News - Security Ticks

91% noise: A look at what’s wrong with traditional SAST tools

Application Security, automation, cybersecurity, Don't miss, Ghost Security, News, report, scanning / SecurityTicks

91% noise: A look at what’s wrong with traditional SAST tools 2025-06-19 at 07:32 By Mirko Zorz Traditional static application security testing (SAST) tools are falling short. That’s the key takeaway from a recent report that tested these tools against nearly 3,000 open-source code repositories. The results: more than 91% of flagged vulnerabilities were false […]

91% noise: A look at what’s wrong with traditional SAST tools Read More »

How C-suite roles are shaping the future of tech leadership

CIO, CISO, CXO, Deloitte, digital transformation, generative AI, News, report, survey / SecurityTicks

How C-suite roles are shaping the future of tech leadership 2025-06-19 at 07:01 By Help Net Security As companies accelerate towards technology-driven business models, the tech C-suite is embracing new skills, greater influence, and a unified approach to business transformation, according to Deloitte. Top priorities for tech leaders (Source: Deloitte) With insights from a range

How C-suite roles are shaping the future of tech leadership Read More »

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone

Emerging Threats, News, Perspectives, Reports, Security Research, Vulnerabilities / SecurityTicks

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone 2025-06-18 at 22:47 By The Israel-Iran conflict is barely a week old, but the security repercussions for the two combatants and the wider global community can already be seen as the cyberwarfare portion of the conflict is already spilling over

The Digital Front Line: Israel and Iran Turn the Internet into a Covert Combat Zone Read More »

AWS launches new cloud security features

account protection, AWS, cloud security, DDoS, Don't miss, Hot stuff, Kubernetes, MFA, News / SecurityTicks

AWS launches new cloud security features 2025-06-18 at 17:59 By Zeljka Zorz Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to protect all AWS root

AWS launches new cloud security features Read More »

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, openSUSE, Qualys, Ubuntu, vulnerability / SecurityTicks

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) 2025-06-18 at 14:49 By Zeljka Zorz Qualys researchers have unearthed two local privilege escalation vulnerabilities (CVE-2025-6018, CVE-2025-6019) that can be exploited in tandem to achieve root access on most Linux distributions “with minimal effort.” About the vulnerabilities (CVE-2025-6018, CVE-2025-6019) CVE-2025-6018 affects the Pluggable

Chaining two LPEs to get “root”: Most Linux distros vulnerable (CVE-2025-6018, CVE-2025-6019) Read More »

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security

containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Kubernetes, News, opinion, Rootly / SecurityTicks

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security 2025-06-18 at 09:02 By Help Net Security As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated CNCF Cilium and its sub-project Tetragon, combined with Software Bills of

Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security Read More »

35 open-source security tools to power your red team, SOC, and cloud security

Android, cybersecurity, GitHub, Linux, macOS, News, open source, software, Windows / SecurityTicks

35 open-source security tools to power your red team, SOC, and cloud security 2025-06-18 at 08:31 By Help Net Security This article showcases free, open-source security tools that support your organization’s teams in red teaming, threat hunting, incident response, vulnerability scanning, and cloud security. Autorize: Burp Suite extension for automatic authorization enforcement detection Autorize is

35 open-source security tools to power your red team, SOC, and cloud security Read More »

AI is changing cybersecurity roles, and entry-level jobs are at risk

Artificial Intelligence, automation, Cato Networks, cybersecurity, Don't miss, Exabeam, News, Perspective Intelligence, Wipro / SecurityTicks

AI is changing cybersecurity roles, and entry-level jobs are at risk 2025-06-18 at 08:00 By Sinisa Markovic Will humans remain essential in cybersecurity, or is AI set to take over? According to Wipro, many CISOs are leveraging AI to improve threat detection and response times and to build enhanced incident response capabilities. What’s changing AI

AI is changing cybersecurity roles, and entry-level jobs are at risk Read More »

From cleaners to creepers: The risk of mobile privilege escalation

Android, Don't miss, mobile devices, mobile security, News, smartphones, Video, Zimperium / SecurityTicks

From cleaners to creepers: The risk of mobile privilege escalation 2025-06-18 at 07:38 By Help Net Security In this Help Net Security video, Nico Chiaraviglio, Chief Scientist at Zimperium, explores how Android apps can be abused to escalate privileges, giving attackers access to sensitive data and system functions. Drawing on Zimperium’s recent research, he breaks

From cleaners to creepers: The risk of mobile privilege escalation Read More »

Employees are using AI where they know they shouldn’t

Artificial Intelligence, GoTo, News, report, strategy, survey / SecurityTicks

Employees are using AI where they know they shouldn’t 2025-06-18 at 07:06 By Help Net Security Despite widespread anticipation about AI’s positive impact on workforce productivity, most employees feel they were overpromised on its potential, according to GoTo. In fact, 62% believe AI has been significantly overhyped. However, this is likely because employees aren’t making

