News

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes […]

React to this headline:

Loading spinner

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »

From theory to training: Lessons in making NICE usable

CISA, CISO, CXO, cybersecurity, Daon, Don't miss, Features, framework, Hot stuff, News, NICE, research, Risk Management, SMBs, strategy, tips /

From theory to training: Lessons in making NICE usable 2025-10-10 at 09:02 By Mirko Zorz SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and

React to this headline:

Loading spinner

From theory to training: Lessons in making NICE usable Read More »

Securing agentic AI with intent-based permissions

access management, agentic AI, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, Token Security, zero trust /

Securing agentic AI with intent-based permissions 2025-10-10 at 08:31 By Help Net Security When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate

React to this headline:

Loading spinner

Securing agentic AI with intent-based permissions Read More »

Nagios: Open-source monitoring solution

Don't miss, GitHub, monitoring, News, open source, software /

Nagios: Open-source monitoring solution 2025-10-10 at 08:19 By Anamarija Pogorelec Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT infrastructure, covering everything from websites and DNS to servers, routers, switches, workstations, and critical services. It helps organizations proactively

React to this headline:

Loading spinner

Nagios: Open-source monitoring solution Read More »

Your SOC is tired, AI isn’t

AI, Artificial Intelligence, cybersecurity, Dropzone AI, News, report, SOC /

Your SOC is tired, AI isn’t 2025-10-10 at 07:39 By Anamarija Pogorelec Security teams have discussed AI in the SOC for years, but solid evidence of its impact has been limited. A recent benchmark study by Dropzone puts measurable evidence behind the idea, showing that AI agents can help analysts work faster and with greater

React to this headline:

Loading spinner

Your SOC is tired, AI isn’t Read More »

New infosec products of the week: October 10, 2025

News, Object First, OPSWAT, Radiflow, Semperis /

New infosec products of the week: October 10, 2025 2025-10-10 at 07:04 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Object First, OPSWAT, Radiflow, and Semperis. OPSWAT’s MetaDefender Drive delivers portable, network-free threat scanning Purpose-built for critical infrastructure, MetaDefender Drive with Smart Touch is a

React to this headline:

Loading spinner

New infosec products of the week: October 10, 2025 Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

React to this headline:

Loading spinner

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

React to this headline:

Loading spinner

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Researchers develop AI system to detect scam websites in search results

cybercrime, cybersecurity, framework, machine learning, News, scams /

Researchers develop AI system to detect scam websites in search results 2025-10-09 at 13:07 By Sinisa Markovic Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent sites once they are found, but identifying new ones remains difficult. To

React to this headline:

Loading spinner

Researchers develop AI system to detect scam websites in search results Read More »

Behind the screens: Building security customers appreciate

access control, Artificial Intelligence, authentication, CISO, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, PRA Group, strategy, tips /

Behind the screens: Building security customers appreciate 2025-10-09 at 08:03 By Mirko Zorz In this Help Net Security interview, Jess Vachon, CISO at PRA Group, discusses the company’s multi-layered defense against fraud and its commitment to protecting customer trust. Vachon explains how PRA Group balances identity verification with a seamless customer experience. Vachon also reflects

React to this headline:

Loading spinner

Behind the screens: Building security customers appreciate Read More »

Six metrics policymakers need to track cyber resilience

cyber insurance, cyber resilience, cyber risk, cybersecurity, Europe, Government, News, policy, report, security metrics, Zurich Insurance Group /

Six metrics policymakers need to track cyber resilience 2025-10-09 at 07:48 By Anamarija Pogorelec Most countries are still making national cyber policy decisions without reliable numbers. Regulations often focus on incident reporting after damage is done, but they fail to give governments a forward-looking picture of resilience. A new report from Zurich Insurance Group argues

React to this headline:

Loading spinner

Six metrics policymakers need to track cyber resilience Read More »

Turning the human factor into your strongest cybersecurity defense

burnout, cybersecurity, Don't miss, Hot stuff, human error, News, training, Upwind, Video /

