CEOs must act now to embrace AI or risk falling behind 2025-02-12 at 06:04 By Help Net Security While 4 out of 5 CEOs recognize AI’s potential, many worry gaps in their understanding will impact strategic decisions, risking missed opportunities and falling behind competitors, according to Cisco. Yet, CEOs are not standing still. With support […]
CEOs must act now to embrace AI or risk falling behind Read More »
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) 2025-02-11 at 22:21 By Zeljka Zorz February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which interfaces
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) Read More »
8Base ransomware group leaders arrested, leak site seized 2025-02-11 at 15:31 By Zeljka Zorz The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware. “Officers from Cyber Crime Investigation Bureau, led by Police
8Base ransomware group leaders arrested, leak site seized Read More »
Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) 2025-02-11 at 12:48 By Zeljka Zorz Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vulnerability (CVE-2025-24200)
Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200) Read More »
Arvest Bank CISO on building a strong cybersecurity culture in banking 2025-02-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, effective reporting, and proactive engagement with associates are key in strengthening security.
Arvest Bank CISO on building a strong cybersecurity culture in banking Read More »
Review: Inside Cyber Warfare, 3rd Edition 2025-02-11 at 07:00 By Mirko Zorz Inside Cyber Warfare, 3rd Edition by Jeffrey Caruso explores how nation-states, corporations, and hackers engage in digital warfare. It offers insights into the intersection of cybersecurity, geopolitics, and emerging technology. About the author Jeffrey Caruso is a globally recognized cybersecurity adviser, author, and
Review: Inside Cyber Warfare, 3rd Edition Read More »
How to detect and disable Apple AirTags that might be tracking you 2025-02-11 at 06:39 By Help Net Security Apple’s AirTags are a convenient way to track personal items like keys and bags, but they also raise concerns about unwanted tracking and stalking. To help users stay safe, Apple has implemented several anti-stalking protections, including
How to detect and disable Apple AirTags that might be tracking you Read More »
Cybersecurity jobs available right now: February 11, 2025 2025-02-11 at 06:02 By Anamarija Pogorelec Application Offensive Security Consultant Sharp Decisions | USA | On-site – View job details As an Application Offensive Security Consultant, you will perform Offensive Security Testing against applications and APIs. Perform application threat hunting to evaluate risk to applications. Perform manual
Cybersecurity jobs available right now: February 11, 2025 Read More »
Trustwave Named a Top 100 Security MSP by CRN for 6th Consecutive Year 2025-02-10 at 17:05 By For the sixth consecutive year, the leading channel publication CRN named Trustwave to its 2025 Managed Service Provider (MSP) 500 list in its Security 100 category. This article is an excerpt from Trustwave Blog View Original Source
Trustwave Named a Top 100 Security MSP by CRN for 6th Consecutive Year Read More »
Malicious ML models found on Hugging Face Hub 2025-02-10 at 15:52 By Zeljka Zorz Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. Once one of them is downloaded and executed on the developer’s machine, the malicious payload checks if
Malicious ML models found on Hugging Face Hub Read More »
February 2025 Patch Tuesday forecast: New directions for AI development 2025-02-10 at 08:02 By Help Net Security The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies
February 2025 Patch Tuesday forecast: New directions for AI development Read More »
Security validation: The new standard for cyber resilience 2025-02-10 at 07:37 By Help Net Security Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the
Security validation: The new standard for cyber resilience Read More »
Political campaigns struggle to balance AI personalization and voter privacy 2025-02-10 at 07:05 By Mirko Zorz In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and
Political campaigns struggle to balance AI personalization and voter privacy Read More »
Beelzebub: Open-source honeypot framework 2025-02-10 at 06:30 By Mirko Zorz Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot. “I created Beelzebub because my research activities require
Beelzebub: Open-source honeypot framework Read More »
Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play 2025-02-09 at 11:11 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys 2025-02-07 at 14:22 By Zeljka Zorz A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating, remediating, and building protections against this activity, we observed an insecure
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys Read More »
Ghidra 11.3 released: New features, performance improvements, bug fixes 2025-02-07 at 07:53 By Help Net Security NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to dissect and examine compiled code across multiple platforms, including Windows, macOS, and Linux. Ghidra 11.3 is
Ghidra 11.3 released: New features, performance improvements, bug fixes Read More »
Infosec pros struggle under growing compliance 2025-02-07 at 07:07 By Help Net Security The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard. The research showed 91% of respondents report feeling concerned about cybersecurity threats to
Infosec pros struggle under growing compliance Read More »
Overconfident execs are making their companies vulnerable to fraud 2025-02-07 at 06:44 By Help Net Security Cyber fraud (which includes activity such as hacking, deepfakes, voice cloning and highly sophisticated phishing schemes) rose by 14% year over year, according to Trustpair. US faces cyber fraud growth The proprietary research, which is based on a survey
Overconfident execs are making their companies vulnerable to fraud Read More »
New infosec products of the week: February 7, 2025 2025-02-07 at 06:11 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Dynatrace, Nymi, Qualys, SafeBreach, and Satori. Qualys TotalAppSec enables organizations to address risks across web applications and APIs Qualys TotalAppSec unifies API security, web
New infosec products of the week: February 7, 2025 Read More »