Hot stuff

Cybersecurity research is getting new ethics rules, here’s what you need to know

Cybersecurity research is getting new ethics rules, here’s what you need to know 2025-09-08 at 09:01 By Mirko Zorz Top cybersecurity conferences are introducing new rules that require researchers to formally address ethics in their work. Starting with the 2026 USENIX Security Symposium, all submissions must include a stakeholder-based ethics analysis. Other major venues such […]

Cybersecurity research is getting new ethics rules, here’s what you need to know Read More »

Cyber defense cannot be democratized

Cyber defense cannot be democratized 2025-09-08 at 08:14 By Help Net Security The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The problem In an earnest attempt

Cyber defense cannot be democratized Read More »

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) 2025-09-05 at 15:03 By Zeljka Zorz A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report

Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957) Read More »

Stealthy attack serves poisoned web pages only to AI agents

Stealthy attack serves poisoned web pages only to AI agents 2025-09-05 at 14:30 By Zeljka Zorz AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous

Stealthy attack serves poisoned web pages only to AI agents Read More »

September 2025 Patch Tuesday forecast: The CVE matrix

September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator

September 2025 Patch Tuesday forecast: The CVE matrix Read More »

CyberFlex: Flexible Pen testing as a Service with EASM

CyberFlex: Flexible Pen testing as a Service with EASM 2025-09-04 at 16:58 By Help Net Security About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model.

CyberFlex: Flexible Pen testing as a Service with EASM Read More »

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »

macOS vulnerability allowed Keychain and iOS app decryption without a password

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »

How gaming experience can help with a cybersecurity career

How gaming experience can help with a cybersecurity career 2025-09-03 at 08:41 By Sinisa Markovic Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of

How gaming experience can help with a cybersecurity career Read More »

Detecting danger: EASM in the modern security stack

Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that

Detecting danger: EASM in the modern security stack Read More »

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach 2025-09-02 at 18:20 By Zeljka Zorz In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances

Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft breach Read More »

Can AI agents catch what your SOC misses?

Can AI agents catch what your SOC misses? 2025-09-02 at 10:45 By Mirko Zorz A new research project called NetMoniAI shows how AI agents might reshape network monitoring and security. Developed by a team at Texas Tech University, the framework brings together two ideas: distributed monitoring at the edge and AI-driven analysis at the center.

Can AI agents catch what your SOC misses? Read More »

AIDEFEND: Free AI defense framework

AIDEFEND: Free AI defense framework 2025-09-01 at 09:21 By Mirko Zorz AIDEFEND (Artificial Intelligence Defense Framework) is an open knowledge base dedicated to AI security, providing defensive countermeasures and best practices to help security pros safeguard AI and machine learning systems. Practicality is at the core of AIDEFEND. The framework is designed to be “highly

AIDEFEND: Free AI defense framework Read More »

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior 2025-09-01 at 09:21 By Mirko Zorz A team of researchers from Frondeur Labs, DistributedApps.ai, and OWASP has developed a new machine learning framework designed to help defenders anticipate attacker behavior across the stages of the Cyber Kill Chain. The work explores how machine learning models

KillChainGraph: Researchers test machine learning framework for mapping attacker behavior Read More »

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

New framework aims to outsmart malware evasion tricks

New framework aims to outsmart malware evasion tricks 2025-08-29 at 10:03 By Mirko Zorz Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe

New framework aims to outsmart malware evasion tricks Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

ScamAgent shows how AI could power the next wave of scam calls

ScamAgent shows how AI could power the next wave of scam calls 2025-08-28 at 09:03 By Mirko Zorz Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could

ScamAgent shows how AI could power the next wave of scam calls Read More »

Scroll to Top