News

Cyber turbulence ahead as airlines strap in for a security crisis

cyber risk, cybersecurity, Don't miss, Hot stuff, News, Prismatic, SecurityScorecard, strategy, Thales, transportation /

Cyber turbulence ahead as airlines strap in for a security crisis 2025-07-21 at 07:35 By Sinisa Markovic Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position […]

React to this headline:

Loading spinner

Cyber turbulence ahead as airlines strap in for a security crisis Read More »

Are your employees using Chinese GenAI tools at work?

Artificial Intelligence, cybersecurity, Data leak, DeepSeek, Harmonic, LLMs, News, report, survey, threats /

Are your employees using Chinese GenAI tools at work? 2025-07-21 at 07:35 By Anamarija Pogorelec Nearly one in 12 employees are using Chinese-developed generative AI tools at work, and they’re exposing sensitive data in the process. That’s according to new research from Harmonic Security, which analyzed the behavior of roughly 14,000 end users in the

React to this headline:

Loading spinner

Are your employees using Chinese GenAI tools at work? Read More »

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770)

0-day, CISA, Don't miss, exploit, Eye Security, Hot stuff, Microsoft, News, Palo Alto Networks, SharePoint /

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770) 2025-07-21 at 00:02 By Zeljka Zorz Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed on Saturday. CVE-2025-53770 is being leveraged to place a backdoor on vulnerable

React to this headline:

Loading spinner

Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770) Read More »

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb

News, Week in review /

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb 2025-07-20 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For the fifth time this year, Google has patched

React to this headline:

Loading spinner

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb Read More »

Why we must go beyond tooling and CVEs to illuminate security blind spots

CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, runZero, vulnerability management /

Why we must go beyond tooling and CVEs to illuminate security blind spots 2025-07-18 at 09:41 By Help Net Security In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs

React to this headline:

Loading spinner

Why we must go beyond tooling and CVEs to illuminate security blind spots Read More »

Making security and development co-owners of DevSecOps

Artificial Intelligence, automation, Compliance, cybersecurity, DevSecOps, Don't miss, Features, G42 Company, Hot stuff, News /

Making security and development co-owners of DevSecOps 2025-07-18 at 09:41 By Mirko Zorz In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips on ownership

React to this headline:

Loading spinner

Making security and development co-owners of DevSecOps Read More »

Buy Now, Pay Later… with your data

data collection, Incogni, News, Privacy, tracking /

Buy Now, Pay Later… with your data 2025-07-18 at 09:35 By Anamarija Pogorelec Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. It’s quick and easy. But behind the convenience is a growing privacy concern that

React to this headline:

Loading spinner

Buy Now, Pay Later… with your data Read More »

AI adoption is booming but secure scaling not so much

Artificial Intelligence, cybersecurity, F5 Networks, News, report, survey /

AI adoption is booming but secure scaling not so much 2025-07-18 at 09:35 By Help Net Security 96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its operations, according to F5. Only 2% of global organizations are highly

React to this headline:

Loading spinner

AI adoption is booming but secure scaling not so much Read More »

New infosec products of the week: July 18, 2025

At-Bay, Immersive, Netscout, News, Socure, Stellar Cyber /

New infosec products of the week: July 18, 2025 2025-07-18 at 07:06 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from At-Bay, Immersive, NETSCOUT, Socure, and Stellar Cyber. Stellar Cyber 6.0.0 enhances automation, workflow intelligence, and user experience The 6.0.0 release builds on Stellar Cyber’s vision

React to this headline:

Loading spinner

New infosec products of the week: July 18, 2025 Read More »

Review: Passwork 7.0, self-hosted password manager for business

authentication, cybersecurity, Don't miss, Hot stuff, News, passwords, Passwork, Review, Reviews, software /

Review: Passwork 7.0, self-hosted password manager for business 2025-07-17 at 13:09 By Help Net Security Over the years, the number of services we use has exploded, and so has the need to protect our credentials. Back in what I like to call “the age of innocence,” we scribbled passwords on paper or reused “password123” across

React to this headline:

Loading spinner

Review: Passwork 7.0, self-hosted password manager for business Read More »

What a mature OT security program looks like in practice

cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, monitoring, News, policy, Risk Management, security standard, strategy, Yokogawa /

What a mature OT security program looks like in practice 2025-07-17 at 09:08 By Mirko Zorz In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program. She outlines the key differences between short-term fixes and long-term resilience, and

