Hot stuff

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and […]

React to this headline:

Loading spinner

How Brandolini’s law informs our everyday infosec reality Read More »

From legacy to SaaS: Why complexity is the enemy of enterprise security

access management, authentication, Bridge IT, CISO, cybersecurity, digital transformation, Don't miss, enterprise, Features, Hot stuff, identity verification, MFA, News, SaaS, security awareness, strategy, tips, zero trust /

From legacy to SaaS: Why complexity is the enemy of enterprise security 2025-08-11 at 08:32 By Mirko Zorz In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance

React to this headline:

Loading spinner

From legacy to SaaS: Why complexity is the enemy of enterprise security Read More »

August 2025 Patch Tuesday forecast: Try, try, again

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, SharePoint /

August 2025 Patch Tuesday forecast: Try, try, again 2025-08-08 at 09:30 By Help Net Security July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly

React to this headline:

Loading spinner

August 2025 Patch Tuesday forecast: Try, try, again Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

React to this headline:

Loading spinner

Third-party partners or ticking time bombs? Read More »

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786)

CISA, cloud security, Don't miss, Email, enterprise, Hot stuff, hybrid IT, Microsoft Exchange, News /

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) 2025-08-07 at 17:40 By Zeljka Zorz “In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable trace,” Microsoft has announced on Wednesday.

React to this headline:

Loading spinner

Microsoft urges admins to plug severe Exchange security hole (CVE-2025-53786) Read More »

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

Don't miss, firewall, GuidePoint Security, Hot stuff, Huntress, News, SonicWall, vulnerability /

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls 2025-08-07 at 14:34 By Zeljka Zorz Akira ransomware affiliates are not leveraging an unknown, zero-day vulnerability in SonicWall Gen 7 firewalls to breach corporate networks, the security vendor shared today. “Instead, there is a significant correlation with threat activity related to CVE-2024-40766, which

React to this headline:

Loading spinner

SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls Read More »

Beyond PQC: Building adaptive security programs for the unknown

CISO, Crypto, cybersecurity, Don't miss, Entrust, Features, Hot stuff, News, quantum computing /

Beyond PQC: Building adaptive security programs for the unknown 2025-08-07 at 09:15 By Mirko Zorz In this Help Net Security interview, Jordan Avnaim, CISO at Entrust, discusses how to communicate the quantum computing threat to executive teams using a risk-based approach. He explains why post-quantum cryptography (PQC) is an urgent and long-term priority. Avnaim also

React to this headline:

Loading spinner

Beyond PQC: Building adaptive security programs for the unknown Read More »

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC

Adobe, Don't miss, Hot stuff, News, PoC, Searchlight Cyber, security update, vulnerability /

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC 2025-08-06 at 16:33 By Zeljka Zorz Adobe has released an emergency security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE), which fix two critical vulnerabilities (CVE-2025-54253, CVE-2025-54254) with a publicly available proof-of-concept (PoC) exploit. Details about the flaws have been public

React to this headline:

Loading spinner

Adobe patches critical Adobe Experience Manager Forms vulnerabilities with public PoC Read More »

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)

Don't miss, Endpoint Security, enterprise, Hot stuff, News, SMBs, Trend Micro, vulnerability /

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) 2025-08-06 at 15:05 By Zeljka Zorz Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform are being probed by attackers, the company has warned on Wednesday. Unfortunately for those organizations that use it, a patch

React to this headline:

Loading spinner

Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987) Read More »

Cybersecurity and the development of software-defined vehicles

automotive security, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, supply chain, VicOne /

Cybersecurity and the development of software-defined vehicles 2025-08-06 at 13:18 By Help Net Security In many automotive companies, the same systems-engineering teams are responsible for both safety and security. As a result, cybersecurity is treated as a subset of safety, undergirded by an implicit assumption: “If it’s safe, it must be secure.” But that’s not

React to this headline:

Loading spinner

Cybersecurity and the development of software-defined vehicles Read More »

AI in the SOC: Game-changer or more noise?

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Immersive, News, security operations, SOC, Video /

AI in the SOC: Game-changer or more noise? 2025-08-06 at 08:02 By Help Net Security In this Help Net Security video, Kev Marriott, Senior Manager of Cyber at Immersive Labs, explores the challenges and opportunities of integrating AI into Security Operations Centers (SOCs). While AI can boost productivity by automating manual tasks and reducing alert

React to this headline:

Loading spinner

AI in the SOC: Game-changer or more noise? Read More »

Millions of Dell laptops could be persistently backdoored in ReVault attacks

Broadcom, Cisco, Dell, Don't miss, Endpoint Security, firmware, hardware, Hot stuff, News, vulnerability /

