Hot stuff

How an AI meltdown could reset enterprise expectations

How an AI meltdown could reset enterprise expectations 2025-11-25 at 09:02 By Mirko Zorz In this Help Net Security interview, Graham McMillan, CTO at Redgate Software, discusses AI, security, and the future of enterprise oversight. He explains why past incidents haven’t pushed the industry to mature. McMillan also outlines the structural shifts he expects once

How an AI meltdown could reset enterprise expectations Read More »

The breaches everyone gets hit by (and how to stop them)

The breaches everyone gets hit by (and how to stop them) 2025-11-25 at 08:11 By Help Net Security Headlines scream about zero-days and nation-state attacks, but the reality is far less glamorous. Ross Haleliuk, from Venture in Security talks about the concept of humans being wired to overweight rare, dramatic events and underweight the everyday

The breaches everyone gets hit by (and how to stop them) Read More »

Black Friday 2025 cybersecurity deals to explore

Black Friday 2025 cybersecurity deals to explore 2025-11-24 at 15:30 By Help Net Security Black Friday 2025 is shaping up to be a good moment for anyone thinking about tightening their cybersecurity. A few solid deals are popping up that make it easier to improve protection for systems and data without stretching your budget. If

Black Friday 2025 cybersecurity deals to explore Read More »

Salesforce Gainsight compromise: Early findings and customer guidance

Salesforce Gainsight compromise: Early findings and customer guidance 2025-11-21 at 14:16 By Zeljka Zorz In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job keeping customers updated on current investigation findings. On the status

Salesforce Gainsight compromise: Early findings and customer guidance Read More »

Salesforce investigates new incident echoing Salesloft Drift compromise

Salesforce investigates new incident echoing Salesloft Drift compromise 2025-11-20 at 23:14 By Zeljka Zorz In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data

Salesforce investigates new incident echoing Salesloft Drift compromise Read More »

Security gap in Perplexity’s Comet browser exposed users to system-level attacks

Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s

Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) 2025-11-19 at 16:46 By Zeljka Zorz NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by attackers. “Active exploitation of CVE-2025-11001 has been observed in the wild,” the alert says,

7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001) Read More »

Exam prep hacked: Study tips and tricks that really work

Exam prep hacked: Study tips and tricks that really work 2025-11-19 at 16:01 By Help Net Security Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your peers for this live interactive

Exam prep hacked: Study tips and tricks that really work Read More »

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) 2025-11-19 at 13:47 By Zeljka Zorz Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 CVE-2025-58034 is an OS Command Injection flaw caused by improper neutralization of special elements. It allows authenticated attackers to execute unauthorized

Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034) Read More »

The long conversations that reveal how scammers work

The long conversations that reveal how scammers work 2025-11-19 at 09:08 By Sinisa Markovic Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the patient work of talking to scammers at scale, and

The long conversations that reveal how scammers work Read More »

Internet slowly recovers after far-reaching Cloudflare outage

Internet slowly recovers after far-reaching Cloudflare outage 2025-11-18 at 17:16 By Zeljka Zorz A currently undisclosed issue has crippled Cloudflare’s network and has rendered a large swathe of internet’s most popular sites and services temporily inaccessible today. Some of the sites and services affected by the Cloudflare outage (Source: Down Detector) What happened? Cloudflare is

Internet slowly recovers after far-reaching Cloudflare outage Read More »

Google patches yet another exploited Chrome zero-day (CVE-2025-13223)

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) 2025-11-18 at 14:13 By Zeljka Zorz Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About CVE-2025-13223 CVE-2025-13223 is a type confusion vulnerability in V8, the JavaScript and WebAssembly engine used by

Google patches yet another exploited Chrome zero-day (CVE-2025-13223) Read More »

What security pros should know about insurance coverage for AI chatbot wiretapping claims

What security pros should know about insurance coverage for AI chatbot wiretapping claims 2025-11-18 at 08:44 By Mirko Zorz AI-powered chatbots raise profound concerns under federal and state wiretapping and eavesdropping statutes that is being tested by recent litigation, creating greater exposure to the companies and developers that use this technology. Security professionals that integrate

What security pros should know about insurance coverage for AI chatbot wiretapping claims Read More »

How attackers use patience to push past AI guardrails

How attackers use patience to push past AI guardrails 2025-11-18 at 08:44 By Anamarija Pogorelec Most CISOs already assume that prompt injection is a known risk. What may come as a surprise is how quickly those risks grow once an attacker is allowed to stay in the conversation. A new study from Cisco AI Defense

How attackers use patience to push past AI guardrails Read More »

Logitech confirms data breach

Logitech confirms data breach 2025-11-18 at 00:20 By Zeljka Zorz Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. “While the investigation is ongoing, at this time Logitech believes that the unauthorized third party used a zero-day vulnerability in a third-party software platform

Logitech confirms data breach Read More »

Strix: Open-source AI agents for penetration testing

Strix: Open-source AI agents for penetration testing 2025-11-17 at 16:32 By Sinisa Markovic Security teams know that application flaws tend to show up at the worst time. Strix presents itself as an open source way to catch them earlier by using autonomous agents that behave like human attackers. These agents run code, explore an application,

Strix: Open-source AI agents for penetration testing Read More »

The tech that turns supply chains from brittle to unbreakable

The tech that turns supply chains from brittle to unbreakable 2025-11-17 at 16:32 By Mirko Zorz In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys, discusses how organizations can strengthen supply chain resilience through a more unified and forward-looking strategy. Kelian also shares how new technologies and a blended

The tech that turns supply chains from brittle to unbreakable Read More »

Five men admit helping North Korean IT workers infiltrate US companies

Five men admit helping North Korean IT workers infiltrate US companies 2025-11-17 at 14:59 By Zeljka Zorz US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring

Five men admit helping North Korean IT workers infiltrate US companies Read More »

Scroll to Top