Hot stuff

Building security that protects customers, not just auditors

Building security that protects customers, not just auditors 2025-09-16 at 09:31 By Mirko Zorz In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions. He points out that good engineering usually leads to strong security, and cautions […]

Building security that protects customers, not just auditors Read More »

Phishing campaign targets Rust developers

Phishing campaign targets Rust developers 2025-09-15 at 19:27 By Zeljka Zorz Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new)

Phishing campaign targets Rust developers Read More »

What could a secure 6G network look like?

What could a secure 6G network look like? 2025-09-15 at 08:47 By Help Net Security The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised

What could a secure 6G network look like? Read More »

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot 2025-09-12 at 19:00 By Help Net Security ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Read More »

CISA looks to partners to shore up the future of the CVE Program

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders

CISA looks to partners to shore up the future of the CVE Program Read More »

Your heartbeat could reveal your identity, even in anonymized datasets

Your heartbeat could reveal your identity, even in anonymized datasets 2025-09-12 at 09:12 By Mirko Zorz A new study has found that electrocardiogram (ECG) signals, often shared publicly for medical research, can be linked back to individuals. Researchers were able to re-identify people in anonymous datasets with surprising accuracy, raising questions about how health data

Your heartbeat could reveal your identity, even in anonymized datasets Read More »

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »

Default Cursor setting can be exploited to run malicious code on developers’ machines

Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is

Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »

When typing becomes tracking: Study reveals widespread silent keystroke interception

When typing becomes tracking: Study reveals widespread silent keystroke interception 2025-09-11 at 09:17 By Mirko Zorz You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence. A team of researchers from UC Davis,

When typing becomes tracking: Study reveals widespread silent keystroke interception Read More »

How attackers weaponize communications networks

How attackers weaponize communications networks 2025-09-11 at 08:30 By Mirko Zorz In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He explains why attackers focus on these networks and how their motivations range from corporate espionage to geopolitical influence. The discussion

How attackers weaponize communications networks Read More »

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday 2025-09-10 at 13:56 By Zeljka Zorz On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft

Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday Read More »

Automated network pentesting uncovers what traditional tests missed

Automated network pentesting uncovers what traditional tests missed 2025-09-10 at 11:45 By Zeljka Zorz Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000

Automated network pentesting uncovers what traditional tests missed Read More »

Fixing silent failures in security controls with adversarial exposure validation

Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can

Fixing silent failures in security controls with adversarial exposure validation Read More »

Plex tells users to change passwords due to data breach, pushes server owners to upgrade

Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from

Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »

Download: Cyber defense guide for the financial sector

Download: Cyber defense guide for the financial sector 2025-09-09 at 15:46 By Help Net Security Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s cybersecurity, you must contend with evolving regulatory obligations, outdated IT infrastructure, and other challenges. How do you

Download: Cyber defense guide for the financial sector Read More »

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers 2025-09-09 at 09:46 By Zeljka Zorz Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We believe the goal of this campaign was to gain initial access to organizations for

Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Read More »

Connected cars are racing ahead, but security is stuck in neutral

Connected cars are racing ahead, but security is stuck in neutral 2025-09-09 at 09:46 By Mirko Zorz Connected cars are already on Europe’s roads, loaded with software, sensors, and constant data connections. Drivers love the features these vehicles bring, from remote apps to smart navigation, but each new connection also opens a door to potential

Connected cars are racing ahead, but security is stuck in neutral Read More »

Salesloft Drift data breach: Investigation reveals how attackers got in

Salesloft Drift data breach: Investigation reveals how attackers got in 2025-09-08 at 14:33 By Zeljka Zorz The attack that resulted in the Salesloft Drift data breach started with the compromise of the company’s GitHub account, Salesloft confirmed this weekend. Supply chain compromise On August 26, the company publicly revealed that earlier that month, a threat

Salesloft Drift data breach: Investigation reveals how attackers got in Read More »

Cybersecurity research is getting new ethics rules, here’s what you need to know

Cybersecurity research is getting new ethics rules, here’s what you need to know 2025-09-08 at 09:01 By Mirko Zorz Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such

Cybersecurity research is getting new ethics rules, here’s what you need to know Read More »

Scroll to Top