Hot stuff

Crypto-stealing iOS, Android malware found on App Store, Google Play

Android, App store, Cryptocurrency, Don't miss, ESET, Google Play, Hot stuff, iOS, Kaspersky, Malware, News /

Crypto-stealing iOS, Android malware found on App Store, Google Play 2025-02-05 at 13:25 By Zeljka Zorz A number of iOS and Android apps on Apple’s and Google’s official app stores contain a software development kit (SDK) that allows them to exfiltrate cryptowallets’ seed recovery phrases, Kaspersky researchers have found. “The infected apps in Google Play […]

React to this headline:

Loading spinner

Crypto-stealing iOS, Android malware found on App Store, Google Play Read More »

The API security crisis and why businesses are at risk

API security, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Video, Wallarm /

The API security crisis and why businesses are at risk 2025-02-05 at 06:30 By Help Net Security In this Help Net Security video, Ivan Novikov, CEO of Wallarm, discusses the 2025 API ThreatStats Report, highlighting how APIs have become the primary attack surface over the past year, mainly driven by the rise of AI-related risks.

React to this headline:

Loading spinner

The API security crisis and why businesses are at risk Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

React to this headline:

Loading spinner

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Casio UK site compromised, equipped with web skimmer

data theft, Don't miss, Hot stuff, Jscrambler, magento, News, web hacks /

Casio UK site compromised, equipped with web skimmer 2025-02-04 at 13:20 By Zeljka Zorz Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that the same skimmer has been added to at least seventeen (and possibly

React to this headline:

Loading spinner

Casio UK site compromised, equipped with web skimmer Read More »

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

Cryptocurrency, Don't miss, extortion, finance, fraud, Hot stuff, News, USA, vulnerability /

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities 2025-02-04 at 12:16 By Help Net Security A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court

React to this headline:

Loading spinner

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities Read More »

Aim for crypto-agility, prepare for the long haul

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Fortanix, Hot stuff, News, opinion, quantum computing, standards /

Aim for crypto-agility, prepare for the long haul 2025-02-04 at 07:33 By Help Net Security While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning,

React to this headline:

Loading spinner

Aim for crypto-agility, prepare for the long haul Read More »

What you can do to prevent workforce fraud

authentication, cybersecurity, Don't miss, Features, fraud, Government, Hot stuff, identity verification, News, Nisos, opinion, professional, remote working, threats /

What you can do to prevent workforce fraud 2025-02-04 at 07:19 By Mirko Zorz In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses face

React to this headline:

Loading spinner

What you can do to prevent workforce fraud Read More »

DeepSeek’s popularity exploited to push malicious packages via PyPI

data theft, DeepSeek, Don't miss, Hot stuff, Malware, News, Positive Technologies, PyPI, Python /

DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started

React to this headline:

Loading spinner

DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »

The hidden dangers of a toxic cybersecurity workplace

burnout, collaboration, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, professional, SANS /

The hidden dangers of a toxic cybersecurity workplace 2025-02-03 at 07:35 By Mirko Zorz In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear

React to this headline:

Loading spinner

The hidden dangers of a toxic cybersecurity workplace Read More »

Patient monitors with backdoor are sending info to China, CISA warns

backdoor, CISA, Don't miss, healthcare, Hot stuff, medical data, medical devices, News, Privacy, vulnerability /

Patient monitors with backdoor are sending info to China, CISA warns 2025-01-31 at 14:03 By Zeljka Zorz Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download

React to this headline:

Loading spinner

Patient monitors with backdoor are sending info to China, CISA warns Read More »

Deploying AI at the edge: The security trade-offs and how to manage them

Artificial Intelligence, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, Latent AI, network, News, opinion /

Deploying AI at the edge: The security trade-offs and how to manage them 2025-01-31 at 07:34 By Mirko Zorz Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer

React to this headline:

Loading spinner

Deploying AI at the edge: The security trade-offs and how to manage them Read More »

Cybercrime forums Cracked and Nulled seized, operators arrested

arrest, cybercrime, Don't miss, Europe, Germany, Hot stuff, law enforcement, News /

Cybercrime forums Cracked and Nulled seized, operators arrested 2025-01-30 at 18:50 By Zeljka Zorz Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites “nulled.to”

React to this headline:

Loading spinner

Cybercrime forums Cracked and Nulled seized, operators arrested Read More »

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Arctic Wolf Networks, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, remote management, SimpleHelp /

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server

React to this headline:

Loading spinner

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

DeepSeek’s popularity exploited by malware peddlers, scammers

Artificial Intelligence, China, consumer, data security, DeepSeek, Don't miss, enterprise, Hot stuff, KELA, LLMs, Malware, News, Privacy, threat /

DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they

React to this headline:

Loading spinner

DeepSeek’s popularity exploited by malware peddlers, scammers Read More »

Preparing financial institutions for the next generation of cyber threats

cybersecurity, Data Protection, Don't miss, Features, financial industry, fraud, Hot stuff, News, opinion, regulation, threats, Visa /

Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial

React to this headline:

Loading spinner

Preparing financial institutions for the next generation of cyber threats Read More »

SEC and FCA fines: Issues jump

communication, Compliance, cybersecurity, Don't miss, financial industry, Hot stuff, MirrorWeb, Video /

SEC and FCA fines: Issues jump 2025-01-29 at 06:33 By Help Net Security The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of unconventional platforms, such as Snapchat, used for business operations. In this Help Net Security video, David Clee,

React to this headline:

Loading spinner

SEC and FCA fines: Issues jump Read More »

Europeans targeted with new Tor-using backdoor and infostealers

Cisco, Don't miss, Europe, Hot stuff, Malware, News, phishing /

Europeans targeted with new Tor-using backdoor and infostealers 2025-01-28 at 15:04 By Zeljka Zorz A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The attacker sends out fake money transfer confirmations

React to this headline:

Loading spinner

Europeans targeted with new Tor-using backdoor and infostealers Read More »

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 2025-01-28 at 13:18 By Zeljka Zorz Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of

React to this headline:

Loading spinner

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Read More »

Scroll to Top