Hot stuff

GitHub CISO on security strategy and collaborating with the open-source community

CISO, cybersecurity, Don't miss, Features, GitHub, Hot stuff, News, open source, opinion, software development, strategy, tips /

GitHub CISO on security strategy and collaborating with the open-source community 2025-01-13 at 07:06 By Mirko Zorz In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software. […]

React to this headline:

Loading spinner

GitHub CISO on security strategy and collaborating with the open-source community Read More »

Time for a change: Elevating developers’ security skills

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, skill development, software development, Symbiotic Security, vulnerability management /

Time for a change: Elevating developers’ security skills 2025-01-13 at 06:07 By Help Net Security Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the

React to this headline:

Loading spinner

Time for a change: Elevating developers’ security skills Read More »

Job-seeking devs targeted with fake CrowdStrike offer via email

CrowdStrike, cryptojacking, cybersecurity jobs, Don't miss, Hot stuff, News, scams, Windows /

Job-seeking devs targeted with fake CrowdStrike offer via email 2025-01-10 at 14:33 By Zeljka Zorz Cryptojackers are impersonating Crowdstrike via email to get developers to unwittingly install the XMRig cryptocurrency miner on their Windows PC, the company has warned. The email Crowdstrike has a web page where job hunters can see which positions are open

React to this headline:

Loading spinner

Job-seeking devs targeted with fake CrowdStrike offer via email Read More »

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance

Adobe, Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, Windows /

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance 2025-01-10 at 09:45 By Help Net Security Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released in 2024. While this security

React to this headline:

Loading spinner

January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance Read More »

The SBI fake banking app shows that SMS authentication has had its day

authentication, cybercrime, cybersecurity, Don't miss, Expert analysis, Expert corner, financial industry, fraud, Hot stuff, IBS Software, News, opinion /

The SBI fake banking app shows that SMS authentication has had its day 2025-01-10 at 07:01 By Help Net Security As a company fortunate enough to have and maintain our own pentesting team, we often do outreach with other organizations to assist with or provide our expertise in offensive security. In collaboration with the Kerala

React to this headline:

Loading spinner

The SBI fake banking app shows that SMS authentication has had its day Read More »

Preventing the next ransomware attack with help from AI

Artificial Intelligence, BlackFog, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Ransomware, security awareness, strategy, tips /

Preventing the next ransomware attack with help from AI 2025-01-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Dr. Darren Williams, CEO at BlackFog, talks about how employee training plays a crucial role in preventing ransomware attacks. He points out that human error is often the biggest security risk and explains how

React to this headline:

Loading spinner

Preventing the next ransomware attack with help from AI Read More »

Banshee Stealer variant targets Russian-speaking macOS users

Check Point, Don't miss, Hot stuff, macOS, Malware, News /

Banshee Stealer variant targets Russian-speaking macOS users 2025-01-09 at 19:48 By Zeljka Zorz The Banshee Stealer is a stealthy threat to the rising number of macOS users around the world, including those in Russian-speaking countries, according to Check Point researcher Antonis Terefos. Banshee Stealer was first publicly profiled in August 2024, a month after its

React to this headline:

Loading spinner

Banshee Stealer variant targets Russian-speaking macOS users Read More »

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)

0-day, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, VPN /

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) 2025-01-09 at 14:23 By Zeljka Zorz The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Read More »

GitLab CISO on proactive monitoring and metrics for DevSecOps success

Artificial Intelligence, cybersecurity, DevSecOps, Don't miss, Features, framework, GitLab, Hot stuff, LLMs, News, opinion, security metrics, software development /

GitLab CISO on proactive monitoring and metrics for DevSecOps success 2025-01-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating security tools. He shares tips for maintaining development speed, fostering collaboration,

React to this headline:

Loading spinner

GitLab CISO on proactive monitoring and metrics for DevSecOps success Read More »

Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd

Artificial Intelligence, Bugcrowd, CISO, collaboration, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, predictions /

Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd 2025-01-09 at 06:59 By Help Net Security As we look ahead to cybersecurity developments in 2025, there’s bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of

React to this headline:

Loading spinner

Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd Read More »

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, Microsoft, News, VPN /

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) 2025-01-08 at 21:49 By Zeljka Zorz Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Read More »

The U.S. Cyber Trust Mark set to launch

certification, cybersecurity, Don't miss, fcc, fitness tracker, Hot stuff, IoT, News, smart lock, smart toys, smart tv, USA, wearable tech /

