News

Third-party breaches double, creating ripple effects across industries

cybersecurity, Incident Response, News, report, risk, SecurityScorecard, supply chain, third party compromise /

Third-party breaches double, creating ripple effects across industries 2025-06-30 at 07:04 By Help Net Security Supply chain risks remain top-of-mind for the vast majority of CISOs and cybersecurity leaders, according to SecurityScorecard. Their findings reveal that the way most organizations manage supply chain cyber risk isn’t keeping pace with expanding threats. The expanding web of […]

Third-party breaches double, creating ripple effects across industries Read More »

Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched

News, Week in review /

Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched 2025-06-29 at 10:45 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Stealthy backdoor found hiding in SOHO devices running Linux SecurityScorecard’s STRIKE team has uncovered a network of compromised

Week in review: Backdoor found in SOHO devices running Linux, high-risk WinRAR RCE flaw patched Read More »

Tracing Blind Eagle to Proton66

News, Security Research, Threat Intelligence /

Tracing Blind Eagle to Proton66 2025-06-27 at 16:19 By Serhii Melnyk Trustwave SpiderLabs has assessed with high confidence that the threat group Blind Eagle, aka APT-C-36, is associated with the Russian bulletproof hosting service provider Proton66. Blind Eagle is a threat actor actively targeting organizations across Latin America, with a notable focus on Colombian financial institutions.

Tracing Blind Eagle to Proton66 Read More »

Money mule networks evolve into hierarchical, business-like criminal enterprises

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, ThreatMark /

Money mule networks evolve into hierarchical, business-like criminal enterprises 2025-06-27 at 09:12 By Mirko Zorz In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping

Money mule networks evolve into hierarchical, business-like criminal enterprises Read More »

Managing through chaos to secure networks

automation, BackBox, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, network, News, opinion /

Managing through chaos to secure networks 2025-06-27 at 08:39 By Anamarija Pogorelec Every time there’s a natural or manmade disaster that takes medical equipment offline, cuts connectivity to emergency services and loved ones, or shuts down access to ATMs, network engineers are at the center of the heroic efforts required to restore availability and uptime.

Managing through chaos to secure networks Read More »

After a hack many firms still say nothing, and that’s a problem

Artificial Intelligence, Bitdefender, burnout, cybersecurity, News, professional, report /

After a hack many firms still say nothing, and that’s a problem 2025-06-27 at 08:08 By Help Net Security Attackers are more inclined to “log in rather than break in,” using stolen credentials, legitimate tools, and native access to stealthily blend into their target’s environment, according to Bitdefender’s 2025 Cybersecurity Assessment Report. Attack surface reduction

After a hack many firms still say nothing, and that’s a problem Read More »

We know GenAI is risky, so why aren’t we fixing its flaws?

Cobalt, cybersecurity, generative AI, LLMs, News, penetration testing, report, security assessment /

We know GenAI is risky, so why aren’t we fixing its flaws? 2025-06-27 at 07:33 By Help Net Security Even though GenAI threats are a top concern for both security teams and leadership, the current level of testing and remediation for LLM and AI-powered applications isn’t keeping up with the risks, according to Cobalt. GenAl

We know GenAI is risky, so why aren’t we fixing its flaws? Read More »

Infosec products of the month: June 2025

Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, News, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta, Varonis /

Infosec products of the month: June 2025 2025-06-27 at 07:01 By Sinisa Markovic Here’s a look at the most interesting products from the past month, featuring releases from: Akamai, AttackIQ, Barracuda Networks, BigID, Bitdefender, Contrast Security, Cymulate, Dashlane, Embed Security, Fortanix, Fortinet, Jumio, Lemony, Malwarebytes, SpecterOps, StackHawk, Stellar Cyber, Sumsub, Thales, Tines, Vanta, and Varonis.

