News

Low-tech phishing attacks are gaining ground

email security, News, phishing, report, survey, VIPRE Security /

Low-tech phishing attacks are gaining ground 2025-05-01 at 07:02 By Help Net Security Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis of global real-world data and highlights the most significant email security trends from the first quarter of 2025. Callback […]

React to this headline:

Loading spinner

Low-tech phishing attacks are gaining ground Read More »

Photos: RSAC 2025

Bitdefender, Center for Internet Security, ISC2, News, PlexTrac, PowerDMARC, RSAC 2025, SailPoint, SentinelOne, SkyHawk Security, Stellar Cyber, ThreatLocker /

Photos: RSAC 2025 2025-04-30 at 16:31 By Help Net Security RSAC 2025 Conference is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: PowerDMARC, Skyhawk Security, ThreatLocker, Stellar Cyber, Center for Internet Security, PlexTrac, ISC2, Bitdefender, SentinelOne, and

React to this headline:

Loading spinner

Photos: RSAC 2025 Read More »

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities

apple, Don't miss, Hot stuff, IoT, News, Oligo Security, vulnerability /

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities 2025-04-30 at 16:31 By Zeljka Zorz Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies. “Because AirPlay is a fundamental piece of software for Apple

React to this headline:

Loading spinner

Airplay-enabled devices open to attack via “AirBorne” vulnerabilities Read More »

Download: Edgescan 2025 Vulnerability Statistics Report

Don't miss, Edgescan, News, Whitepapers and webinars /

Download: Edgescan 2025 Vulnerability Statistics Report 2025-04-30 at 16:03 By Help Net Security Edgescan’s 2025 Vulnerability Statistics Report explores risk density patterns across network/device and application layers, uncovers complex vulnerabilities that automated tools consistently miss, and evaluates the real-world effectiveness of leading vulnerability scoring methodologies, including EPSS, CISA KEV, CVSS, and our proprietary EVSS system.

React to this headline:

Loading spinner

Download: Edgescan 2025 Vulnerability Statistics Report Read More »

Property renters targeted in simple BEC scam

BEC scams, Don't miss, France, Hot stuff, News, phishing, Proofpoint, social engineering /

Property renters targeted in simple BEC scam 2025-04-30 at 14:32 By Zeljka Zorz Emails purportedly sent by rental property management firms are being used to steal money from people in France and Canada, Proofpoint researchers have warned. A BEC scam preying on renters “Most campaigns are sent from compromised mailboxes belonging to educational institutions in

React to this headline:

Loading spinner

Property renters targeted in simple BEC scam Read More »

Product showcase: Ledger Flex secure crypto wallet

Crypto, cybersecurity, Don't miss, hardware, Hot stuff, Ledger, News, Product showcase /

Product showcase: Ledger Flex secure crypto wallet 2025-04-30 at 09:02 By Sinisa Markovic The Ledger Flex is a hardware wallet designed for the secure storage of cryptocurrencies and NFTs. It combines security features with a user-friendly interface, making it suitable for both beginners and more experienced users. Ledger Flex stores your private keys offline. This

React to this headline:

Loading spinner

Product showcase: Ledger Flex secure crypto wallet Read More »

Mobile security is a frontline risk. Are you ready?

Android, Endpoint Security, iOS, mobile apps, mobile devices, mobile security, News, report, survey, threats, Zimperium /

Mobile security is a frontline risk. Are you ready? 2025-04-30 at 08:33 By Help Net Security The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary attack surfaces.

React to this headline:

Loading spinner

Mobile security is a frontline risk. Are you ready? Read More »

Villain: Open-source framework for managing and enhancing reverse shells

Don't miss, framework, GitHub, News, open source, software /

Villain: Open-source framework for managing and enhancing reverse shells 2025-04-30 at 08:04 By Mirko Zorz Villain is an open-source Stage 0/1 command-and-control (C2) framework designed to manage multiple reverse TCP and HoaxShell-based shells. Beyond simply handling connections, Villain enhances these shells with added functionality, offering commands and utilities, and allowing for shell sessions sharing across

React to this headline:

Loading spinner

Villain: Open-source framework for managing and enhancing reverse shells Read More »

Securing the invisible: Supply chain security trends

CISO, cybersecurity, Don't miss, Eclypsium, i-confidential, News, supply chain attacks, zero trust /

Securing the invisible: Supply chain security trends 2025-04-30 at 07:34 By Anamarija Pogorelec Adversaries are infiltrating upstream software, hardware, and vendor relationships to quietly compromise downstream targets. Whether it’s a malicious update injected into a CI/CD pipeline, a rogue dependency hidden in open-source code, or tampered hardware components, these attacks bypass traditional defenses by weaponizing

React to this headline:

Loading spinner

Securing the invisible: Supply chain security trends Read More »

Why cyber resilience must be part of every organization’s DNA

Artificial Intelligence, cybersecurity, Don't miss, LevelBlue, News, report, RSAC 2025, survey /

Why cyber resilience must be part of every organization’s DNA 2025-04-30 at 07:05 By Help Net Security As AI brings about excitement and transformative potential, the report reveals that organizations are forging ahead with innovations despite increased security concerns, according to LevelBlue’s 2025 Futures Report. In fact, just 29% of executives surveyed say they are

