Most AI and SaaS apps are outside IT’s control 2025-06-26 at 07:08 By Help Net Security 60% of enterprise SaaS and AI applications operate outside IT’s visibility, according to CloudEagle.ai. This surge in invisible IT is fueling a crisis in AI identity governance, leading to increased breaches, audit failures, and compliance risk across enterprises. A […]
Most AI and SaaS apps are outside IT’s control Read More »
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) 2025-06-26 at 00:15 By Zeljka Zorz A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. There is currently no indication that the vulnerability is being leveraged by attackers, though technical details
Flaw in Notepad++ installer could grant attackers SYSTEM access (CVE-2025-49144) Read More »
Windows 10: How to get security updates for free until 2026 2025-06-25 at 14:45 By Zeljka Zorz Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Microsoft’s (self-evident) long-term goal
Windows 10: How to get security updates for free until 2026 Read More »
XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up 2025-06-25 at 12:48 By Sinisa Markovic XBOW has raised $75 million in Series B funding to grow its AI-driven offensive security platform. The round was led by Altimeter’s Apoorv Agrawal, with participation from existing investors Sequoia Capital and Nat
XBOW’s AI reached the top ranks on HackerOne, and now it has $75M to scale up Read More »
The tiny amplifier that could supercharge quantum computing 2025-06-25 at 09:34 By Anamarija Pogorelec Quantum computers are built to handle problems that are far too complex for today’s machines. They could lead to major advances in areas like drug development, encryption, AI, and logistics. Photo by Chalmers University of Technology Now, researchers at Chalmers University
The tiny amplifier that could supercharge quantum computing Read More »
Why the SOC needs its “Moneyball” moment 2025-06-25 at 09:05 By Help Net Security In the classic book and later Brad Pitt movie Moneyball, the Oakland A’s didn’t beat baseball’s giants by spending more – they won by thinking differently, scouting players not through gut instinct and received wisdom, but by utilizing relevant data and
Why the SOC needs its “Moneyball” moment Read More »
From posture to prioritization: The shift toward unified runtime platforms 2025-06-25 at 08:49 By Mirko Zorz In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. She encourages CISOs to position runtime as a practical layer for real-time risk
From posture to prioritization: The shift toward unified runtime platforms Read More »
Why should companies or organizations convert to FIDO security keys? 2025-06-25 at 08:09 By Mirko Zorz In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they’re gaining traction across industries, from healthcare to critical infrastructure. He also shares insights
Why should companies or organizations convert to FIDO security keys? Read More »
Companies negotiate their way to lower ransom payments 2025-06-25 at 07:38 By Help Net Security Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand Ransom payments and recovery costs are on the decline Despite the
Companies negotiate their way to lower ransom payments Read More »
Users lack control as major AI platforms share personal info with third parties 2025-06-25 at 07:02 By Help Net Security Some of the most popular generative AI and large language model (LLM) platforms, from companies like Meta, Google, and Microsoft, are collecting sensitive data and sharing it with unknown third parties, leaving users with limited
Users lack control as major AI platforms share personal info with third parties Read More »
Trojanized SonicWall NetExtender app exfiltrates VPN credentials 2025-06-24 at 15:00 By Zeljka Zorz Unknown attackers have trojanized SonicWall’s SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). The trojanized SonicWall NetExtender installer SonicWall NetExtender is an SSL‑VPN client used by companies to give remote
Trojanized SonicWall NetExtender app exfiltrates VPN credentials Read More »
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) 2025-06-24 at 12:45 By Zeljka Zorz A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be leveraged by remote attackers to execute arbitrary code on affected installations. The vulnerability has been patched in WinRAR 7.12 beta 1, released on June 10, 2025, and users are advised
High-risk WinRAR RCE vulnerability patched, update quickly! (CVE-2025-6218) Read More »
Common Good Cyber Fund launches to support nonprofits protecting the internet 2025-06-24 at 11:49 By Sinisa Markovic The Common Good Cyber Fund is a new effort to support cybersecurity that protects everyone, especially those most at risk of harassment, harm, or coercion. It has the potential to make cybersecurity better and more accessible for billions
Common Good Cyber Fund launches to support nonprofits protecting the internet Read More »
Why work-life balance in cybersecurity must start with executive support 2025-06-24 at 08:34 By Mirko Zorz In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. She shares how her team handles constant pressure, sets boundaries, and deals with stress. Wallace
Why work-life balance in cybersecurity must start with executive support Read More »
Reconmap: Open-source vulnerability assessment, pentesting management platform 2025-06-24 at 08:03 By Help Net Security Reconmap is an open source tool for vulnerability assessments and penetration testing. It helps security teams plan, carry out, and report on security tests from start to finish. The platform simplifies tasks and makes it easier for teams to work together,
Reconmap: Open-source vulnerability assessment, pentesting management platform Read More »
The real story behind cloud repatriation in 2025 2025-06-24 at 07:40 By Help Net Security In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report. He explores the surprising trend of cloud repatriation, where 97% of mid-market organizations plan to move some
The real story behind cloud repatriation in 2025 Read More »
Cybersecurity jobs available right now: June 24, 2025 2025-06-24 at 07:02 By Anamarija Pogorelec Cyber Security Analyst Ascendion | Singapore | On-site – View job details As a Cyber Security Analyst, you will lead incident response efforts, including forensic analysis, malware mitigation, and DoS attack resolution. Design and implement advanced security architectures with a focus
Cybersecurity jobs available right now: June 24, 2025 Read More »
Microsoft will start removing legacy drivers from Windows Update 2025-06-23 at 17:47 By Zeljka Zorz Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. This is intended to be an ongoing process and Microsoft is planning to introduce
Microsoft will start removing legacy drivers from Windows Update Read More »
CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets 2025-06-23 at 16:38 By Zeljka Zorz The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. The CoinMarketCap compromise CoinMarketCap (aka CMC) is a website popular with crypto investors as
CoinMarketCap, Cointelegraph compromised to serve pop-ups to drain crypto wallets Read More »
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) 2025-06-23 at 14:14 By Zeljka Zorz Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless, the
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777) Read More »