Infosec products of the month: June 2025 Read More »

ClickFix attacks skyrocketing more than 500%

attacks, authentication, cybercrime, cybersecurity, Don't miss, ESET, News, phishing, research, scams /

ClickFix attacks skyrocketing more than 500% 2025-06-26 at 12:02 By Sinisa Markovic ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. The report, which looks at trends from December 2024

ClickFix attacks skyrocketing more than 500% Read More »

Google’s Gemini CLI brings open-source AI agents to developers

Artificial Intelligence, generative AI, GitHub, Google, News, open source /

Google’s Gemini CLI brings open-source AI agents to developers 2025-06-26 at 10:01 By Anamarija Pogorelec Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. The tool, simply named Gemini CLI,

Google’s Gemini CLI brings open-source AI agents to developers Read More »

Building cyber resilience in always-on industrial environments

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Jungheinrich, monitoring, News, Risk Management, security controls, strategy, supply chain /

Building cyber resilience in always-on industrial environments 2025-06-26 at 09:07 By Mirko Zorz In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. He explains how to maintain operational continuity while building real cyber resilience in always-on environments. Dr. Sattler also

Building cyber resilience in always-on industrial environments Read More »

CC Signals lets you set boundaries with AI without locking down your work

Artificial Intelligence, framework, News /

CC Signals lets you set boundaries with AI without locking down your work 2025-06-26 at 09:07 By Anamarija Pogorelec Creative Commons introduced CC Signals, a new framework that helps data and content owners communicate how they want their work used by AI systems. The idea is to build a shared understanding of what’s acceptable, and

CC Signals lets you set boundaries with AI without locking down your work Read More »

Breaking the cycle of attack playbook reuse

Bitdefender, Don't miss, Endpoint Security, Expert analysis, Expert corner, Hot stuff, News /

Breaking the cycle of attack playbook reuse 2025-06-26 at 08:32 By Help Net Security Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets. What’s effective in one environment is

Breaking the cycle of attack playbook reuse Read More »

Kanister: Open-source data protection workflow management tool

Cloud Native Computing Foundation, Data Protection, Don't miss, GitHub, Kubernetes, News, open source, software /

Kanister: Open-source data protection workflow management tool 2025-06-26 at 08:04 By Help Net Security Kanister is an open-source tool that lets domain experts define how to manage application data using blueprints that are easy to share and update. It handles the complex parts of running these tasks on Kubernetes and gives a consistent way to

Kanister: Open-source data protection workflow management tool Read More »

When synthetic identity fraud looks just like a good customer

AuthenticID, cybercrime, cybersecurity, Deloitte, fraud, identity theft, News, Sumsub /

When synthetic identity fraud looks just like a good customer 2025-06-26 at 07:30 By Sinisa Markovic People may assume synthetic identity fraud has no victims. They believe fake identities don’t belong to real people, so no one gets hurt. But this assumption is wrong. What is synthetic identity fraud? Criminals create fake identities by combining

When synthetic identity fraud looks just like a good customer Read More »

Most AI and SaaS apps are outside IT’s control

Compliance, cyber risk, cybersecurity, News, report, SaaS, survey /

Most AI and SaaS apps are outside IT’s control 2025-06-26 at 07:08 By Help Net Security 60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A

Most AI and SaaS apps are outside IT’s control Read More »

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144)

Don't miss, Hot stuff, News, open source, PoC, vulnerability /

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details

Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »

Windows 10: How to get security updates for free until 2026

consumer, Don't miss, enterprise, Hot stuff, Microsoft, News, security update, SMBs, Windows /

Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal

Windows 10: How to get security updates for free until 2026 Read More »

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up

Artificial Intelligence, Don't miss, HackerOne, News, penetration testing, XBOW /

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up 2025-06-25 at 12:48 By Sinisa Markovic XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat

XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up Read More »

The tiny amplifier that could supercharge quantum computing

hardware, News, quantum computing, research /

The tiny amplifier that could supercharge quantum computing 2025-06-25 at 09:34 By Anamarija Pogorelec Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, and logistics. Photo by Chalmers University of Technology Now, researchers at Chalmers University

The tiny amplifier that could supercharge quantum computing Read More »

Scroll to Top