News

Trustwave Named a Representative Vendor in 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions

Trustwave Named a Representative Vendor in 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions 2025-05-28 at 16:30 By The industry analyst firm Gartner® has named Trustwave a Representative Vendor in its latest publication, 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions. This article is an excerpt from Trustwave Blog View Original […]

React to this headline:

Loading spinner

Trustwave Named a Representative Vendor in 2025 Gartner® Market Guide for Third-Party Risk Management Technology Solutions Read More »

Attackers hit MSP, use its RMM software to deliver ransomware to clients

Attackers hit MSP, use its RMM software to deliver ransomware to clients 2025-05-28 at 14:36 By Zeljka Zorz A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via SimpleHelp, a legitimate remote monitoring and management (RMM) tool. “Sophos MDR has medium

React to this headline:

Loading spinner

Attackers hit MSP, use its RMM software to deliver ransomware to clients Read More »

Why data provenance must anchor every CISO’s AI governance strategy

Why data provenance must anchor every CISO’s AI governance strategy 2025-05-28 at 08:30 By Help Net Security Across the enterprise, artificial intelligence has crept into core functions – not through massive digital transformation programs, but through quiet, incremental adoption. Legal departments are summarizing contracts. HR is rewording sensitive employee communications. Compliance teams are experimenting with

React to this headline:

Loading spinner

Why data provenance must anchor every CISO’s AI governance strategy Read More »

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs 2025-05-28 at 08:17 By Mirko Zorz Woodpecker is an open-source tool that automates red teaming, making advanced security testing easier and more accessible. It helps teams find and fix security weaknesses in AI systems, Kubernetes environments, and APIs before attackers can exploit them. Key features of Woodpecker

React to this headline:

Loading spinner

Woodpecker: Open-source red teaming for AI, Kubernetes, APIs Read More »

GitHub becomes go-to platform for malware delivery across Europe

GitHub becomes go-to platform for malware delivery across Europe 2025-05-28 at 07:32 By Help Net Security Phishing has become the go-to method for attackers looking to get past security controls and access sensitive environments in Europe, according to Netskope. Users are now constantly dealing with phishing attempts, which have become so common and credible that

React to this headline:

Loading spinner

GitHub becomes go-to platform for malware delivery across Europe Read More »

Hottest cybersecurity open-source tools of the month: May 2025

Hottest cybersecurity open-source tools of the month: May 2025 2025-05-28 at 07:03 By Help Net Security This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Vuls: Open-source agentless vulnerability scanner Vuls is an open-source tool that helps users find and manage security vulnerabilities. It was created

React to this headline:

Loading spinner

Hottest cybersecurity open-source tools of the month: May 2025 Read More »

Vulnerabilities found in NASA’s open source software

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no

React to this headline:

Loading spinner

Vulnerabilities found in NASA’s open source software Read More »

Why app modernization can leave you less secure

Why app modernization can leave you less secure 2025-05-27 at 09:09 By Help Net Security Enterprises typically “modernize” access patterns for an application by enabling industry standard protocols like OIDC or SAML to provide single sign-on (SSO) for legacy apps via a cloud identity provider (IDP). That’s a major step towards better user experience, improved

React to this headline:

Loading spinner

Why app modernization can leave you less secure Read More »

How AI agents reshape industrial automation and risk management

How AI agents reshape industrial automation and risk management 2025-05-27 at 08:33 By Mirko Zorz In this Help Net Security interview, Michael Metzler, Vice President Horizontal Management Cybersecurity for Digital Industries at Siemens, discusses the cybersecurity implications of deploying AI agents in industrial environments. He talks about the risks that come with AI agents making

React to this headline:

Loading spinner

How AI agents reshape industrial automation and risk management Read More »

How well do you know your remote IT worker?

How well do you know your remote IT worker? 2025-05-27 at 08:06 By Sinisa Markovic Is the remote IT worker you recently hired really who he says he is? Fake IT workers are slipping into companies around the world, gaining access to sensitive data. Recently, more of these schemes have been linked to North Korea.