Employees are using AI where they know they shouldn’t Read More »

Trustwave on High Alert: How the Israel-Iran Battle Could Impact Your Organization

Emerging Threats, Government, News, Vulnerabilities / SecurityTicks

Trustwave on High Alert: How the Israel-Iran Battle Could Impact Your Organization 2025-06-17 at 19:21 By The combat operations initiated on June 12 between Israel and Iran, as with the ongoing Ukraine-Russia conflict, once again place organizations on alert for any cyber operations either directly or adjacently related to the conflict. This article is an

Trustwave on High Alert: How the Israel-Iran Battle Could Impact Your Organization Read More »

Researchers unearth keyloggers on Outlook login pages

credentials, data theft, Don't miss, Government, Hot stuff, Microsoft Exchange, News, Outlook, Positive Technologies / SecurityTicks

Researchers unearth keyloggers on Outlook login pages 2025-06-17 at 18:37 By Zeljka Zorz Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations’ Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source:

Researchers unearth keyloggers on Outlook login pages Read More »

Free AI coding security rules now available on GitHub

Artificial Intelligence, GitHub, LLMs, News, open source, Secure Code Warrior / SecurityTicks

Free AI coding security rules now available on GitHub 2025-06-17 at 16:47 By Sinisa Markovic Developers are turning to AI coding assistants to save time and speed up their work. But these tools can also introduce security risks if they suggest flawed or unsafe code. To help address that, Secure Code Warrior has released a

Free AI coding security rules now available on GitHub Read More »

Hackers love events. Why aren’t more CISOs paying attention?

BforeAI, CISO, conferences, CXO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Span, strategy, tips / SecurityTicks

Hackers love events. Why aren’t more CISOs paying attention? 2025-06-17 at 09:04 By Mirko Zorz When CISOs think about risk, they usually think about cloud platforms, laptops, and data centers. But live events like conferences, trade shows, product launches, and shareholder meetings bring a different kind of cybersecurity exposure. These events gather people, devices, and

Hackers love events. Why aren’t more CISOs paying attention? Read More »

Before scaling GenAI, map your LLM usage and risk zones

Application Security, ArmorCode, Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, Lakera, LLMs, News, OWASP, policy, Straiker, The Motley Fool / SecurityTicks

Before scaling GenAI, map your LLM usage and risk zones 2025-06-17 at 08:46 By Mirko Zorz In this Help Net Security interview, Paolo del Mundo, Director of Application and Cloud Security at The Motley Fool, discusses how organizations can scale their AI usage by implementing guardrails to mitigate GenAI-specific risks like prompt injection, insecure outputs,

Before scaling GenAI, map your LLM usage and risk zones Read More »

CURBy: A quantum random number generator you can verify

cybersecurity, Encryption, News, NIST, quantum computing, research / SecurityTicks

CURBy: A quantum random number generator you can verify 2025-06-17 at 08:01 By Sinisa Markovic NIST and the University of Colorado Boulder have created a public service that delivers random numbers using quantum mechanics. Called the Colorado University Randomness Beacon (CURBy), the system offers a daily stream of certifiable random numbers generated through a process

CURBy: A quantum random number generator you can verify Read More »

CISOs brace for a surge in domain-based cyber threats

CISO, CSC, cybersecurity, News, report, strategy, tips / SecurityTicks

CISOs brace for a surge in domain-based cyber threats 2025-06-17 at 07:32 By Mirko Zorz Cybersecurity threats are growing more complex, and domain-based attacks are at the center of this shift. CSC’s CISO Outlook 2025 report, based on a survey of 300 security leaders, reveals a rising sense of urgency as organizations confront both established

CISOs brace for a surge in domain-based cyber threats Read More »

Cybersecurity jobs available right now: June 17, 2025

cybersecurity jobs, News / SecurityTicks

Cybersecurity jobs available right now: June 17, 2025 2025-06-17 at 07:05 By Anamarija Pogorelec The post Cybersecurity jobs available right now: June 17, 2025 appeared first on Help Net Security. This article is an excerpt from Help Net Security View Original Source

Cybersecurity jobs available right now: June 17, 2025 Read More »

History made as MI6 appoints first female Chief

Europe, law enforcement, News, UK / SecurityTicks

History made as MI6 appoints first female Chief 2025-06-16 at 16:33 By Sinisa Markovic The UK government has appointed Blaise Florence Metreweli as the next Chief of the Secret Intelligence Service (SIS), also known as MI6. Metreweli will take up the role, traditionally referred to by the codename “C,” succeeding Sir Richard Moore, who is

History made as MI6 appoints first female Chief Read More »

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles

automotive security, CISA, Don't miss, GPS, Hot stuff, location tracking, News, remote management, SinoTrack / SecurityTicks

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles 2025-06-16 at 16:18 By Zeljka Zorz Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning

SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles Read More »