News

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms 2025-08-29 at 14:19 By Zeljka Zorz A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point […]

React to this headline:

Loading spinner

Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms Read More »

New framework aims to outsmart malware evasion tricks

New framework aims to outsmart malware evasion tricks 2025-08-29 at 10:03 By Mirko Zorz Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer. In a new paper, academics from Inria and the CISPA Helmholtz Center for Information Security describe

React to this headline:

Loading spinner

New framework aims to outsmart malware evasion tricks Read More »

AI isn’t taking over the world, but here’s what you should worry about

AI isn’t taking over the world, but here’s what you should worry about 2025-08-29 at 10:03 By Help Net Security In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own. He explains how large language models actually work,

React to this headline:

Loading spinner

AI isn’t taking over the world, but here’s what you should worry about Read More »

Finding connection and resilience as a CISO

Finding connection and resilience as a CISO 2025-08-29 at 10:03 By Mirko Zorz With sensitive information to protect and reputational risk always in the background, it isn’t easy for security leaders to have open conversations about what’s working and what isn’t. Yet strong peer networks and candid exchanges are critical for resilience, both organizationally and

React to this headline:

Loading spinner

Finding connection and resilience as a CISO Read More »

AI can’t deliver without trusted, well-governed information

AI can’t deliver without trusted, well-governed information 2025-08-29 at 10:03 By Sinisa Markovic While enterprise IT leaders recognize the transformative potential of AI, a gap in information readiness is causing their organizations to struggle in securing, governing, and aligning AI initiatives across business, according to a survey conducted by the Ponemon Institute. Who is the

React to this headline:

Loading spinner

AI can’t deliver without trusted, well-governed information Read More »

Infosec products of the month: August 2025

Infosec products of the month: August 2025 2025-08-29 at 07:23 By Sinisa Markovic Here’s a look at the most interesting products from the past month, featuring releases from: Black Kite, Brivo, Cloudflare, Descope, Doppel, Druva, Elastic, ExtraHop, LastPass, Prove, Riverbed, Rubrik, StackHawk, and Trellix. StackHawk empowers security teams to expand their API testing coverage StackHawk

React to this headline:

Loading spinner

Infosec products of the month: August 2025 Read More »

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations 2025-08-28 at 15:29 By Zeljka Zorz Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday. An attacker used the agentic AI coding assistant Claude Code for nearly all steps of a data extortion operation

React to this headline:

Loading spinner

Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations Read More »

ScamAgent shows how AI could power the next wave of scam calls

ScamAgent shows how AI could power the next wave of scam calls 2025-08-28 at 09:03 By Mirko Zorz Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could

React to this headline:

Loading spinner

ScamAgent shows how AI could power the next wave of scam calls Read More »

Where security, DevOps, and data science finally meet on AI strategy

Where security, DevOps, and data science finally meet on AI strategy 2025-08-28 at 08:34 By Mirko Zorz AI infrastructure is expensive, complex, and often caught between competing priorities. On one side, security teams want strong isolation and boundaries. On the other, engineers push for performance, density, and cost savings. With GPUs in short supply and

React to this headline:

Loading spinner

Where security, DevOps, and data science finally meet on AI strategy Read More »

Maritime cybersecurity is the iceberg no one sees coming

Maritime cybersecurity is the iceberg no one sees coming 2025-08-28 at 08:01 By Sinisa Markovic Maritime transport, the backbone of global trade, is adapting to shifting economic, political, and technological conditions. Advances in technology have improved efficiency, bringing innovations such as remote cargo monitoring, advanced energy management systems, and automation of various onboard operations. But

React to this headline:

Loading spinner

Maritime cybersecurity is the iceberg no one sees coming Read More »

Can AI make threat intelligence easier? One platform thinks so

Can AI make threat intelligence easier? One platform thinks so 2025-08-28 at 07:38 By Mirko Zorz When analysts at RH-ISAC found themselves spending 10 hours a week just collecting threat intelligence, they knew their process wasn’t sustainable. They were manually tracking blogs, RSS feeds, and social media channels, but it took too long to separate

React to this headline:

Loading spinner

Can AI make threat intelligence easier? One platform thinks so Read More »

How CISOs are balancing risk, pressure and board expectations

How CISOs are balancing risk, pressure and board expectations 2025-08-28 at 07:05 By Sinisa Markovic AI has moved to the top of the CISO agenda. Three in five CISOs see generative AI as a security risk, with many worried about sensitive data leaking through public tools. At the same time, most organizations are not blocking

React to this headline:

Loading spinner

How CISOs are balancing risk, pressure and board expectations Read More »

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius 2025-08-27 at 17:47 By Zeljka Zorz A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments. “[Google Threat Intelligence Group] observed UNC6395

React to this headline:

Loading spinner

Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius Read More »

AI is becoming a core tool in cybercrime, Anthropic warns

AI is becoming a core tool in cybercrime, Anthropic warns 2025-08-27 at 17:32 By Anamarija Pogorelec A new report from Anthropic shows how criminals are using AI to actively run parts of their operations. The findings suggest that AI is now embedded across the full attack cycle, from reconnaissance and malware development to fraud and

React to this headline:

Loading spinner

AI is becoming a core tool in cybercrime, Anthropic warns Read More »

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 2025-08-27 at 14:29 By Zeljka Zorz Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned. About CVE-2025-34158 Plex Media Server (PMS) is

React to this headline:

Loading spinner

300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158 Read More »

AI Security Map: Linking AI vulnerabilities to real-world impact

AI Security Map: Linking AI vulnerabilities to real-world impact 2025-08-27 at 09:40 By Mirko Zorz A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only the first step. The real risk comes from how quickly one weakness in an AI

React to this headline:

Loading spinner

AI Security Map: Linking AI vulnerabilities to real-world impact Read More »

How compliance teams can turn AI risk into opportunity

How compliance teams can turn AI risk into opportunity 2025-08-27 at 08:52 By Mirko Zorz AI is moving faster than regulation, and that creates opportunities and risks for compliance teams. While governments work on new rules, businesses cannot sit back and wait. In this Help Net Security video, Matt Hillary, CISO at Drata, look at

React to this headline:

Loading spinner

How compliance teams can turn AI risk into opportunity Read More »

Hottest cybersecurity open-source tools of the month: August 2025

Hottest cybersecurity open-source tools of the month: August 2025 2025-08-27 at 08:02 By Sinisa Markovic This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Buttercup: Open-source AI-driven system detects and patches vulnerabilities Buttercup is a free, automated, AI-powered platform that finds and fixes vulnerabilities in open-source

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: August 2025 Read More »

What CISOs can learn from Doppel’s new AI-driven social engineering simulation

What CISOs can learn from Doppel’s new AI-driven social engineering simulation 2025-08-27 at 07:51 By Sinisa Markovic Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create multi-channel simulations that mirror how attackers operate across email, SMS, messaging apps,

React to this headline:

Loading spinner

What CISOs can learn from Doppel’s new AI-driven social engineering simulation Read More »

Social media apps that aggressively harvest user data

Social media apps that aggressively harvest user data 2025-08-27 at 07:10 By Sinisa Markovic Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni. Some apps leverage data for marketing and advertising purposes, feeding algorithms to calculate optimal prices based on consumer behavior, often leading to

React to this headline:

Loading spinner

Social media apps that aggressively harvest user data Read More »

Scroll to Top