News

September 2025 Patch Tuesday forecast: The CVE matrix

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator […]

React to this headline:

Loading spinner

September 2025 Patch Tuesday forecast: The CVE matrix Read More »

How to reclaim control over your online shopping data

CCPA, cyber risk, cybersecurity, Data Protection, data security, DataGrail, EU, Europe, GDPR, LOKKER, News, online shopping, Privacy, regulation /

How to reclaim control over your online shopping data 2025-09-05 at 09:33 By Sinisa Markovic Online shopping is convenient, saves time, and everything is just a click away. But how often do we stop to think about what happens to the data we leave behind, or the risks that might come with it? Where shopping

React to this headline:

Loading spinner

How to reclaim control over your online shopping data Read More »

File security risks rise as insiders, malware, and AI challenges converge

cyber risk, cybersecurity, Data leak, data security, News, OPSWAT, Ponemon Institute, report, survey /

File security risks rise as insiders, malware, and AI challenges converge 2025-09-05 at 08:42 By Anamarija Pogorelec Breaches tied to file access are happening often, and the costs add up quickly. Many organizations have faced multiple file-related incidents over the last two years, with financial losses stretching into the millions. The fallout often includes stolen

React to this headline:

Loading spinner

File security risks rise as insiders, malware, and AI challenges converge Read More »

Smart ways CISOs can do more with less

BlackLine, CISO, News, security ROI, strategy, tips, Video /

Smart ways CISOs can do more with less 2025-09-05 at 08:05 By Help Net Security In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor partnerships to leveraging AI and making smart investments, she offers actionable advice for maintaining strong

React to this headline:

Loading spinner

Smart ways CISOs can do more with less Read More »

Connected cars are smart, convenient, and open to cyberattacks

connected cars, cybersecurity, hardware, Internet of Things, News, report, RunSafe Security, survey /

Connected cars are smart, convenient, and open to cyberattacks 2025-09-05 at 07:32 By Sinisa Markovic Consumers are concerned about vulnerabilities in their vehicles, which directly impacts purchasing behavior and brand loyalty, according to RunSafe Security. Vehicles now run on over 100 million lines of code, which is more than most fighter jets, but they often

React to this headline:

Loading spinner

Connected cars are smart, convenient, and open to cyberattacks Read More »

CyberFlex: Flexible Pen testing as a Service with EASM

Don't miss, Hot stuff, News, Outpost24, Video /

CyberFlex: Flexible Pen testing as a Service with EASM 2025-09-04 at 16:58 By Help Net Security About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model.

React to this headline:

Loading spinner

CyberFlex: Flexible Pen testing as a Service with EASM Read More »

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Android, Don't miss, Google, Hot stuff, Motorola Solutions, News, Samsung, security update, vulnerability /

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code

React to this headline:

Loading spinner

Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »

LinkedIn expands company verification, mandates workplace checks for certain roles

Don't miss, LinkedIn, News, Privacy, social media /

LinkedIn expands company verification, mandates workplace checks for certain roles 2025-09-04 at 16:00 By Mirko Zorz LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter

React to this headline:

Loading spinner

LinkedIn expands company verification, mandates workplace checks for certain roles Read More »

macOS vulnerability allowed Keychain and iOS app decryption without a password

apple, conferences, CVE, cybersecurity, Don't miss, Hot stuff, macOS, News, security update, vulnerability /

macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the

React to this headline:

Loading spinner

macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

0-day, Don't miss, enterprise, Hot stuff, Mandiant, News, Sitecore, SMBs /

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore

React to this headline:

Loading spinner

Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »

New threat group uses custom tools to hijack search results

China, cybercrime, ESET, News, threats /

New threat group uses custom tools to hijack search results 2025-09-04 at 12:02 By Anamarija Pogorelec ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET)

React to this headline:

Loading spinner

New threat group uses custom tools to hijack search results Read More »

Cutting through CVE noise with real-world threat signals

automation, CVE, cybersecurity, Don't miss, enterprise, News, Nucleus Security, Threat Intelligence, vulnerability management /

Cutting through CVE noise with real-world threat signals 2025-09-04 at 09:02 By Sinisa Markovic CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or

React to this headline:

Loading spinner

Cutting through CVE noise with real-world threat signals Read More »

Attackers are turning Salesforce trust into their biggest weapon

cybersecurity, Don't miss, News, OAuth, report, Salesforce, survey, threats, WithSecure /

Attackers are turning Salesforce trust into their biggest weapon 2025-09-04 at 09:02 By Sinisa Markovic Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this

React to this headline:

Loading spinner

Attackers are turning Salesforce trust into their biggest weapon Read More »

DDoS attacks serve as instruments of political influence and disruption

cybercrime, cybersecurity, DDoS, Netscout, News, report, survey /

DDoS attacks serve as instruments of political influence and disruption 2025-09-04 at 07:02 By Sinisa Markovic In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond

React to this headline:

Loading spinner

DDoS attacks serve as instruments of political influence and disruption Read More »

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise

Cloudflare, credentials, data breach, Don't miss, Hot stuff, News, OAuth, Proofpoint, Rubrik, SaaS, Salesforce, supply chain compromise /

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated

React to this headline:

Loading spinner

Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »

BruteForceAI: Free AI-powered login brute force tool

Artificial Intelligence, cybersecurity, Don't miss, GitHub, LLMs, News, software /

BruteForceAI: Free AI-powered login brute force tool 2025-09-03 at 09:31 By Help Net Security BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically. It

React to this headline:

Loading spinner

BruteForceAI: Free AI-powered login brute force tool Read More »

How gaming experience can help with a cybersecurity career

CAPSLOCK, CompTIA, cybersecurity, cybersecurity jobs, Don't miss, game, Hot stuff, News, online gaming, skill development, strategy, tips, Varonis /

How gaming experience can help with a cybersecurity career 2025-09-03 at 08:41 By Sinisa Markovic Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of

React to this headline:

Loading spinner

How gaming experience can help with a cybersecurity career Read More »

Detecting danger: EASM in the modern security stack

Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, Outpost24, threat, Threat Intelligence /

Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that

React to this headline:

Loading spinner

Detecting danger: EASM in the modern security stack Read More »

Five habits of highly secure development teams

Application Security, DevSecOps, Don't miss, News, Optiv Security, Privacy, software development, Video /

Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the

React to this headline:

Loading spinner

Five habits of highly secure development teams Read More »

AI will drive purchases this year, but not without questions

Arctic Wolf Networks, Artificial Intelligence, cybersecurity, News, report, security operations, SOC, survey /

AI will drive purchases this year, but not without questions 2025-09-03 at 07:04 By Sinisa Markovic AI is moving into security operations, but CISOs are approaching it with a mix of optimism and realism. A new report from Arctic Wolf shows that most organizations are exploring or adopting AI-driven tools, yet many still see risks

React to this headline:

Loading spinner

AI will drive purchases this year, but not without questions Read More »

Scroll to Top