News

The new battleground for CISOs is human behavior

Artificial Intelligence, cyber resilience, cybersecurity, LevelBlue, News, report, social engineering, threats /

The new battleground for CISOs is human behavior 2025-08-22 at 08:40 By Anamarija Pogorelec Attackers don’t always need a technical flaw. More often, they just trick your people. Social engineering works, and AI makes it harder to catch.” Only about one in four cybersecurity teams are effective at collaborating with the broader business (Source: LevelBlue) […]

React to this headline:

Loading spinner

The new battleground for CISOs is human behavior Read More »

Local governments struggle to defend critical infrastructure as threats grow

Center for Internet Security, critical infrastructure, cyber resilience, cyber risk, cybersecurity, generative AI, Government, News, report, survey, USA /

Local governments struggle to defend critical infrastructure as threats grow 2025-08-22 at 08:03 By Sinisa Markovic A small-town water system, a county hospital, and a local school district may not seem like front-line targets in global conflict, but they are. These organizations face daily cyber attacks, from ransomware to foreign adversaries probing for weak points.

React to this headline:

Loading spinner

Local governments struggle to defend critical infrastructure as threats grow Read More »

DevOps in the cloud and what is putting your data at risk

cloud security, DevOps, Don't miss, GitProtect.io, News, SaaS, strategy, tips, Video /

DevOps in the cloud and what is putting your data at risk 2025-08-22 at 07:33 By Help Net Security In this Help Net Security video, Greg Bak, Head of Product Enablement at GitProtect, walks through some of the biggest security risks DevOps teams are dealing with. He covers how AI tools can introduce vulnerabilities, including

React to this headline:

Loading spinner

DevOps in the cloud and what is putting your data at risk Read More »

New infosec products of the week: August 22, 2025

Doppel, Druva, LastPass, News, StackHawk /

New infosec products of the week: August 22, 2025 2025-08-22 at 07:05 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from Doppel, Druva, LastPass, and StackHawk. StackHawk empowers security teams to expand their API testing coverage StackHawk releaseed LLM-Driven OpenAPI Specifications, a powerful new capability that

React to this headline:

Loading spinner

New infosec products of the week: August 22, 2025 Read More »

Russian threat actors using old Cisco bug to target critical infrastructure orgs

Cisco, critical infrastructure, cyber espionage, Don't miss, FBI, Hot stuff, News, Russian Federation, USA, vulnerability /

Russian threat actors using old Cisco bug to target critical infrastructure orgs 2025-08-21 at 18:07 By Zeljka Zorz A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets

React to this headline:

Loading spinner

Russian threat actors using old Cisco bug to target critical infrastructure orgs Read More »

Introducing D-Fence: MailMarshal’s Advanced Machine Learning Phishing Protection

Artificial Intelligence, email security, News, Tips & Tricks /

Introducing D-Fence: MailMarshal’s Advanced Machine Learning Phishing Protection 2025-08-21 at 16:05 By MailMarshal’s new D-Fence layer uses machine learning to combat sophisticated phishing attacks by analyzing email structure and identifying hidden malicious elements. D-Fence provides next-generation email security by catching 40% more phishing emails that previously went undetected. D-Fence works with URLDeep to deliver powerful

React to this headline:

Loading spinner

Introducing D-Fence: MailMarshal’s Advanced Machine Learning Phishing Protection Read More »

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged

AWS, cloud security, cloud storage, Don't miss, Fog Security, Hot stuff, News /

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged 2025-08-21 at 14:38 By Zeljka Zorz AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3

React to this headline:

Loading spinner

AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged Read More »

Using lightweight LLMs to cut incident response times and reduce hallucinations

Artificial Intelligence, CISO, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, LLMs, News, research, security operations, strategy, Threat Intelligence, tips /

Using lightweight LLMs to cut incident response times and reduce hallucinations 2025-08-21 at 09:03 By Mirko Zorz Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing the risk of hallucinations. Their approach uses a smaller, fine-tuned LLM

React to this headline:

Loading spinner

Using lightweight LLMs to cut incident response times and reduce hallucinations Read More »

Fractional vs. full-time CISO: Finding the right fit for your company

CISO, cybersecurity, Don't miss, Features, Hot stuff, Mandos, News, security controls, strategy /

Fractional vs. full-time CISO: Finding the right fit for your company 2025-08-21 at 08:32 By Mirko Zorz In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s needed. He breaks down common founder misconceptions, explains the right approach to security

