TikTok videos + ClickFix tactic = Malware infection 2025-05-23 at 15:53 By Zeljka Zorz Malware peddlers are using TikTok videos and the ClickFix tactic to trick users into installing infostealer malware on their computers, Trend Micro researchers have warned. The videos are getting published by a number of TikTok user accounts, seem AI-made, and are […]
TikTok videos + ClickFix tactic = Malware infection Read More »
DanaBot botnet disrupted, QakBot leader indicted 2025-05-23 at 14:17 By Zeljka Zorz Operation Endgame, mounted by law enforcement and judicial authorities from the US, Canada and the EU, continues to deliver positive results by disrupting the DanaBot botnet and indicting the leaders of both the DanaBot and Qakbot Malware-as-a-Service operations. Operation Endgame 2.0 Coordinated by
DanaBot botnet disrupted, QakBot leader indicted Read More »
Is privacy becoming a luxury? A candid look at consumer data use 2025-05-23 at 09:02 By Mirko Zorz In this Help Net Security interview, Dr. Joy Wu, Assistant Professor, UBC Sauder School of Business, discusses the psychological and societal impacts of data monetization, why current privacy disclosures often fall short, and what it will take
Is privacy becoming a luxury? A candid look at consumer data use Read More »
Outsourcing cybersecurity: How SMBs can make smart moves 2025-05-23 at 08:32 By Anamarija Pogorelec Outsourcing cybersecurity can be a practical and affordable option. It allows small businesses to get the protection they need without straining their budgets, freeing up time and resources to focus on core operations. 76% of SMBs lack the in-house skills to
Outsourcing cybersecurity: How SMBs can make smart moves Read More »
Digital trust is cracking under the pressure of deepfakes, cybercrime 2025-05-23 at 08:02 By Help Net Security 69% of global respondents to a Jumio survey say AI-powered fraud now poses a greater threat to personal security than traditional forms of identity theft. This number rises to 74% in Singapore, with 71% also indicating that AI-generated
Digital trust is cracking under the pressure of deepfakes, cybercrime Read More »
Shift left strategy creates heavy burden for developers 2025-05-23 at 07:32 By Help Net Security While 47% of organizations claim to have implemented shift left security strategies, many still struggle with execution gaps and security inefficiencies, according to Pynt. Of those who haven’t implemented shift left, half of them have no plans to do so
Shift left strategy creates heavy burden for developers Read More »
New infosec products of the week: May 23, 2025 2025-05-23 at 07:01 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from Anchore, Cyble, Outpost24, and ThreatMark. Outpost24 simplifies threat analysis with AI-enhanced summaries Outpost24 announced the addition of AI-enhanced summaries to the Digital Risk Protection (DRP)
New infosec products of the week: May 23, 2025 Read More »
Unpatched Windows Server vulnerability allows full domain compromise 2025-05-22 at 18:45 By Zeljka Zorz A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The [“BadSuccessor”] attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server
Unpatched Windows Server vulnerability allows full domain compromise Read More »
Signal blocks Microsoft Recall from screenshotting conversations 2025-05-22 at 14:01 By Zeljka Zorz Signal has released a new version of its end-to-end encrypted communication app for Windows that prevents Microsoft Recall and users from screenshotting text-based conversations happening in the app. The new “Screen security” setting is enabled by default and can be easily disabled
Signal blocks Microsoft Recall from screenshotting conversations Read More »
The hidden gaps in your asset inventory, and how to close them 2025-05-22 at 09:06 By Mirko Zorz In this Help Net Security interview, Tim Grieveson, CSO at ThingsRecon, breaks down the first steps security teams should take to regain visibility, the most common blind spots in asset discovery, and why context should drive risk
The hidden gaps in your asset inventory, and how to close them Read More »
CTM360 report: Ransomware exploits trust more than tech 2025-05-22 at 08:35 By Anamarija Pogorelec A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in through misplaced trust and weak identity safeguards. This
CTM360 report: Ransomware exploits trust more than tech Read More »
Many rush into GenAI deployments, frequently without a security net 2025-05-22 at 08:03 By Help Net Security 70% percent of organizations view the pace of AI development, particularly in GenAI, as the leading security concern related to its adoption, followed by lack of data integrity (64%) and trustworthiness (57%), according to Thales. GenAI becomes a
Many rush into GenAI deployments, frequently without a security net Read More »
Review: CompTIA Network+ Study Guide, 6th Edition 2025-05-22 at 07:31 By Mirko Zorz If you’re planning to tackle the CompTIA Network+ certification (N10-009), chances are you’ve already come across the name Todd Lammle. A long-established authority in the networking and certification world, Lammle, along with co-author Jon Buhagiar, returns with the sixth edition of the
Review: CompTIA Network+ Study Guide, 6th Edition Read More »
Be careful what you share with GenAI tools at work 2025-05-22 at 07:04 By Sinisa Markovic We use GenAI at work to make tasks easier, but are we aware of the risks? According to Netskope, the average organization now shares more than 7.7GB of data with AI tools per month, and 75% of enterprise users
Be careful what you share with GenAI tools at work Read More »
Lumma Stealer Malware-as-a-Service operation disrupted 2025-05-21 at 21:21 By Zeljka Zorz A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most significant infostealer threat at the moment. What is Lumma Stealer? Lumma Stealer is Malware-as-a-Service offering beloved by a wide
Lumma Stealer Malware-as-a-Service operation disrupted Read More »
Data-stealing VS Code extensions removed from official Marketplace 2025-05-21 at 16:19 By Zeljka Zorz Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that install malware that steals cryptocurrency wallet credentials. “Based on shared infrastructure and obfuscation characteristics, we attribute all three
Data-stealing VS Code extensions removed from official Marketplace Read More »
Trustwave SpiderLabs Report Highlights Ransomware and Dark Web Dangers for the Hospitality Sector 2025-05-21 at 16:07 By New Trustwave SpiderLabs report reveals rising ransomware and dark web risks for hotels. Understand the dark web connection and key vulnerabilities in the hospitality sector. Arm your hospitality business against evolving travel scams & ransomware – download the
Hospitality Under Attack: New Trustwave Report Highlights Cybersecurity Challenges in 2025 2025-05-21 at 16:07 By As the summer travel season approaches, travelers worldwide are busy booking their holidays, entrusting the hospitality industry with some of their most sensitive personal and financial information. Unfortunately, this makes the sector a prime target for threat actors looking to
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) 2025-05-21 at 13:32 By Zeljka Zorz A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. The
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) Read More »
What good threat intelligence looks like in practice 2025-05-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Anuj Goel, CEO of Cyware, discusses how threat intelligence is no longer a nice to have, it’s a core cyber defense requirement. But turning intelligence into action remains a challenge for many organizations. The path
What good threat intelligence looks like in practice Read More »