Hot stuff

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)

Debian, Don't miss, Hot stuff, Linux, macOS, News, Stratascale, SUSE, Ubuntu, vulnerability /

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) 2025-07-01 at 16:11 By Zeljka Zorz If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. What is Sudo? Sudo is command-line utility in Unix-like […]

React to this headline:

Loading spinner

Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463) Read More »

Google patches actively exploited Chrome (CVE‑2025‑6554)

0-day, Brave, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, Opera, security update, Vivaldi /

Google patches actively exploited Chrome (CVE‑2025‑6554) 2025-07-01 at 13:15 By Zeljka Zorz Google has released a security update for Chrome to address a zero‑day vulnerability (CVE-2025-6554) that its Threat Analysis Group (TAG) discovered and reported last week. “Google is aware that an exploit for CVE-2025-6554 exists in the wild,” the company said. About CVE-2025-6554 CVE-2025-6554

React to this headline:

Loading spinner

Google patches actively exploited Chrome (CVE‑2025‑6554) Read More »

Federal Reserve System CISO on aligning cyber risk management with transparency, trust

CISO, Compliance, cyber risk, cybersecurity, Don't miss, Features, Federal Reserve System, Hot stuff, News, opinion, resilience, Risk Management, strategy, threat, Threat Intelligence /

Federal Reserve System CISO on aligning cyber risk management with transparency, trust 2025-07-01 at 09:08 By Mirko Zorz In this Help Net Security interview, Tammy Hornsby-Fink, CISO at Federal Reserve System, shares how the Fed approaches cyber risk with a scenario-based, intelligence-driven strategy. She explains how the Fed assesses potential disruptions to financial stability and

React to this headline:

Loading spinner

Federal Reserve System CISO on aligning cyber risk management with transparency, trust Read More »

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics

Bitdefender, Don't miss, Expert analysis, Expert corner, Hot stuff, News /

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics 2025-07-01 at 07:34 By Help Net Security This article shares initial findings from internal Bitdefender Labs research into Living off the Land (LOTL) techniques. Our team at Bitdefender Labs, comprised of hundreds of security researchers with close ties to academia, conducted

React to this headline:

Loading spinner

How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics Read More »

CitrixBleed 2 might be actively exploited (CVE-2025-5777)

Censys, Citrix, Don't miss, enterprise, Hot stuff, NetScaler, News, ReliaQuest, vulnerability /

CitrixBleed 2 might be actively exploited (CVE-2025-5777) 2025-06-30 at 15:47 By Zeljka Zorz While Citrix has observed some instances where CVE-2025-6543 has been exploited on vulnerable NetScaler networking appliances, the company still says that they don’t have evidence of exploitation for CVE-2025-5349 or CVE-2025-5777, both of which have been patched earlier this month. CVE-2025-5777, in

React to this headline:

Loading spinner

CitrixBleed 2 might be actively exploited (CVE-2025-5777) Read More »

Are we securing AI like the rest of the cloud?

Artificial Intelligence, Backblaze, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, penetration testing /

Are we securing AI like the rest of the cloud? 2025-06-30 at 09:01 By Mirko Zorz In this Help Net Security interview, Chris McGranahan, Director of Security Architecture & Engineering at Backblaze, discusses how AI is shaping both offensive and defensive cybersecurity tactics. He talks about how AI is changing the threat landscape, the complications

React to this headline:

Loading spinner

Are we securing AI like the rest of the cloud? Read More »

How exposure-enriched SOC data can cut cyberattacks in half by 2028

cyberattacks, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, PlexTrac, risk, SOC /

How exposure-enriched SOC data can cut cyberattacks in half by 2028 2025-06-30 at 08:33 By Help Net Security Gartner projects that by 2028, organizations enriching their Security Operations Center (SOC) data with exposure insights will reduce the frequency and impact of cyberattacks by 50%. This bold forecast underscores a crucial shift: proactive exposure management is

React to this headline:

Loading spinner

How exposure-enriched SOC data can cut cyberattacks in half by 2028 Read More »

Europe’s AI strategy: Smart caution or missed opportunity?