The U.S. Cyber Trust Mark set to launch 2025-01-08 at 16:03 By Zeljka Zorz The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. “The White House launched this bipartisan effort to educate American consumers and give them an easy way to assess

React to this headline:

Loading spinner

The U.S. Cyber Trust Mark set to launch Read More »

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers

CISA, Don't miss, enterprise, Hot stuff, Mitel, News, Oracle WebLogic, vulnerability /

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers 2025-01-08 at 14:20 By Zeljka Zorz CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal

React to this headline:

Loading spinner

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers Read More »

Why an “all gas, no brakes” approach for AI use won’t work

Artificial Intelligence, Compliance, cybersecurity, Databricks, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, machine learning, News, opinion /

Why an “all gas, no brakes” approach for AI use won’t work 2025-01-08 at 07:33 By Help Net Security Machine learning and generative AI are changing the way knowledge workers do their jobs. Every company is eager to be “an AI company,” but AI can often seem like a black box, and the fear of

React to this headline:

Loading spinner

Why an “all gas, no brakes” approach for AI use won’t work Read More »

Scaling penetration testing through smart automation

Artificial Intelligence, automation, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Plainsea /

Scaling penetration testing through smart automation 2025-01-08 at 07:06 By Mirko Zorz In this Help Net Security interview, Marko Simeonov, CEO of Plainsea, discusses how organizations can move beyond compliance-driven penetration testing toward a more strategic, risk-based approach. He explains how automation, human expertise, and continuous monitoring can transform penetration testing into a dynamic, business-critical

React to this headline:

Loading spinner

Scaling penetration testing through smart automation Read More »

UN aviation agency investigating possible data breach

dark web, data breach, Data leak, Don't miss, Hot stuff, News, transportation, United Nations /

UN aviation agency investigating possible data breach 2025-01-07 at 16:49 By Zeljka Zorz The United Nation’s International Civil Aviation Organization (ICAO) confirmed on Monday that it’s “actively investigating reports of a potential information security incident allegedly linked to a threat actor known for targeting international organizations.” The statement came a few days after 42,000 documents

React to this headline:

Loading spinner

UN aviation agency investigating possible data breach Read More »

CISA says Treasury was the only US agency breached via BeyondTrust

BeyondTrust, CISA, Don't miss, government-backed attacks, Hot stuff, News, USA /

CISA says Treasury was the only US agency breached via BeyondTrust 2025-01-07 at 14:18 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has shared on Monday that the Treasury Department was the only US federal agency affected by the recent cybersecurity incident involving compromised BeyondTrust Remote Support SaaS instances. On the same

React to this headline:

Loading spinner

CISA says Treasury was the only US agency breached via BeyondTrust Read More »

Making the most of cryptography, now and in the future

cyber risk, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, quantum computing, Quantum Xchange, software /

Making the most of cryptography, now and in the future 2025-01-07 at 08:03 By Help Net Security Enterprise cryptography faces risks beyond just the advent of quantum computers. For starters, there is no guarantee that the traditional algorithms have not been broken. Though we believe that it is “unlikely” they can be, the reality is

React to this headline:

Loading spinner

Making the most of cryptography, now and in the future Read More »

eBay CISO on managing long-term cybersecurity planning and ROI

CISO, Compliance, cybersecurity, Don't miss, eBay, Features, Hot stuff, News, opinion, security ROI, standards, strategy, threat /

eBay CISO on managing long-term cybersecurity planning and ROI 2025-01-07 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Embry, CISO at eBay, discusses key aspects of cybersecurity leadership. He shares insights on balancing long-term strategic planning with immediate threat response, evaluating the ROI of new technologies, and addressing employee cybersecurity fatigue.

React to this headline:

Loading spinner

eBay CISO on managing long-term cybersecurity planning and ROI Read More »

Open source worldwide: Critical maintenance gaps exposed

code, Don't miss, Hot stuff, Lineaje, open source, software, Video, vulnerability /

Open source worldwide: Critical maintenance gaps exposed 2025-01-07 at 06:31 By Help Net Security Lineaje recently released a report identifying the US and Russia as the leading generators of open-source projects, with both countries also having the highest numbers of anonymous open-source contributions. In this Help Net Security video, Nick Mistry, SVP and CISO of

React to this headline:

Loading spinner

Open source worldwide: Critical maintenance gaps exposed Read More »

Scroll to Top