Fake AI platforms deliver malware diguised as video content 2025-05-09 at 16:53 By Zeljka Zorz A clever malware campaign delivering the novel Noodlophile malware is targeting creators and small businesses looking to enhance their productivity with AI tools. But, in an unusual twist, the threat actors are not disguising the malware as legitimate software, but […]
Fake AI platforms deliver malware diguised as video content Read More »
Why Offensive Security Is Crucial for Retail Resilience 2025-05-09 at 16:12 By Retail Cyberattacks: How recent incidents highlight the need for proactive security. Offensive Security Tactics: Key strategies to identify and mitigate retail vulnerabilities. DFIR Best Practices: Responding to cyber incidents with speed and precision. The three high-profile UK retailers struck with cyberattacks in the last few weeks
Why Offensive Security Is Crucial for Retail Resilience Read More »
LockBit hacked: What does the leaked data show? 2025-05-09 at 14:33 By Zeljka Zorz The affiliate panel of the infamous LockBit Ransomware-as-a-Service (RaaS) group has been hacked and defaced, showing a link to a MySQL database dump ostensibly containing leaked data relating to the group’s operations: The defaced dark web affiliate panel (Source: Help Net
LockBit hacked: What does the leaked data show? Read More »
What your browser knows about you, from contacts to card numbers 2025-05-09 at 13:06 By Anamarija Pogorelec Chrome and Safari are the most popular browser apps, accounting for 90% of the mobile browsers market share, according to Surfshark. They also collect the most data. Chrome: the most data-hungry browser (Source: Surfshark) The most data-hungry browsers
What your browser knows about you, from contacts to card numbers Read More »
May 2025 Patch Tuesday forecast: Panic, change, and hope 2025-05-09 at 09:11 By Help Net Security April was an event-filled month for cybersecurity. Patch Tuesday came to us quickly on April 8 – the earliest first Tuesday possible in a given month. We again saw large numbers of CVEs addressed with 84 in Windows 11
May 2025 Patch Tuesday forecast: Panic, change, and hope Read More »
Review: AI Agents in Action 2025-05-09 at 08:32 By Mirko Zorz If you’re trying to make sense of how to actually build AI agents, not just talk about them, AI Agents in Action might be for you. About the author Michael Lanham, Lead AI Developer at Brilliant Harvest, is a seasoned software and technology innovator
Review: AI Agents in Action Read More »
Analyze resource-based policy dependencies across your AWS Organizations accounts 2025-05-09 at 08:02 By Help Net Security Managing multiple AWS accounts in an organization can get complicated, especially when trying to understand how services and permissions are connected. The Account Assessment for AWS Organizations open-source tool helps simplify this process by giving you a central place
Analyze resource-based policy dependencies across your AWS Organizations accounts Read More »
Wi-Fi 7 trials show big performance gains for enterprise networks 2025-05-09 at 07:35 By Help Net Security The next generation of wireless technology is getting a real-world test, and the results are promising. Recent trials led by the Wireless Broadband Alliance (WBA), in partnership with AT&T, Intel, and CommScope, show that Wi-Fi 7 delivers a
Wi-Fi 7 trials show big performance gains for enterprise networks Read More »
New infosec products of the week: May 9, 2025 2025-05-09 at 07:12 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from ProcessUnity, Searchlight Cyber, ServiceNow, and Verosint. ServiceNow unveils AI agents to accelerate enterprise self-defense The new AI agents, available within ServiceNow’s Security and Risk solutions,
New infosec products of the week: May 9, 2025 Read More »
The many variants of the ClickFix social engineering tactic 2025-05-08 at 18:50 By Zeljka Zorz As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are trying to refine the two main elements: the lure and the “instruction” page. In the
The many variants of the ClickFix social engineering tactic Read More »
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) 2025-05-08 at 15:38 By Zeljka Zorz SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete vulnerability that was exploited in zero-day attacks in early 2021, and may have also
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819) Read More »
Cisco’s new chip wants to scale quantum computing faster 2025-05-08 at 11:17 By Mirko Zorz Cisco is making significant strides in quantum computing by focusing on quantum networking, aiming to bring practical applications closer to reality. The company recently introduced a prototype of its Quantum Network Entanglement Chip and inaugurated the Cisco Quantum Lab in
Cisco’s new chip wants to scale quantum computing faster Read More »
How agentic AI and non-human identities are transforming cybersecurity 2025-05-08 at 09:03 By Help Net Security Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the fragmentation of human identity management resulting from authorizing a single person’s access to multiple on-premises, cloud
How agentic AI and non-human identities are transforming cybersecurity Read More »
Even the best safeguards can’t stop LLMs from being fooled 2025-05-08 at 08:48 By Mirko Zorz In this Help Net Security interview, Michael Pound, Associate Professor at the University of Nottingham shares his insights on the cybersecurity risks associated with LLMs. He discusses common organizational mistakes and the necessary precautions for securing sensitive data when
Even the best safeguards can’t stop LLMs from being fooled Read More »
Wave of tech layoffs leads to more job scams 2025-05-08 at 08:06 By Sinisa Markovic The tech industry is experiencing significant layoffs, leaving thousands of IT and cybersecurity professionals in search of new employment opportunities. Unfortunately, as these individuals search for new opportunities, scammers are actively preying on them. Losing a job, especially when you
Wave of tech layoffs leads to more job scams Read More »
Global cybersecurity readiness remains critically low 2025-05-08 at 07:34 By Help Net Security Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 Cybersecurity Readiness Index. This is a slight increase from last year’s index, in which 3% of organizations worldwide were designated as
Global cybersecurity readiness remains critically low Read More »
Healthcare workers regularly upload sensitive data to GenAI, cloud accounts 2025-05-08 at 07:02 By Help Net Security Healthcare organizations are facing a growing data security challenge from within, according to a new report from Netskope Threat Labs. The analysis reveals that employees in the sector are frequently attempting to upload sensitive information, including potentially protected
Healthcare workers regularly upload sensitive data to GenAI, cloud accounts Read More »
PoC exploit for SysAid pre-auth RCE released, upgrade quickly! 2025-05-07 at 15:45 By Zeljka Zorz WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind SysAid’s popular IT service management and IT helpdesk solutions – to achieve unauthenticated remote code execution on
PoC exploit for SysAid pre-auth RCE released, upgrade quickly! Read More »
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) 2025-05-07 at 13:03 By Zeljka Zorz Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363) Read More »
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable 2025-05-07 at 09:46 By Mirko Zorz A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. Researchers revealed how the group has scaled its operations to steal
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable Read More »