Hot stuff

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395 […]

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »

AI Security Map: Linking AI vulnerabilities to real-world impact

AI Security Map: Linking AI vulnerabilities to real-world impact 2025-08-27 at 09:40 By Mirko Zorz A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only the first step. The real risk comes from how quickly one weakness in an AI

AI Security Map: Linking AI vulnerabilities to real-world impact Read More »

How compliance teams can turn AI risk into opportunity

How compliance teams can turn AI risk into opportunity 2025-08-27 at 08:52 By Mirko Zorz AI is moving faster than regulation, and that creates opportunities and risks for compliance teams. While governments work on new rules, businesses cannot sit back and wait. In this Help Net Security video, Matt Hillary, CISO at Drata, look at

How compliance teams can turn AI risk into opportunity Read More »

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775)

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) 2025-08-26 at 16:35 By Zeljka Zorz Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed,” Citrix has confirmed, and released security

NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) Read More »

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) 2025-08-26 at 13:47 By Zeljka Zorz CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not public, but the confirmation of exploitation comes from the US Cybersecurity and Infrastructure Security

Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384) Read More »

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO 2025-08-26 at 09:24 By Mirko Zorz Agriculture is a connected, software-driven industry where cybersecurity is just as essential as tractors and harvesters. From embedded hardware in smart fleets to defending against advanced persistent threats, protecting the agricultural supply chain requires a layered, collaborative approach.

Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO Read More »

LLMs at the edge: Rethinking how IoT devices talk and act

LLMs at the edge: Rethinking how IoT devices talk and act 2025-08-26 at 08:01 By Mirko Zorz Anyone who has set up a smart home knows the routine: one app to dim the lights, another to adjust the thermostat, and a voice assistant that only understands exact phrasing. These systems call themselves smart, but in

LLMs at the edge: Rethinking how IoT devices talk and act Read More »

ScreenConnect admins targeted with spoofed login alerts

ScreenConnect admins targeted with spoofed login alerts 2025-08-25 at 17:56 By Zeljka Zorz ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event. The goal of the attackers is to grab the login credentials and MFA tokens of Super Admins: users who have

ScreenConnect admins targeted with spoofed login alerts Read More »

Fake macOS help sites push Shamos infostealer via ClickFix technique

Fake macOS help sites push Shamos infostealer via ClickFix technique 2025-08-25 at 15:23 By Zeljka Zorz Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned. To prevent macOS security features from blocking the installation, the malware peddlers

Fake macOS help sites push Shamos infostealer via ClickFix technique Read More »

Why a new AI tool could change how we test insider threat defenses

Why a new AI tool could change how we test insider threat defenses 2025-08-25 at 09:04 By Mirko Zorz Insider threats are among the hardest attacks to detect because they come from people who already have legitimate access. Security teams know the risk well, but they often lack the data needed to train systems that

Why a new AI tool could change how we test insider threat defenses Read More »

Why satellite cybersecurity threats matter to everyone

Why satellite cybersecurity threats matter to everyone 2025-08-25 at 08:34 By Mirko Zorz Satellites play a huge role in our daily lives, supporting everything from global communications to navigation, business, and national security. As space becomes more crowded and commercial satellite use grows, these systems are facing new cyber threats. The challenge is even greater

Why satellite cybersecurity threats matter to everyone Read More »

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies 2025-08-25 at 07:50 By Mirko Zorz Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare. It’s essentially a walkthrough of offensive and defensive approaches to AI security. About the author John Sotiropoulos is the Head Of AI

Review: Adversarial AI Attacks, Mitigations, and Defense Strategies Read More »

China-linked Murky Panda targets and moves laterally through cloud services

China-linked Murky Panda targets and moves laterally through cloud services 2025-08-22 at 17:33 By Zeljka Zorz In its recently released 2025 Threat Hunting Report, Crowdstrike pointed out an interesting trend: a 136% surge in cloud intrusions. A good chunk of this surge is due to “China-nexus adversaries”, Murky Panda (aka Silk Typhoon) among them. Murky

China-linked Murky Panda targets and moves laterally through cloud services Read More »

Five ways OSINT helps financial institutions to fight money laundering

Five ways OSINT helps financial institutions to fight money laundering 2025-08-22 at 09:31 By Help Net Security Here are five key ways OSINT tools can help financial firms develop advanced strategies to fight money laundering criminals. 1. Reveal complex networks and ownership structures Money launderers often use layered networks of offshore entities and shell companies

Five ways OSINT helps financial institutions to fight money laundering Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »

Using lightweight LLMs to cut incident response times and reduce hallucinations

Using lightweight LLMs to cut incident response times and reduce hallucinations 2025-08-21 at 09:03 By Mirko Zorz Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM

Using lightweight LLMs to cut incident response times and reduce hallucinations Read More »

Fractional vs. full-time CISO: Finding the right fit for your company

Fractional vs. full-time CISO: Finding the right fit for your company 2025-08-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security

Fractional vs. full-time CISO: Finding the right fit for your company Read More »

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) 2025-08-20 at 22:42 By Zeljka Zorz Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) Read More »

Scroll to Top