React to this headline:

Loading spinner

Fractional vs. full-time CISO: Finding the right fit for your company Read More »

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive

backup, data security, Don't miss, Encryption, hardware, iStorage, News, Product showcase, storage /

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive 2025-08-21 at 08:00 By Anamarija Pogorelec The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 Level 3 certification and operates without the need for software, making it

React to this headline:

Loading spinner

Product showcase: iStorage datAshur PRO+C encrypted USB flash drive Read More »

URL-based threats become a go-to tactic for cybercriminals

cybercrime, cybersecurity, News, phishing, Proofpoint, report, survey /

URL-based threats become a go-to tactic for cybercriminals 2025-08-21 at 07:34 By Help Net Security Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through email, text messages, or collaboration apps, URL-based threats now dominate the cyber threat landscape. Attackers are not

React to this headline:

Loading spinner

URL-based threats become a go-to tactic for cybercriminals Read More »

CISOs need to think about risks before rushing into AI

CISO, cloud security, News, report, security ROI, survey, tips, Unisys /

CISOs need to think about risks before rushing into AI 2025-08-21 at 07:02 By Anamarija Pogorelec Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of 1,000 senior executives shows that business and IT leaders are not always aligned on what

React to this headline:

Loading spinner

CISOs need to think about risks before rushing into AI Read More »

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News /

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) 2025-08-20 at 22:42 By Zeljka Zorz Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable

React to this headline:

Loading spinner

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) Read More »

Alleged Rapper Bot DDoS botnet master arrested, charged

arrest, botnet, DDoS, Don't miss, extortion, Hot stuff, News, USA /

Alleged Rapper Bot DDoS botnet master arrested, charged 2025-08-20 at 21:47 By Zeljka Zorz US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugene, Oregon, is accused of

React to this headline:

Loading spinner

Alleged Rapper Bot DDoS botnet master arrested, charged Read More »

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

Don't miss, exploit, Hot stuff, News, Onapsis, SAP, SAP security, Shadowserver, vulnerability /

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) 2025-08-20 at 19:25 By Zeljka Zorz A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram

React to this headline:

Loading spinner

Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999) Read More »

Password crisis in healthcare: Meeting and exceeding HIPAA requirements

authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, healthcare, HIPAA, Hot stuff, News, passwords, Passwork, regulation /

Password crisis in healthcare: Meeting and exceeding HIPAA requirements 2025-08-20 at 19:25 By Help Net Security In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders

React to this headline:

Loading spinner

Password crisis in healthcare: Meeting and exceeding HIPAA requirements Read More »

Commvault plugs holes in backup suite that allow remote code execution

backup, Commvault, Don't miss, enterprise, Government, Hot stuff, News, WatchTowr /

Commvault plugs holes in backup suite that allow remote code execution 2025-08-20 at 17:33 By Zeljka Zorz Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday by researchers at watchTowr Labs, who

React to this headline:

Loading spinner

Commvault plugs holes in backup suite that allow remote code execution Read More »

The 6 challenges your business will face in implementing MLSecOps

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, News, OpenSSF, opinion, software /

The 6 challenges your business will face in implementing MLSecOps 2025-08-20 at 09:04 By Help Net Security Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps addresses this critical gap in security perimeters by combining AI

React to this headline:

Loading spinner

The 6 challenges your business will face in implementing MLSecOps Read More »

LudusHound: Open-source tool brings BloodHound data to life

cybersecurity, Don't miss, GitHub, News, open source, red team, software, SpecterOps /

LudusHound: Open-source tool brings BloodHound data to life 2025-08-20 at 08:31 By Mirko Zorz LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment using previously gathered BloodHound data. Red teams can use this

React to this headline:

Loading spinner

LudusHound: Open-source tool brings BloodHound data to life Read More »

The AI security crisis no one is preparing for

access management, Artificial Intelligence, Curity, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, Non Human Identities, security controls, strategy, threat /

The AI security crisis no one is preparing for 2025-08-20 at 08:03 By Mirko Zorz In this Help Net Security interview, Jacob Ideskog, CTO of Curity, discusses the risks AI agents pose to organizations. As these agents become embedded in enterprise systems, the potential for misuse, data leakage, and unauthorized access grows. Ideskog warns that

React to this headline:

Loading spinner

The AI security crisis no one is preparing for Read More »

Scroll to Top