare, Hot stuff, News, regulation, strategy /

Healthcare CISOs must secure more than what’s regulated 2025-07-03 at 09:05 By Mirko Zorz In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how balancing speed and security isn’t easy and why aligning with regulations is key. Jiang also

React to this headline:

Loading spinner

Healthcare CISOs must secure more than what’s regulated Read More »

Qantas data breach could affect 6 million customers

Australia, Closed Door Security, data breach, Don't miss, Entrust, FBI, Hot stuff, News, Qantas, social engineering /

Qantas data breach could affect 6 million customers 2025-07-02 at 14:04 By Zeljka Zorz Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained access to a third-party customer servicing platform,” the Australian airline announced today, but said that

React to this headline:

Loading spinner

Qantas data breach could affect 6 million customers Read More »

Scroll to Top