Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited 2025-05-18 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 Patch Tuesday, Microsoft has released security fixes for […]
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »
Deepfake attacks could cost you more than money 2025-05-16 at 09:04 By Mirko Zorz In this Help Net Security interview, Camellia Chan, CEO at X-PHY, discusses the dangers of deepfakes in real-world incidents, including their use in financial fraud and political disinformation. She explains AI-driven defense strategies and recommends updating incident response plans and internal
Deepfake attacks could cost you more than money Read More »
Polymorphic phishing attacks flood inboxes 2025-05-16 at 08:31 By Help Net Security AI is transforming the phishing threat landscape at a pace many security teams are struggling to match, according to Cofense. In 2024, researchers tracked one malicious email every 42 seconds. Many of the 42-second attacks were part of polymorphic phishing attacks. Unlike traditional
Polymorphic phishing attacks flood inboxes Read More »
Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed 2025-05-16 at 08:08 By Help Net Security The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad
How working in a stressful environment affects cybersecurity 2025-05-16 at 07:48 By Sinisa Markovic Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and decision-making suffer. “From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and
How working in a stressful environment affects cybersecurity Read More »
New infosec products of the week: May 16, 2025 2025-05-16 at 07:02 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from Hunted Labs, McAfee, Obsidian Security, PentestPad, Resecurity, and SecuX. Resecurity One simplifies cybersecurity operations Resecurity One provides real-time cyber threat intelligence from multiple sources, enabling
New infosec products of the week: May 16, 2025 Read More »
Coinbase suffers data breach, gets extorted (but won’t pay) 2025-05-15 at 17:35 By Zeljka Zorz Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering attacks, the company confirmed today by filing a report with the US Securities and Exchange Commission (SEC). The
Coinbase suffers data breach, gets extorted (but won’t pay) Read More »
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers 2025-05-15 at 14:18 By Zeljka Zorz Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to fix a vulnerability that’s reportedly being exploited by attackers. If this advice sounds familiar,
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers Read More »
Russia-linked hackers target webmail servers in Ukraine-related espionage operation 2025-05-15 at 12:01 By Help Net Security ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential
Russia-linked hackers target webmail servers in Ukraine-related espionage operation Read More »
Building cybersecurity culture in science-driven organizations 2025-05-15 at 08:31 By Mirko Zorz In this Help Net Security interview, Anne Sofie Roed Rasmussen, CISO at Novonesis, discusses how a science-driven organization approaches cybersecurity, aligning innovation with protection, measuring cultural progress, managing shadow IT, and earning trust from scientific leaders. How do you measure progress when it
Building cybersecurity culture in science-driven organizations Read More »
Kubernetes has grown up: From testbed to critical infrastructure 2025-05-15 at 08:02 By Help Net Security In this Help Net Security video, Divya Mohan, Principal Technology Advocate at SUSE, discusses how Kubernetes has firmly transitioned from an emerging technology into a core part of enterprise production environments. A new survey from SUSE highlights the latest
Kubernetes has grown up: From testbed to critical infrastructure Read More »
How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World” 2025-05-15 at 07:34 By Mirko Zorz In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her upcoming book Digital Safety in a Dangerous World, which will feature her expert advice, as well
How Kim Crawley challenges big tech in “Digital Safety in a Dangerous World” Read More »
New blockchain security standards target safer ecosystems 2025-05-15 at 07:01 By Help Net Security The Blockchain Security Standards Council (BSSC) launched its first four security standards, marking a significant milestone in the journey towards a more secure and trustworthy blockchain ecosystem. These standards are designed to address critical aspects of blockchain security, elevating trust in
New blockchain security standards target safer ecosystems Read More »
Google strengthens secure enterprise access from BYOD Android devices 2025-05-14 at 19:21 By Zeljka Zorz Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate resources and data. Device Trust from Android Enterprise (Source: Google) What is Device
Google strengthens secure enterprise access from BYOD Android devices Read More »
Nobara Linux 42 brings performance boost and better hardware support 2025-05-14 at 12:08 By Help Net Security The Nobara Project has released a new version of its Linux distribution, bringing updated packages, performance improvements, and a few visual tweaks aimed at making life easier for users who want a system that works well out of
Nobara Linux 42 brings performance boost and better hardware support Read More »
Southwest Airlines CISO on tackling cyber risks in the aviation industry 2025-05-14 at 08:33 By Mirko Zorz In this Help Net Security interview, Carrie Mills, VP and CISO, Southwest Airlines talks about the cybersecurity challenges facing the aviation industry. She explains how being part of critical infrastructure, a major consumer brand, and an airline each
Southwest Airlines CISO on tackling cyber risks in the aviation industry Read More »
Insider risk management needs a human strategy 2025-05-14 at 08:01 By Mirko Zorz Insider risk is not just about bad actors. Most of the time, it’s about mistakes. Someone sends a sensitive file to the wrong address, or uploads a document to their personal cloud to work from home. In many cases, there is no
Insider risk management needs a human strategy Read More »
Cerbos: Open-source, scalable authorization solution 2025-05-14 at 07:34 By Help Net Security Cerbos is an open-source solution designed to simplify and modernize access control for cloud-native, microservice-based applications. Instead of hardcoding authorization logic into your application, Cerbos lets you write flexible, context-aware access policies using a YAML syntax. These policies are managed separately from your
Cerbos: Open-source, scalable authorization solution Read More »
European Vulnerability Database goes live, but who benefits? 2025-05-14 at 07:20 By Mirko Zorz The European Union Agency for Cybersecurity (ENISA) has unveiled the European Vulnerability Database (EUVD), an initiative under the NIS2 Directive aimed at enhancing digital security across the EU. The database serves as a centralized repository offering aggregated and actionable information on
European Vulnerability Database goes live, but who benefits? Read More »