WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) 2025-04-09 at 16:00 By Zeljka Zorz WhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running malicious code. Meta classifies the vulnerability as a spoofing issue that […]
React to this headline:
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) 2025-04-09 at 13:43 By Zeljka Zorz A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged
React to this headline:
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) Read More »
OpenSSL prepares for a quantum future with 3.5.0 release 2025-04-09 at 11:26 By Help Net Security The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and
React to this headline:
OpenSSL prepares for a quantum future with 3.5.0 release Read More »
Why CISOs are doubling down on cyber crisis simulations 2025-04-09 at 09:03 By Mirko Zorz Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting,
React to this headline:
Why CISOs are doubling down on cyber crisis simulations Read More »
Transforming cybersecurity into a strategic business enabler 2025-04-09 at 08:20 By Mirko Zorz In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s overall enterprise
React to this headline:
Transforming cybersecurity into a strategic business enabler Read More »
APTRS: Open-source automated penetration testing reporting system 2025-04-09 at 07:46 By Mirko Zorz APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly in the
React to this headline:
APTRS: Open-source automated penetration testing reporting system Read More »
AI is challenging the geopolitical status quo 2025-04-09 at 07:06 By Help Net Security AI-powered cyberattacks are becoming powerful new weapons. Organizations need to act fast to close the gap between today’s defenses and tomorrow’s threats. These attacks are only going to grow. New data from Armis Labs shows that the threat of AI in
React to this headline:
AI is challenging the geopolitical status quo Read More »
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) 2025-04-08 at 22:16 By Zeljka Zorz April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be – and
React to this headline:
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) Read More »
Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse 2025-04-08 at 16:29 By Serhii Melnyk and Nikita Kazymirskyi In February 2025, the cybersecurity community witnessed an unprecedented leak that exposed the internal operations of Black Basta, a prolific ransomware group. This article is an excerpt from SpiderLabs Blog View Original Source React to this
React to this headline:
Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse Read More »
11 cyber defense tips to stay secure at work and home 2025-04-08 at 16:29 By Help Net Security Cybersecurity is inextricably tied to the technology it protects. Just as technology continues to grow in variety, quantity, and presence in all of our lives, so too does cybersecurity and our personal responsibility for it. You might
React to this headline:
11 cyber defense tips to stay secure at work and home Read More »
Excessive agency in LLMs: The growing risk of unchecked autonomy 2025-04-08 at 08:39 By Help Net Security For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these
React to this headline:
Excessive agency in LLMs: The growing risk of unchecked autonomy Read More »
Observability is security’s way back into the cloud conversation 2025-04-08 at 08:02 By Mirko Zorz In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in
React to this headline:
Observability is security’s way back into the cloud conversation Read More »
Phishing, fraud, and the financial sector’s crisis of trust 2025-04-08 at 08:02 By Anamarija Pogorelec The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. Escalation of phishing attacks While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted
React to this headline:
Phishing, fraud, and the financial sector’s crisis of trust Read More »
Cyberattacks on water and power utilities threaten public safety 2025-04-08 at 07:33 By Help Net Security 62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber
React to this headline:
Cyberattacks on water and power utilities threaten public safety Read More »
Cybersecurity jobs available right now: April 8, 2025 2025-04-08 at 07:00 By Anamarija Pogorelec Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like SonarCloud
React to this headline:
Cybersecurity jobs available right now: April 8, 2025 Read More »
WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) 2025-04-07 at 14:36 By Zeljka Zorz WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About CVE-2025-31334
React to this headline:
WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) Read More »
CISOs battle security platform fatigue 2025-04-07 at 08:31 By Mirko Zorz It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches. Welcome to the age
React to this headline:
CISOs battle security platform fatigue Read More »
The shift to identity-first security and why it matters 2025-04-07 at 08:10 By Mirko Zorz In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in
React to this headline:
The shift to identity-first security and why it matters Read More »
YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection 2025-04-07 at 07:35 By Mirko Zorz YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of
React to this headline:
YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection Read More »
The rise of compromised LLM attacks 2025-04-07 at 07:03 By Help Net Security In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather in how
React to this headline:
The rise of compromised LLM attacks Read More »