Police shut down long-running dark web drug market 2025-06-16 at 15:33 By Anamarija Pogorelec Law enforcement authorities across Europe have dismantled Archetyp Market, the most enduring dark web drug market, following a large-scale operation involving six countries, supported by Europol and Eurojust. Between 11 and 13 June, a series of coordinated actions took place across […]
Police shut down long-running dark web drug market Read More »
Why banks’ tech-first approach leaves governance gaps 2025-06-16 at 09:06 By Mirko Zorz In this Help Net Security interview, Rich Friedberg, CISO at Live Oak Bank, discusses how banks can better align cybersecurity efforts with broader cyber governance and risk priorities. Banking institutions often falter when cybersecurity is siloed as purely a technical or compliance
Why banks’ tech-first approach leaves governance gaps Read More »
MDEAutomator: Open-source endpoint management, incident response in MDE 2025-06-16 at 08:36 By Help Net Security Managing endpoints and responding to security incidents in Microsoft Defender for Endpoint (MDE) can be time-consuming and complex. MDEAutomator is an open-source tool designed to make that easier. MDEAutomator is a modular, serverless solution for IT and security teams looking
MDEAutomator: Open-source endpoint management, incident response in MDE Read More »
Virtual kidnapping scams prey on our worst fears 2025-06-16 at 08:02 By Sinisa Markovic Getting a call saying a family member has been kidnapped is terrifying. Fear and panic take over, making it hard to think clearly. That’s exactly what criminals count on when they use a scam called virtual kidnapping. What is virtual kidnapping?
Virtual kidnapping scams prey on our worst fears Read More »
Review: Learning Kali Linux, 2nd Edition 2025-06-16 at 07:32 By Mirko Zorz Kali Linux has long been the go-to operating system for penetration testers and security professionals, and Learning Kali Linux, 2nd Edition by Ric Messier aims to guide readers through its core tools and use cases. This updated edition introduces new material on digital
Review: Learning Kali Linux, 2nd Edition Read More »
Why CISOs need to understand the AI tech stack 2025-06-16 at 07:01 By Mirko Zorz As AI spreads, so do the risks. Security leaders are being asked to protect systems they don’t fully understand yet, and that’s a problem. A new report from the Paladin Global Institute, The AI Tech Stack: A Primer for Tech
Why CISOs need to understand the AI tech stack Read More »
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers 2025-06-15 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053) For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools 2025-06-14 at 12:17 By Zeljka Zorz OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest
Kali Linux 2025.2 delivers Bloodhound CE, CARsenal, 13 new tools Read More »
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) 2025-06-13 at 15:22 By Zeljka Zorz A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened in January and early February 2025. “We
iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200) Read More »
Unpacking the security complexity of no-code development platforms 2025-06-13 at 09:02 By Mirko Zorz In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go far
Unpacking the security complexity of no-code development platforms Read More »
What CISOs need to know about agentic AI 2025-06-13 at 08:34 By Anamarija Pogorelec GenAI has been the star of the show lately. Tools like ChatGPT impressed everyone with how well they can summarize, write, and respond. But something new is gaining ground: agentic AI. These systems don’t just answer questions. They make decisions, take
What CISOs need to know about agentic AI Read More »
Security flaws in government apps go unpatched for years 2025-06-13 at 08:02 By Help Net Security 78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw
Security flaws in government apps go unpatched for years Read More »
19 ways to build zero trust: NIST offers practical implementation guide 2025-06-13 at 07:32 By Sinisa Markovic The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled Implementing a Zero Trust Architecture (SP 1800‑35), includes 19 example setups using
19 ways to build zero trust: NIST offers practical implementation guide Read More »
New infosec products of the week: June 13, 2025 2025-06-13 at 07:00 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from Contrast Security, Cymulate, Lemony, SpecterOps, Thales, and Vanta. Lemony mitigates privacy and compliance risks associated with cloud-based AI With Lemony, different teams can run their
New infosec products of the week: June 13, 2025 Read More »
Researchers warn of ongoing Entra ID account takeover campaign 2025-06-12 at 19:50 By Zeljka Zorz Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release
Researchers warn of ongoing Entra ID account takeover campaign Read More »
LockBit panel data leak shows Chinese orgs among the most targeted 2025-06-12 at 17:17 By Zeljka Zorz The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate panel has revealed. From that sum, the operators took their 20%
LockBit panel data leak shows Chinese orgs among the most targeted Read More »
Identifying high-risk APIs across thousands of code repositories 2025-06-12 at 16:02 By Mirko Zorz In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from code before
Identifying high-risk APIs across thousands of code repositories Read More »
Cybercriminals are turning stolen data into a thriving black market 2025-06-12 at 09:18 By Help Net Security Cybercriminals are stealing data and running full-scale businesses around it. Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report reveals how personal data is now a core currency in the underground economy. Data is the product Cybercriminals go
Cybercriminals are turning stolen data into a thriving black market Read More »
Want fewer security fires to fight? Start with threat modeling 2025-06-12 at 09:01 By Mirko Zorz CISOs understand that threat modeling helps teams identify risks early and build safer systems. But outside the security org, the value isn’t always clear. When competing for budget or board attention, threat modeling often loses out to more visible
Want fewer security fires to fight? Start with threat modeling Read More »
Build a mobile hacking rig with a Pixel and Kali NetHunter 2025-06-12 at 08:32 By Mirko Zorz A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck
Build a mobile hacking rig with a Pixel and Kali NetHunter Read More »