Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed 2025-04-13 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) April 2025 Patch Tuesday is here, and Microsoft has delivered fixes […]
React to this headline:
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices 2025-04-11 at 21:05 By Zeljka Zorz A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original
React to this headline:
Why security culture is crypto’s strongest asset 2025-04-11 at 08:46 By Mirko Zorz In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, and securing both hot and cold wallets. From a threat modeling perspective, what unique adversary tactics do you
React to this headline:
Why security culture is crypto’s strongest asset Read More »
Ransomware groups push negotiations to new levels of uncertainty 2025-04-11 at 08:18 By Help Net Security Ransomware attacks increased by nearly 20% in 2024, and the severity rose by 13%, according to At-Bay. The blast radius of ransomware continues to grow as businesses impacted by attacks on vendors and partners increased 43%, while the average
React to this headline:
Ransomware groups push negotiations to new levels of uncertainty Read More »
Why remote work is a security minefield (and what you can do about it) 2025-04-11 at 07:54 By Help Net Security Remote work is seen as more than a temporary solution, it’s a long-term strategy for many organizations. Remote work cybersecurity challenges Unsecured networks: Workers often operate from home or public Wi-Fi networks that don’t
React to this headline:
Why remote work is a security minefield (and what you can do about it) Read More »
iOS devices face twice the phishing attacks of Android 2025-04-11 at 07:06 By Help Net Security 2024 brought about countless new cybersecurity challenges including significant growth of the mobile threat landscape, according to Lookout. Threat actors, ranging from nation-states to individuals, are increasingly targeting mobile devices for the onset of their attacks to steal credentials
React to this headline:
iOS devices face twice the phishing attacks of Android Read More »
New infosec products of the week: April 11, 2025 2025-04-11 at 06:49 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Index Engines, Jit, RunSafe Security, and Seal Security. Jit launches AI agents to ease AppSec workload Jit has launched its new AI agents
React to this headline:
New infosec products of the week: April 11, 2025 Read More »
Tycoon2FA New Evasion Technique for 2025 2025-04-10 at 19:36 By Phil Hay, Rodel Mendrez The Tycoon 2FA phishing kit has adopted several new evasion techniques aimed at slipping past endpoints and detection systems. These include using a custom CAPTCHA rendered via HTML5 canvas, invisible Unicode characters in obfuscated JavaScript, and anti-debugging scripts to thwart inspection.
React to this headline:
Tycoon2FA New Evasion Technique for 2025 Read More »
United Nations Urges Global Action as Cyberattacks Threaten Healthcare Systems 2025-04-10 at 16:17 By Global Call to Action: The United Nations urges international cooperation to protect healthcare infrastructure from rising cyber threats. Critical Insights from Trustwave SpiderLabs: Discover key findings from real-world Red Team exercises revealing vulnerabilities in healthcare security. Healthcare Under Siege: Learn how ransomware attacks target
React to this headline:
United Nations Urges Global Action as Cyberattacks Threaten Healthcare Systems Read More »
Trump orders revocation of security clearances for Chris Krebs, SentinelOne 2025-04-10 at 15:50 By Zeljka Zorz US President Donald Trump has signed an Executive Order on Wednesday to revoke security clearance held by Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), and his colleagues at SentinelOne. “The Order also suspends
React to this headline:
Trump orders revocation of security clearances for Chris Krebs, SentinelOne Read More »
FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) 2025-04-10 at 13:18 By Zeljka Zorz Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow unauthenticated attackers to gain access to and administrative privileges on vulnerable devices. About CVE-2024-48887 Fortinet
React to this headline:
How to find out if your AI vendor is a security risk 2025-04-10 at 08:31 By Help Net Security One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks for a summary. Just like that, confidential information
React to this headline:
How to find out if your AI vendor is a security risk Read More »
From likes to leaks: How social media presence impacts corporate security 2025-04-10 at 08:07 By Help Net Security From a psychological standpoint, we all crave attention, and likes and comments fuel that need, encouraging us to share even more on social media. In the corporate world, this risk grows exponentially because it’s not just our
React to this headline:
From likes to leaks: How social media presence impacts corporate security Read More »
Review: The Ultimate Kali Linux Book, Third Edition 2025-04-10 at 07:31 By Mirko Zorz Packed with real-world scenarios, hands-on techniques, and insights into widely used tools, the third edition of the bestselling Ultimate Kali Linux Book offers a practical path to learning penetration testing with Kali Linux. About the author Glen D. Singh, a seasoned
React to this headline:
Review: The Ultimate Kali Linux Book, Third Edition Read More »
Enzoic AD Lite Password Audit Report 2025-04-09 at 16:24 By Help Net Security Enzoic for AD Lite Password Auditor is an innovative tool designed to integrate with an organization’s Active Directory environment seamlessly. Enzoic analyzed the 2024 AD Lite Password Auditor data to produce this report. New mandates and heightened awareness in 2024 have pushed
React to this headline:
Enzoic AD Lite Password Audit Report Read More »
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) 2025-04-09 at 16:00 By Zeljka Zorz WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that
React to this headline:
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged
React to this headline:
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »
OpenSSL prepares for a quantum future with 3.5.0 release 2025-04-09 at 11:26 By Help Net Security The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and
React to this headline:
OpenSSL prepares for a quantum future with 3.5.0 release Read More »
Why CISOs are doubling down on cyber crisis simulations 2025-04-09 at 09:03 By Mirko Zorz Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting,
React to this headline:
Why CISOs are doubling down on cyber crisis simulations Read More »
Transforming cybersecurity into a strategic business enabler 2025-04-09 at 08:20 By Mirko Zorz In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise
React to this headline:
Transforming cybersecurity into a strategic business enabler Read More »