React to this headline:

Loading spinner

What a mature OT security program looks like in practice Read More »

Why silent authentication is the smarter way to secure BYOD

authentication, BYOD, CISO, cybersecurity, Don't miss, Hot stuff, News, strategy, tips, Video, Vonage /

Why silent authentication is the smarter way to secure BYOD 2025-07-17 at 09:08 By Help Net Security In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity challenges of BYOD. He breaks down how it works, why it matters, and

React to this headline:

Loading spinner

Why silent authentication is the smarter way to secure BYOD Read More »

Machine unlearning gets a practical privacy upgrade

cybersecurity, Don't miss, EU, Europe, Features, Hot stuff, machine learning, News, Privacy, research /

Machine unlearning gets a practical privacy upgrade 2025-07-17 at 09:08 By Mirko Zorz Machine learning models are everywhere now, from chatbots to credit scoring tools, and they carry traces of the data they were trained on. When someone asks to have their personal data erased under laws like the GDPR, their data also needs to

React to this headline:

Loading spinner

Machine unlearning gets a practical privacy upgrade Read More »

Tired of gaps in your security? These open-source tools can help

cybersecurity, News, open source, SIEM, threat detection /

Tired of gaps in your security? These open-source tools can help 2025-07-17 at 07:42 By Anamarija Pogorelec When it comes to spotting threats, security teams need tools that can pull data from all over and make it easier to analyze. In this article, we’ll take a look at some popular open-source tools that help with

React to this headline:

Loading spinner

Tired of gaps in your security? These open-source tools can help Read More »

What Fortune 100s are getting wrong about cybersecurity hiring

burnout, certification, Don't miss, Expel, News, survey /

What Fortune 100s are getting wrong about cybersecurity hiring 2025-07-17 at 07:42 By Sinisa Markovic Many companies say they can’t find enough cybersecurity professionals. But a new report suggests the real problem isn’t a lack of talent, but how those jobs are structured and advertised. Expel’s 2025 Enterprise Cybersecurity Talent Index looked at more than

React to this headline:

Loading spinner

What Fortune 100s are getting wrong about cybersecurity hiring Read More »

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles

Emerging Threats, News, threat hunting /

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles 2025-07-16 at 21:38 By Nathaniel Morales and John Basmayor KAWA4096, a ransomware whose name includes “Kawa”, the Japanese word for “river”, first emerged in June 2025. This new threat features a leak site that follows the style of the Akira ransomware group, and a ransom note format

React to this headline:

Loading spinner

KAWA4096’s Ransomware Tide: Rising Threat With Borrowed Styles Read More »

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit

backdoor, credentials, Don't miss, Google, Hot stuff, Mandiant, News, SonicWall, vulnerability /

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit 2025-07-16 at 20:54 By Zeljka Zorz Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned. The analysts say UNC6148 – as

React to this headline:

Loading spinner

SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit Read More »

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)

0-day, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, security update /

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) 2025-07-16 at 16:32 By Zeljka Zorz For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a high-severity vulnerability that stems from incorrect validation of untrusted input in ANGLE – the Almost

React to this headline:

Loading spinner

Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) Read More »

Global crackdown hits pro-Russian cybercrime, 100+ systems taken down worldwide

cybercrime, Don't miss, Europol, law enforcement, News, Russian Federation /

Global crackdown hits pro-Russian cybercrime, 100+ systems taken down worldwide 2025-07-16 at 16:03 By Sinisa Markovic In a major blow to pro-Russian cybercrime, authorities across Europe and the United States launched a sweeping international crackdown on the hacking group NoName057(16) between 14 and 17 July. The coordinated operation, codenamed Eastwood and led by Europol and

React to this headline:

Loading spinner

Global crackdown hits pro-Russian cybercrime, 100+ systems taken down worldwide Read More »

Product showcase: Enzoic for Active Directory

Active Directory, credentials, cybersecurity, Don't miss, Enzoic, Hot stuff, monitoring, News, passwords, policy, Product showcase /

Product showcase: Enzoic for Active Directory 2025-07-16 at 08:19 By Help Net Security Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. In essence, it serves as an always-on sentinel for AD, preventing users from choosing compromised or weak passwords

React to this headline:

Loading spinner

Product showcase: Enzoic for Active Directory Read More »

Scroll to Top