Ransomware spreads faster, not smarter 2025-05-14 at 07:00 By Help Net Security The fall of two of the most dominant ransomware syndicates, LockBit and AlphV, triggered a power vacuum across the cybercriminal landscape, acccording to a Black Kite survey. In their place, dozens of new actors emerged, many of them lacking the infrastructure, discipline, or […]
Ransomware spreads faster, not smarter Read More »
Patch Tuesday: Microsoft fixes 5 actively exploited zero-days 2025-05-13 at 23:00 By Zeljka Zorz On May 2025 Patch Tuesday, Microsoft has released security fixes for 70+ vulnerabilities, among them five actively exploited zero-days and two publicly disclosed (but not exploited) vulnerabilities. The zero-days and the publicly disclosed flaws Among the zero-days patched is a memory
Patch Tuesday: Microsoft fixes 5 actively exploited zero-days Read More »
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) 2025-05-13 at 21:48 By Zeljka Zorz Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s product security incident response team has revealed on Tuesday. About CVE-2025-32756 CVE-2025-32756 is a stack-based overflow vulnerability that
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) Read More »
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) 2025-05-13 at 20:31 By Zeljka Zorz Attackers have exploited vulnerabilities in open-source libraries to compromise on-prem Ivanti Endpoint Manager Mobile (EPMM) instances of a “very limited” number of customers, Ivanti has confirmed on Tuesday, and urged customers to install a patch as soon as possible. “The
Ivanti EPMM vulnerabilities exploited in the wild (CVE-2025-4427, CVE-2025-4428) Read More »
Product showcase: Go beyond VPNs and Tor with NymVPN 2025-05-13 at 16:01 By Help Net Security If you care about online privacy, you probably already know: Centralized VPNs and even Tor aren’t enough anymore. Traditional VPNs require you to trust a single company with your internet activity. Even if they promise “no logs,” you’re still
Product showcase: Go beyond VPNs and Tor with NymVPN Read More »
CISOs must speak business to earn executive trust 2025-05-13 at 09:33 By Mirko Zorz In this Help Net Security interview, Pritesh Parekh, VP, CISO at PagerDuty talks about how CISOs can change perceptions of their role, build influence across the organization, communicate risk in business terms, and use automation to support business goals. What do
CISOs must speak business to earn executive trust Read More »
AI vs AI: How cybersecurity pros can use criminals’ tools against them 2025-05-13 at 09:01 By Help Net Security For a while now, AI has played a part in cybersecurity. Now, agentic AI is taking center stage. Based on pre-programmed plans and objectives, agentic AI can make choices which optimize results without a need for
AI vs AI: How cybersecurity pros can use criminals’ tools against them Read More »
Breaking down silos in cybersecurity 2025-05-13 at 08:34 By Help Net Security All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As
Breaking down silos in cybersecurity Read More »
Review: Resilient Cybersecurity 2025-05-13 at 08:01 By Mirko Zorz Resilient Cybersecurity touches on nearly every major function of enterprise cybersecurity, from threat detection and identity management to vendor risk and regulatory compliance. About the author Mark Dunkerley is a cybersecurity and technology leader with over 20 years of experience working in higher education, healthcare and
Review: Resilient Cybersecurity Read More »
UNIDIR Intrusion Path: New framework to analyze ICT environment activities 2025-05-13 at 07:37 By Help Net Security Malicious activity in the ICT environment is growing. However, a non-technical audience often struggle to understand these threats, either because technical explanations are too complex or because media coverage oversimplifies the issues. To help understand and analyze these
UNIDIR Intrusion Path: New framework to analyze ICT environment activities Read More »
Cybersecurity jobs available right now: May 13, 2025 2025-05-13 at 07:01 By Anamarija Pogorelec The post Cybersecurity jobs available right now: May 13, 2025 appeared first on Help Net Security. This article is an excerpt from Help Net Security View Original Source
Cybersecurity jobs available right now: May 13, 2025 Read More »
Law enforcement takes down proxy botnets used by criminals 2025-05-12 at 21:11 By Zeljka Zorz US and Dutch law enforcement, with the help of Lumen researchers, have disrupted 5socks and Anyproxy, two proxy-for-rent services that were used by criminals for ad fraud and DDoS and brute-force attacks (among other things). The domain seizure notice The
Law enforcement takes down proxy botnets used by criminals Read More »
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors 2025-05-12 at 16:07 By Zeljka Zorz A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, opportunistic threat actors who are leveraging previously established webshells (from the first zero-day attack) on vulnerable
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors Read More »
Bluetooth 6.1 released, enhances privacy and power efficiency 2025-05-12 at 10:01 By Help Net Security The Bluetooth Special Interest Group has released Bluetooth 6.1, and one of the most important new features is an update to how devices manage privacy and power. The update, called Bluetooth Randomized RPA (resolvable private address) Updates, helps protect users
Bluetooth 6.1 released, enhances privacy and power efficiency Read More »
Why security teams cannot rely solely on AI guardrails 2025-05-12 at 09:19 By Mirko Zorz In this Help Net Security interview, Dr. Peter Garraghan, CEO of Mindgard, discusses their research around vulnerabilities in the guardrails used to protect large AI models. The findings highlight how even billion-dollar LLMs can be bypassed using surprisingly simple techniques,
Why security teams cannot rely solely on AI guardrails Read More »
How to give better cybersecurity presentations (without sounding like a robot) 2025-05-12 at 08:35 By Mirko Zorz Most people think great presenters are born with natural talent. Luka Krejci, a presentation expert, disagrees. “They are called presentation skills. Skills, not talent,” he says. “Any skill, be it dancing, football, or presenting, can be developed only
How to give better cybersecurity presentations (without sounding like a robot) Read More »
SPIRE: Toolchain of APIs for establishing trust between software systems 2025-05-12 at 08:00 By Help Net Security SPIRE is a graduated project of the Cloud Native Computing Foundation (CNCF). It’s a production-ready implementation of the SPIFFE APIs that handles node and workload attestation to securely issue SVIDs to workloads and verify the SVIDs of other
SPIRE: Toolchain of APIs for establishing trust between software systems Read More »
Layoffs pose a cybersecurity risk: Here’s why offboarding matters 2025-05-12 at 07:39 By Help Net Security In this Help Net Security video, Chase Doelling, Principal Strategist at JumpCloud, discusses the overlooked security risks associated with improper offboarding. Though many organizations focus on securely onboarding new employees, they often overlook the security risks associated with properly
Layoffs pose a cybersecurity risk: Here’s why offboarding matters Read More »
Despite drop in cyber claims, BEC keeps going strong 2025-05-12 at 07:01 By Help Net Security Ransomware claims stabilized in 2024 despite remaining the most costly and disruptive type of cyberattack, according to Coalition. 60% of 2024 claims originated from BEC and funds transfer fraud (FTF) incidents, with 29% of BEC events resulting in FTF.
Despite drop in cyber claims, BEC keeps going strong Read More »
Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast 2025-05-11 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For many cybersecurity professionals, the CVE program is the
Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast Read More »