News

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

0-day, APT, BeyondTrust, Don't miss, Hot stuff, News, PostgreSQL, Rapid7 /

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) 2025-02-17 at 15:49 By Zeljka Zorz The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the […]

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) Read More »

Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme

Cryptocurrency, cybercriminals, Don't miss, fraud, Hot stuff, News, scams, US DoJ /

Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme 2025-02-17 at 13:48 By Zeljka Zorz Two Estonian nationals may spend the next 20 years in prison for stealing hundreds of millions of dollars through a massive cryptocurrency Ponzi scheme, the US Department of Justice announced last week. The fraudulent operation “According to court documents, Sergei

Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme Read More »

How CISOs can balance security and business agility in the cloud

access management, CISO, Cloud, cloud security, Cloudera, cybersecurity, Don't miss, Features, Hot stuff, News, opinion /

How CISOs can balance security and business agility in the cloud 2025-02-17 at 08:03 By Mirko Zorz In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating

How CISOs can balance security and business agility in the cloud Read More »

Orbit: Open-source Nuclei security scanning and automation platform

Don't miss, GitHub, News, open source, penetration testing, scanning, software, Terraform /

Orbit: Open-source Nuclei security scanning and automation platform 2025-02-17 at 07:50 By Mirko Zorz Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I built

Orbit: Open-source Nuclei security scanning and automation platform Read More »

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged

News, Week in review /

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged 2025-02-16 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged Read More »

vCISOs are in high demand

CEO, Cyber Defense Group, cybersecurity, News, report, strategy, survey /

vCISOs are in high demand 2025-02-14 at 19:04 By Help Net Security Regardless of job title, 92% of executives stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles, according to Cyber Defense Group.

vCISOs are in high demand Read More »

New GRC and cyber risk strategies emphasize risk adaptability

cyber risk, GRC, MetricStream, News, report, strategy, tips /

New GRC and cyber risk strategies emphasize risk adaptability 2025-02-14 at 18:04 By Help Net Security MetricStream has unveiled its annual forecast of key trends shaping the future of GRC and Cyber GRC. These 2025 predictions offer a roadmap for building resilience strategies, addressing emerging risks, and seizing new opportunities. AI comes of age: risks,

New GRC and cyber risk strategies emphasize risk adaptability Read More »

Pig butchering scams are exploding

Chainalysis, Crypto, cybercrime, fraud, News, report, scams, survey /

Pig butchering scams are exploding 2025-02-14 at 07:03 By Help Net Security 2024 is set to be a record year for scammers who received at least US$9.9 billion in crypto revenues from their illicit activities, according to Chainalysis. This figure is projected to rise to an all-time high of $12.4 billion as ongoing analysis uncovers

Pig butchering scams are exploding Read More »

Inconsistent security strategies fuel third-party threats

cybersecurity, data breach, Imprivata, News, Ponemon Institute, report, survey, third party compromise, threat /

Inconsistent security strategies fuel third-party threats 2025-02-14 at 06:36 By Help Net Security 47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute. Third-party security incidents persist Notably, 64% of respondents say these types of third-party

Inconsistent security strategies fuel third-party threats Read More »

New infosec products of the week: February 14, 2025

Armor, EchoMark, Netwrix, News, Palo Alto Networks, Socure /

New infosec products of the week: February 14, 2025 2025-02-14 at 06:03 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex Cloud applies AI-driven insights to reduce risk and prevent threats Palo Alto

New infosec products of the week: February 14, 2025 Read More »

North Korean hackers spotted using ClickFix tactic to deliver malware

Don't miss, Hot stuff, Malware, News, North Korea, PowerShell, social engineering, Windows /

North Korean hackers spotted using ClickFix tactic to deliver malware 2025-02-13 at 18:34 By Zeljka Zorz North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called “ClickFix” tactic. A relatively new tactic The ClickFix social engineering tactic has been dubbed thus

North Korean hackers spotted using ClickFix tactic to deliver malware Read More »

Sandworm APT’s initial access subgroup hits organizations accross the globe

APT, Don't miss, energy sector, Hot stuff, Microsoft, News, Russian Federation, telecommunications /

Sandworm APT’s initial access subgroup hits organizations accross the globe 2025-02-13 at 15:34 By Zeljka Zorz A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the

Sandworm APT’s initial access subgroup hits organizations accross the globe Read More »

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

Assetnote, Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC, security update /

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) 2025-02-13 at 13:17 By Zeljka Zorz Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is not aware of any malicious exploitation

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108) Read More »

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance

apple, backdoor, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Foresight Cyber, Government, Hot stuff, News, opinion, Privacy, surveillance, UK /

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance 2025-02-13 at 07:30 By Help Net Security The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. This revelation deeply concerns me – it is a blatant

The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance Read More »

Over 3 million Fortune 500 employee accounts compromised since 2022

credentials, cybercrime, Don't miss, Enzoic, Malware, News, report, survey /

Over 3 million Fortune 500 employee accounts compromised since 2022 2025-02-13 at 07:03 By Help Net Security More than three million employee-linked corporate accounts were compromised between 2022 and 2024 across Fortune 500 companies, according to Enzoic. This surge is fueled by the widespread use of corporate email addresses for personal accounts and the growing

Over 3 million Fortune 500 employee accounts compromised since 2022 Read More »

Making sense of database complexity

Data Protection, database management, database security, News, Redgate, report, survey /

Making sense of database complexity 2025-02-13 at 06:03 By Help Net Security IT leaders are grappling with increasingly complex database environments. According to a new survey from Redgate, key concerns include protecting sensitive data, navigating regulatory compliance, and managing the rise of multi-database platforms. 38% of IT teams are concerned about data security and access

Making sense of database complexity Read More »

It’s time to secure the extended digital supply chain

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Illumio, News, opinion, regulation, supply chain /

It’s time to secure the extended digital supply chain 2025-02-12 at 07:35 By Help Net Security Organizations’ increasing reliance on third-party software and services has created an environment with more vulnerabilities and harder-to-detect risks. Attackers know they can increase efficiency and profitability by compromising the supply chain and are focusing their efforts accordingly. The commoditization

It’s time to secure the extended digital supply chain Read More »

SysReptor: Open-source penetration testing reporting platform

Don't miss, GitHub, News, penetration testing, software /

SysReptor: Open-source penetration testing reporting platform 2025-02-12 at 07:05 By Mirko Zorz SysReptor is a customizable open-source penetration testing reporting platform built for pentesters, red teamers, and cybersecurity professionals. You can optimize your workflow by simplifying, automating, and personalizing your reports. “SysReptor is an easy-to-use tool for pentesters and simplifies pentest reporting. Reports are designed

SysReptor: Open-source penetration testing reporting platform Read More »

Silent breaches are happening right now, most companies have no clue

Black Kite, cybersecurity, data breach, News, report, survey /

Silent breaches are happening right now, most companies have no clue 2025-02-12 at 06:33 By Help Net Security The breaches and ransomware attacks of 2024 highlighted systemic vulnerabilities, demonstrating how third-party and fourth-party dependencies amplify risks across industries, according to a Black Kite report. Researchers revealed how silent breaches underscore the risk posed by unseen

Silent breaches are happening right now, most companies have no clue Read More »

Scroll to Top