Accenture, Artificial Intelligence, Aunoo AI, CXO, cyber resilience, Data Protection, Don't miss, enterprise, EU, Europe, Features, Hot stuff, investment, Lakera, News, predictions, report, Verax AI /

Europe’s AI strategy: Smart caution or missed opportunity? 2025-06-30 at 08:03 By Mirko Zorz Europe is banking on AI to help solve its economic problems. Productivity is stalling, and tech adoption is slow. Global competitors, especially the U.S., are pulling ahead. A new report from Accenture says AI could help reverse that trend, but only

React to this headline:

Loading spinner

Europe’s AI strategy: Smart caution or missed opportunity? Read More »

Why AI agents could be the next insider threat

Artificial Intelligence, BeyondID, CISO, cybersecurity, Don't miss, enterprise, Hot stuff, Insider Threat, News, strategy, tips, Video /

Why AI agents could be the next insider threat 2025-06-30 at 07:37 By Help Net Security In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and invisible to identity governance systems. With a special focus on the healthcare sector, Shrestha

React to this headline:

Loading spinner

Why AI agents could be the next insider threat Read More »

Money mule networks evolve into hierarchical, business-like criminal enterprises

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, ThreatMark /

Money mule networks evolve into hierarchical, business-like criminal enterprises 2025-06-27 at 09:12 By Mirko Zorz In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping

React to this headline:

Loading spinner

Money mule networks evolve into hierarchical, business-like criminal enterprises Read More »

Managing through chaos to secure networks

automation, BackBox, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion /

Managing through chaos to secure networks 2025-06-27 at 08:39 By Anamarija Pogorelec Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore availability and uptime.

React to this headline:

Loading spinner

Managing through chaos to secure networks Read More »

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain /

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also

React to this headline:

Loading spinner

Building cyber resilience in always-on industrial environments Read More »

Breaking the cycle of attack playbook reuse

Bitdefender, Don't miss, Endpoint Security, Expert analysis, Expert corner, Hot stuff, News /

Breaking the cycle of attack playbook reuse 2025-06-26 at 08:32 By Help Net Security Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment is

React to this headline:

Loading spinner

Breaking the cycle of attack playbook reuse Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability /

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

React to this headline:

Loading spinner

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

Windows 10: How to get security updates for free until 2026

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, security update, SMBs, Windows /

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

React to this headline:

Loading spinner

Windows 10: How to get security updates for free until 2026 Read More »

Why the SOC needs its “Moneyball” moment

Artificial Intelligence, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, Illumio, News, opinion, SOC /

Why the SOC needs its “Moneyball” moment 2025-06-25 at 09:05 By Help Net Security In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data and

React to this headline:

Loading spinner

Why the SOC needs its “Moneyball” moment Read More »

From posture to prioritization: The shift toward unified runtime platforms

Artificial Intelligence, CISO, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, Risk Management, skill development, strategy, Upwind /

From posture to prioritization: The shift toward unified runtime platforms 2025-06-25 at 08:49 By Mirko Zorz In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk

React to this headline:

Loading spinner

From posture to prioritization: The shift toward unified runtime platforms Read More »

Why should companies or organizations convert to FIDO security keys?

authentication, cybersecurity, Don't miss, Features, FIDO Alliance, hardware, Hot stuff, News, strategy, Swissbit, tips /

Why should companies or organizations convert to FIDO security keys? 2025-06-25 at 08:09 By Mirko Zorz In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights

React to this headline:

Loading spinner

Why should companies or organizations convert to FIDO security keys? Read More »

Trojanized SonicWall NetExtender app exfiltrates VPN credentials

data theft, Don't miss, Hot stuff, Microsoft, News, SonicWall, trojan, VPN /

Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote

React to this headline:

Loading spinner

Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218)

Don't miss, Hot stuff, News, Trend Micro, vulnerability, Windows, WinRAR /

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) 2025-06-24 at 12:45 By Zeljka Zorz A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised

React to this headline:

Loading spinner

High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) Read More »

Scroll to Top