Millions of Dell laptops could be persistently backdoored in ReVault attacks 2025-08-05 at 21:19 By Zeljka Zorz A set of firmware vulnerabilities affecting 100+ Dell laptop models widely used in government settings and by the cybersecurity industry could allow attackers to achieve persistent access even across Windows reinstalls, Cisco Talos researchers have discovered. About the

React to this headline:

Loading spinner

Millions of Dell laptops could be persistently backdoored in ReVault attacks Read More »

Project Ire: Microsoft’s autonomous malware detection AI agent

AI, automation, Don't miss, Hot stuff, LLM, malware detection, Microsoft, Microsoft Defender, News, reverse engineering /

Project Ire: Microsoft’s autonomous malware detection AI agent 2025-08-05 at 19:45 By Zeljka Zorz Microsoft is working on a AI agent whose main goal is autonomous malware detection and the prototype – dubbed Project Ire – is showing great potential, the company has announced on Tuesday. Tested on a dataset of known malicious and benign

React to this headline:

Loading spinner

Project Ire: Microsoft’s autonomous malware detection AI agent Read More »

Security tooling pitfalls for small teams: Cost, complexity, and low ROI

CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, generative AI, GRC, Hot stuff, News, opinion, Risk Management, Scrut Automation, SMBs, strategy, tips /

Security tooling pitfalls for small teams: Cost, complexity, and low ROI 2025-08-05 at 10:11 By Mirko Zorz In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, cloud-native teams. He explains how simplicity, integration, and automation are key for

React to this headline:

Loading spinner

Security tooling pitfalls for small teams: Cost, complexity, and low ROI Read More »

Back to basics webinar: The ecosystem of CIS Security best practices

Center for Internet Security, Don't miss, Hot stuff, News, Whitepapers and webinars /

Back to basics webinar: The ecosystem of CIS Security best practices 2025-08-05 at 08:17 By Help Net Security Generative AI models, multi-cloud strategies, Internet of Things devices, third-party suppliers, and a growing list of regulatory compliance obligations all require the same security response: come together as a community to prioritize the basics. Watch this on-demand

React to this headline:

Loading spinner

Back to basics webinar: The ecosystem of CIS Security best practices Read More »

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day

Arctic Wolf Networks, Don't miss, firewall, Hot stuff, News, Ransomware, SonicWall /

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day 2025-08-04 at 14:34 By Zeljka Zorz Attackers wielding the Akira ransomware and possibly a zero-day exploit have been spotted targeting SonicWall firewalls since July 15, 2025. “In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through

React to this headline:

Loading spinner

SonicWall firewalls targeted in ransomware attacks, possibly via zero-day Read More »

AIBOMs are the new SBOMs: The missing link in AI risk management

Artificial Intelligence, CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Manifest Cyber, News, opinion, risk, strategy, supply chain, tips /

AIBOMs are the new SBOMs: The missing link in AI risk management 2025-08-04 at 09:11 By Mirko Zorz In this Help Net Security interview, Marc Frankel, CEO at Manifest Cyber, discusses how overlooked AI-specific risks, like poisoned training data and shadow AI, can lead to security issues that conventional tools fail to detect. He explains

React to this headline:

Loading spinner

AIBOMs are the new SBOMs: The missing link in AI risk management Read More »

Average global data breach cost now $4.44 million

Artificial Intelligence, CISO, cybersecurity, data breach, Don't miss, Hot stuff, IBM, News, report, survey /

Average global data breach cost now $4.44 million 2025-08-04 at 08:37 By Anamarija Pogorelec IBM released its Cost of a Data Breach Report, which revealed AI adoption is greatly outpacing AI security and governance. While the overall number of organizations experiencing an AI-related breach is a small representation of the researched population, this is the

React to this headline:

Loading spinner

Average global data breach cost now $4.44 million Read More »

Smart steps to keep your AI future-ready

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, PwC, regulation, strategy /

Smart steps to keep your AI future-ready 2025-08-01 at 09:36 By Mirko Zorz In this Help Net Security interview, Rohan Sen, Principal, Cyber, Data, and Tech Risk, PwC US, discusses how organizations can design autonomous AI agents with strong governance from day one. As AI becomes more embedded in business ecosystems, overlooking agent-level security can

React to this headline:

Loading spinner

Smart steps to keep your AI future-ready Read More »

What attackers know about your company thanks to AI

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, generative AI, GetReal Security, Hot stuff, LLMs, News, scams, threats, Video /

What attackers know about your company thanks to AI 2025-08-01 at 08:48 By Help Net Security In this Help Net Security video, Tom Cross, Head of Threat Research at GetReal Security, explores how generative AI is empowering threat actors. He breaks down three key areas: how GenAI lowers the technical barrier for attackers, enables highly

React to this headline:

Loading spinner

What attackers know about your company thanks to AI Read More »

Scroll to Top