React to this headline:

Loading spinner

Why cyber resilience must be part of every organization’s DNA Read More »

44% of the zero-days exploited in 2024 were in enterprise solutions

0-day, cyber espionage, Don't miss, enterprise, exploit, Google, government-backed attacks, Hot stuff, News, report, spyware, tips, trends /

44% of the zero-days exploited in 2024 were in enterprise solutions 2025-04-29 at 21:18 By Zeljka Zorz In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks. Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up

React to this headline:

Loading spinner

44% of the zero-days exploited in 2024 were in enterprise solutions Read More »

CISA warns about actively exploited Broadcom, Commvault vulnerabilities

Broadcom, CISA, Commvault, data center, Don't miss, email security, Hot stuff, Japan, News, USA /

CISA warns about actively exploited Broadcom, Commvault vulnerabilities 2025-04-29 at 15:47 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) solutions. CISA’s KEV catalog is constantly updated and provides IT admins

React to this headline:

Loading spinner

CISA warns about actively exploited Broadcom, Commvault vulnerabilities Read More »

Marks & Spencer cyber incident linked to ransomware group

disruption, Don't miss, Europe, Hot stuff, News, Ransomware, Retail, UK /

Marks & Spencer cyber incident linked to ransomware group 2025-04-29 at 14:18 By Zeljka Zorz The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted. The Telegraph’s sources say ransomware was deployed by a unnamed criminal gang. Bleeping Computer’s

React to this headline:

Loading spinner

Marks & Spencer cyber incident linked to ransomware group Read More »

Eyes, ears, and now arms: IoT is alive

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Nabto, News, opinion, regulation /

Eyes, ears, and now arms: IoT is alive 2025-04-29 at 09:36 By Help Net Security I’ve never quite seen anything like this in my two decades of working in the Internet of Things (IoT) space. In just a few years, devices at home and work started including cameras to see and microphones to hear. Now,

React to this headline:

Loading spinner

Eyes, ears, and now arms: IoT is alive Read More »

What’s worth automating in cyber hygiene, and what’s not

1Password, authentication, automation, BitSight, CISO, credentials, cyber hygiene, cybersecurity, Don't miss, enterprise, Features, Hot stuff, News, passwords, patching, strategy, Swimlane, tips /

What’s worth automating in cyber hygiene, and what’s not 2025-04-29 at 09:05 By Mirko Zorz Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. Teams are scattered. Some machines haven’t been rebooted in months. Automation can help. But

React to this headline:

Loading spinner

What’s worth automating in cyber hygiene, and what’s not Read More »

Want faster products and stronger trust? Build security in, not bolt it on

automation, cybersecurity, Don't miss, Features, Group 1001, Hot stuff, Insurance, News, opinion, security metrics /

Want faster products and stronger trust? Build security in, not bolt it on 2025-04-29 at 08:42 By Mirko Zorz In this Help Net Security interview, Christopher Kennedy, CISO at Group 1001, discusses how cybersecurity initiatives are reshaping enterprise cybersecurity strategy. He explains why security must be embedded across IT, business lines, and product development, how

React to this headline:

Loading spinner

Want faster products and stronger trust? Build security in, not bolt it on Read More »

DDoS attacks jump 358% compared to last year

attacks, Cloudflare, cybercrime, cybersecurity, DDoS, Don't miss, News, threats /

DDoS attacks jump 358% compared to last year 2025-04-29 at 08:04 By Mirko Zorz Cloudflare says it mitigated 20.5 million DDoS attacks in the first quarter of 2025. This is a 358% increase compared to the same time last year. Their Q1 2025 DDoS report highlights a rise in the number and size of attacks,

React to this headline:

Loading spinner

DDoS attacks jump 358% compared to last year Read More »

Investing in security? It’s not helping you fix what matters faster

cybersecurity, News, report, Seemplicity, survey, vulnerability management /

Investing in security? It’s not helping you fix what matters faster 2025-04-29 at 07:30 By Help Net Security Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, unstructured workflows, and excessive noise from vulnerability scanning tools continue to slow remediation efforts, leading to

React to this headline:

Loading spinner

Investing in security? It’s not helping you fix what matters faster Read More »

Cybersecurity jobs available right now: April 29, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: April 29, 2025 2025-04-29 at 07:06 By Anamarija Pogorelec Analyst IV – Cybersecurity Carpenter Technology | USA | On-site – View job details As an Analyst IV – Cybersecurity, you will guide IT teams on IAM tasks, including account provisioning, password vaulting, access reviews, and encryption key management. You will

React to this headline:

Loading spinner

Cybersecurity jobs available right now: April 29, 2025 Read More »

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)

Don't miss, enterprise, Government, Hot stuff, News, Onapsis, ReliaQuest, SAP /

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) 2025-04-28 at 13:00 By Zeljka Zorz CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file uploads and code execution. The vulnerability was initially leveraged in zero-day attacks spotted by ReliaQuest

React to this headline:

Loading spinner

Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) Read More »

Scroll to Top