Hot stuff

Building a cybersecurity strategy that survives disruption

CISO, cyber resilience, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, tips /

Building a cybersecurity strategy that survives disruption 2025-04-03 at 08:14 By Mirko Zorz Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s […]

React to this headline:

Loading spinner

Building a cybersecurity strategy that survives disruption Read More »

How to map and manage your cyber attack surface with EASM

attacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Outpost24 /

How to map and manage your cyber attack surface with EASM 2025-04-02 at 16:10 By Help Net Security In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article,

React to this headline:

Loading spinner

How to map and manage your cyber attack surface with EASM Read More »

Google is making sending end-to-end encrypted emails easy

Don't miss, email security, Encryption, enterprise, Gmail, Google Workspace, Hot stuff, News, Outlook, Privacy, secure communications, SMBs /

Google is making sending end-to-end encrypted emails easy 2025-04-02 at 15:03 By Zeljka Zorz Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails

React to this headline:

Loading spinner

Google is making sending end-to-end encrypted emails easy Read More »

North Korean IT workers set their sights on European organizations

blockchain, CMS, data theft, Don't miss, EU, extortion, Hot stuff, Insider Threat, News, North Korea, UK, web application, web development /

North Korean IT workers set their sights on European organizations 2025-04-02 at 13:05 By Zeljka Zorz North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to

React to this headline:

Loading spinner

North Korean IT workers set their sights on European organizations Read More »

Balancing data protection and clinical usability in healthcare

cybersecurity, Data Protection, Don't miss, Features, healthcare, Hot stuff, Main Line Health, News, opinion /

Balancing data protection and clinical usability in healthcare 2025-04-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. He explains the difficulties of protecting patient information, securing legacy systems, and maintaining

React to this headline:

Loading spinner

Balancing data protection and clinical usability in healthcare Read More »

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

Bluetooth, Don't miss, framework, GitHub, Hot stuff, News, open source, software /

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework 2025-04-02 at 07:35 By Mirko Zorz BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, it includes 43 different exploits. Some are public, and others were made specifically

React to this headline:

Loading spinner

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework Read More »

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

CrushFTP, CVE, Don't miss, Hot stuff, News, PoC, Rapid7, Shadowserver, VulnCheck /

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) 2025-04-01 at 18:49 By Zeljka Zorz Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through

React to this headline:

Loading spinner

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) Read More »

Building a reasonable cyber defense program

Center for Internet Security, Don't miss, Hot stuff, News /

Building a reasonable cyber defense program 2025-04-01 at 16:04 By Help Net Security If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable” cybersecurity controls

React to this headline:

Loading spinner

Building a reasonable cyber defense program Read More »

Attackers are probing Palo Alto Networks GlobalProtect portals

Don't miss, enterprise, GreyNoise, Hot stuff, News, Palo Alto Networks, scanning, VPN /

Attackers are probing Palo Alto Networks GlobalProtect portals 2025-04-01 at 14:21 By Zeljka Zorz Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise. “The

React to this headline:

Loading spinner

Attackers are probing Palo Alto Networks GlobalProtect portals Read More »

Why global tensions are a cybersecurity problem for every business

CISO, cyber risk, cybersecurity, Don't miss, Hot stuff, News, strategy, threats /

Why global tensions are a cybersecurity problem for every business 2025-04-01 at 09:03 By Mirko Zorz With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling

React to this headline:

Loading spinner

Why global tensions are a cybersecurity problem for every business Read More »

How to build an effective cybersecurity simulation

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Immersive Labs, News, opinion, skill development, strategy, tips, training /

How to build an effective cybersecurity simulation 2025-04-01 at 08:32 By Help Net Security Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their

React to this headline:

Loading spinner

How to build an effective cybersecurity simulation Read More »

Generative AI Is reshaping financial fraud. Can security keep up?

Artificial Intelligence, cybersecurity, DataVisor, Don't miss, Features, fraud, Hot stuff, machine learning, News, opinion, strategy /

Generative AI Is reshaping financial fraud. Can security keep up? 2025-04-01 at 07:35 By Mirko Zorz In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay

React to this headline:

Loading spinner

Generative AI Is reshaping financial fraud. Can security keep up? Read More »

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

China, CISA, cyber espionage, Don't miss, Hot stuff, Ivanti, Malware, Mandiant, Microsoft, News /

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the

React to this headline:

Loading spinner

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »

Windows 11 quick machine recovery: Restoring devices with boot issues

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, SMBs, Windows /

Windows 11 quick machine recovery: Restoring devices with boot issues 2025-03-31 at 12:46 By Zeljka Zorz Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators

React to this headline:

Loading spinner

Windows 11 quick machine recovery: Restoring devices with boot issues Read More »

Two things you need in place to successfully adopt AI

Artificial Intelligence, code, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, LLMs, News, opinion, policy, Security Journey /

Two things you need in place to successfully adopt AI 2025-03-31 at 08:32 By Help Net Security Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy

React to this headline:

Loading spinner

Two things you need in place to successfully adopt AI Read More »

Exegol: Open-source hacking environment

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Exegol: Open-source hacking environment 2025-03-31 at 08:02 By Mirko Zorz Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project can have its own Docker

React to this headline:

Loading spinner

Exegol: Open-source hacking environment Read More »

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

Chrome, Don't miss, Firefox, Hot stuff, Kaspersky, News, Opera, security update, Tor, vulnerability /

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)

React to this headline:

Loading spinner

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »

Android financial threats: What businesses need to know to protect themselves and their customers

Android, authentication, Cryptocurrency, cybersecurity, Don't miss, ESET, Expert analysis, Expert corner, financial industry, Hot stuff, News, online banking, opinion, threats /

Android financial threats: What businesses need to know to protect themselves and their customers 2025-03-28 at 08:30 By Help Net Security The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates

React to this headline:

Loading spinner

Android financial threats: What businesses need to know to protect themselves and their customers Read More »

A closer look at The Ultimate Cybersecurity Careers Guide

books, certification, cybersecurity, Don't miss, Hot stuff, how-to, News, opinion, skill development, strategy, tips /

A closer look at The Ultimate Cybersecurity Careers Guide 2025-03-27 at 16:48 By Mirko Zorz In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and

React to this headline:

Loading spinner

A closer look at The Ultimate Cybersecurity Careers Guide Read More »

UK NCSC offers security guidance for domain and DNS registrars

DNS, domain registration, Don't miss, guidelines, Hot stuff, NCSC, News /

UK NCSC offers security guidance for domain and DNS registrars 2025-03-27 at 16:48 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says.

React to this headline:

Loading spinner

UK NCSC offers security guidance for domain and DNS registrars Read More »

Scroll to Top