React to this headline:

Loading spinner

How well do you know your remote IT worker? Read More »

4.5% of breaches now extend to fourth parties

4.5% of breaches now extend to fourth parties 2025-05-27 at 07:32 By Help Net Security Security teams can no longer afford to treat third-party security as a compliance checkbox, according to SecurityScorecard. Traditional vendor risk assessments, conducted annually or quarterly, are too slow to detect active threats. 35.5% of all breaches in 2024 were third-party

React to this headline:

Loading spinner

4.5% of breaches now extend to fourth parties Read More »

Cybersecurity jobs available right now: May 27, 2025

Cybersecurity jobs available right now: May 27, 2025 2025-05-27 at 07:02 By Anamarija Pogorelec Application Security Engineer, SDO AppSec Amazon | EMEA | Hybrid – View job details As an Application Security Engineer, SDO AppSec, you will be responsible for creating, updating, and maintaining threat models across a diverse range of software projects. Part of

React to this headline:

Loading spinner

Cybersecurity jobs available right now: May 27, 2025 Read More »

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks 2025-05-26 at 08:52 By Mirko Zorz LlamaFirewall is a system-level security framework for LLM-powered applications, built with a modular design to support layered, adaptive defense. It is designed to mitigate a wide spectrum of AI agent security risks including jailbreaking and indirect prompt injection,

React to this headline:

Loading spinner

LlamaFirewall: Open-source framework to detect and mitigate AI centric security risks Read More »

Why layoffs increase cybersecurity risks

Why layoffs increase cybersecurity risks 2025-05-26 at 08:32 By Sinisa Markovic A wave of layoffs has swept through the tech industry, leaving IT teams in a rush to revoke all access those employees may have had. Additionally, 54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and

React to this headline:

Loading spinner

Why layoffs increase cybersecurity risks Read More »

NIST proposes new metric to gauge exploited vulnerabilities

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

React to this headline:

Loading spinner

NIST proposes new metric to gauge exploited vulnerabilities Read More »

Cyber threats are changing and here’s what you should watch for

Cyber threats are changing and here’s what you should watch for 2025-05-26 at 07:33 By Help Net Security In this Help Net Security video, Stefan Tanase, Cyber Intelligence Expert at CSIS, gives an overview of how cybercriminals are changing their tactics, including using legitimate tools to avoid detection and developing more advanced info-stealing malware. Tanase

React to this headline:

Loading spinner

Cyber threats are changing and here’s what you should watch for Read More »

AI forces security leaders to rethink hybrid cloud strategies

AI forces security leaders to rethink hybrid cloud strategies 2025-05-26 at 07:01 By Help Net Security Hybrid cloud infrastructure is under mounting strain from the growing influence of AI, according to Gigamon. Cyberthreats grow in scale and sophistication As cyberthreats increase in both scale and sophistication, breach rates have surged to 55% during the past

React to this headline:

Loading spinner

AI forces security leaders to rethink hybrid cloud strategies Read More »

Week in review: Trojanized KeePass allows ransomware attacks, cyber risks of AI hallucinations

Week in review: Trojanized KeePass allows ransomware attacks, cyber risks of AI hallucinations 2025-05-25 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Trojanized KeePass opens doors for ransomware attackers A suspected initial access broker has been leveraging trojanized versions of the open-source

React to this headline:

Loading spinner

Week in review: Trojanized KeePass allows ransomware attacks, cyber risks of AI hallucinations Read More »

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations 2025-05-23 at 17:21 By Zeljka Zorz CVE-2025-4427 and CVE-2025-4428 – the two Ivanti Endpoint Manager Mobile (EPMM) vulnerabilities that have been exploited in the wild as zero-days and patched by Ivanti last week – are being leveraged by a Chinese cyber espionage

React to this headline:

Loading spinner

Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations Read More »

Scroll to Top