Turning the human factor into your strongest cybersecurity defense 2025-10-09 at 07:30 By Help Net Security In this Help Net Security video, Jacob Martens, Field CISO at Upwind Security, explores one of cybersecurity’s most enduring challenges: the human factor behind breaches. Despite advances in technology, most attacks still begin with people, not code. He explains

React to this headline:

Loading spinner

Turning the human factor into your strongest cybersecurity defense Read More »

Researchers uncover ClickFix-themed phishing kit

Don't miss, Hot stuff, News, Palo Alto Networks, phishing, social engineering /

Researchers uncover ClickFix-themed phishing kit 2025-10-08 at 16:26 By Zeljka Zorz Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing

React to this headline:

Loading spinner

Researchers uncover ClickFix-themed phishing kit Read More »

North Korean hackers stole over $2 billion in cryptocurrency this year

Cryptocurrency, Cryptocurrency Exchange, Don't miss, Elliptic, Hot stuff, News, North Korea, social engineering, theft /

North Korean hackers stole over $2 billion in cryptocurrency this year 2025-10-08 at 14:49 By Zeljka Zorz North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on

React to this headline:

Loading spinner

North Korean hackers stole over $2 billion in cryptocurrency this year Read More »

Rethinking AI security architectures beyond Earth

aerospace, Artificial Intelligence, AWS, CISO, cybersecurity, data center, Don't miss, Features, Google Cloud, Hot stuff, NASA, News, One Identity, research, security telemetry /

Rethinking AI security architectures beyond Earth 2025-10-08 at 09:39 By Mirko Zorz If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that must stay secure while communicating through long, delay-prone links. A new study explores how AI could automate security

React to this headline:

Loading spinner

Rethinking AI security architectures beyond Earth Read More »

DefectDojo: Open-source DevSecOps platform

DevSecOps, Don't miss, GitHub, News, open source, software /

DefectDojo: Open-source DevSecOps platform 2025-10-08 at 09:39 By Anamarija Pogorelec DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track and remove duplicate findings, handle remediation, and generate reports. Whether you’re a solo security practitioner or a CISO managing multiple teams, DefectDojo helps

React to this headline:

Loading spinner

DefectDojo: Open-source DevSecOps platform Read More »

Developing economies are falling behind in the fight against cybercrime

cybercrime, cybersecurity, News /

Developing economies are falling behind in the fight against cybercrime 2025-10-08 at 08:04 By Sinisa Markovic Cybercrime is a global problem, but not every country is equally equipped to fight it. In many developing economies, cybersecurity is still seen as a luxury, something nice to have when budgets allow. That means little investment in tools,

React to this headline:

Loading spinner

Developing economies are falling behind in the fight against cybercrime Read More »

New system aims to keep people connected when networks fail

Bluetooth, communication, cybersecurity, Don't miss, emergency alert systems, networking, News, research, smartphones, software, wireless /

New system aims to keep people connected when networks fail 2025-10-08 at 07:32 By Sinisa Markovic When disaster strikes, communication often fails. Cell towers can go offline, internet connections can disappear, and people are left without a way to share information or ask for help. A new research project looks at how to keep people

React to this headline:

Loading spinner

New system aims to keep people connected when networks fail Read More »

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844)

BSI, Don't miss, Hot stuff, News, Redis, vulnerability, Wiz /

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) 2025-10-07 at 16:36 By Zeljka Zorz Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow attackers full access to the underlying host system. “This flaw allows a post auth

React to this headline:

Loading spinner

Redis patches critical “RediShell” RCE vulnerability, update ASAP! (CVE-2025-49844) Read More »

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)

data theft, Don't miss, exploit, extortion, Hot stuff, Mandiant, News, Oracle, Resecurity, WatchTowr /

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) 2025-10-07 at 15:36 By Zeljka Zorz Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, both, or even additional threat actors is still unknown,

React to this headline:

Loading spinner

Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882) Read More »

Scroll to Top