News

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or […]

React to this headline:

Loading spinner

Attackers turn trusted OAuth apps into cloud backdoors Read More »

OpenFGA: The open-source engine redefining access control

access control, DevOps, Don't miss, GitHub, News, open source, software, Terraform /

OpenFGA: The open-source engine redefining access control 2025-10-22 at 15:13 By Sinisa Markovic OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers model and enforce fine-grained access control in their applications. At its core, OpenFGA enables teams to define who can do what

React to this headline:

Loading spinner

OpenFGA: The open-source engine redefining access control Read More »

Companies want the benefits of AI without the cyber blowback

Artificial Intelligence, cybersecurity, deepfakes, Europe, ISACA, LLMs, News, regulation, report, resilience, threats /

Companies want the benefits of AI without the cyber blowback 2025-10-22 at 07:19 By Anamarija Pogorelec 51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern

React to this headline:

Loading spinner

Companies want the benefits of AI without the cyber blowback Read More »

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA, Don't miss, GuidePoint Security, Hot stuff, News, PoC, Synacktiv, WatchTowr, Windows, Windows Server /

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog,

React to this headline:

Loading spinner

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

Google introduces agentic threat intelligence for faster, conversational threat analysis

agentic AI, Artificial Intelligence, Google, Google Cloud, Mandiant, News, Threat Intelligence, VirusTotal /

Google introduces agentic threat intelligence for faster, conversational threat analysis 2025-10-21 at 19:00 By Mirko Zorz Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat

React to this headline:

Loading spinner

Google introduces agentic threat intelligence for faster, conversational threat analysis Read More »

Agentic AI security: Building the next generation of access controls

Delinea, Don't miss, Hot stuff, News, report /

Agentic AI security: Building the next generation of access controls 2025-10-21 at 10:03 By Help Net Security As artificial intelligence (AI) solutions continue to evolve, the rise of agentic AI—intelligent systems that can act autonomously on behalf of an organization—presents new security challenges. Research from Delinea’s 2025 AI in Identity Security Demands a New Playbook

React to this headline:

Loading spinner

Agentic AI security: Building the next generation of access controls Read More »

When everything’s connected, everything’s at risk

access control, Brown & Brown, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, supply chain /

When everything’s connected, everything’s at risk 2025-10-21 at 09:02 By Mirko Zorz In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems,

React to this headline:

Loading spinner

When everything’s connected, everything’s at risk Read More »

Your smart building isn’t so smart without security

Claroty, cybersecurity, digital transformation, News, Nozomi Networks, smart building /

Your smart building isn’t so smart without security 2025-10-21 at 08:52 By Sinisa Markovic The lights switch on as you walk in. The air adjusts to your presence. Somewhere in the background, a server notes your arrival. It’s the comfort of a smart building, but that comfort might come with a cost. Smart buildings use

React to this headline:

Loading spinner

Your smart building isn’t so smart without security Read More »

10 data security companies to watch in 2026

Atakama, cybersecurity, data security, Don't miss, Dymium, EchoMark, Hot stuff, HYCU, Knostic, Netzilo, News, NextLabs, Paperclip, SealPath, SideDrawer /

10 data security companies to watch in 2026 2025-10-21 at 08:52 By Sinisa Markovic At Help Net Security, we’ve been tracking the cybersecurity world for nearly three decades. Through our Industry News section, we’ve watched countless companies rise, and push the limits of what’s possible in data protection. Some vendors consistently stand out, not just

React to this headline:

Loading spinner

10 data security companies to watch in 2026 Read More »

AI’s split personality: Solving crimes while helping conceal them

Artificial Intelligence, cybercrime, cybersecurity, digital forensics, Don't miss, generative AI, News, research /

AI’s split personality: Solving crimes while helping conceal them 2025-10-21 at 08:52 By Sinisa Markovic What happens when investigators and cybercriminals start using the same technology? AI is now doing both, helping law enforcement trace attacks while also being tested for its ability to conceal them. A new study from the University of Cagliari digs

React to this headline:

Loading spinner

AI’s split personality: Solving crimes while helping conceal them Read More »

Cybersecurity jobs available right now: October 21, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: October 21, 2025 2025-10-21 at 07:02 By Anamarija Pogorelec CISO Open-Xchange | Germany | Remote – View job details As a CISO, you will lead the development and implementation of security strategies and requirements across the OX Group. You will advise management on information security matters, provide transparent reporting, and

React to this headline:

Loading spinner

Cybersecurity jobs available right now: October 21, 2025 Read More »

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Don't miss, Hot stuff, IIoT, industrial communications, Moxa, network, News, router, vulnerability /

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due

React to this headline:

Loading spinner

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) Read More »

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications /

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics,

React to this headline:

Loading spinner

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Most AI privacy research looks the wrong way

Artificial Intelligence, Carnegie Mellon University, cybersecurity, data security, Don't miss, Features, Hot stuff, LLMs, News, Privacy, research /

Most AI privacy research looks the wrong way 2025-10-20 at 13:19 By Mirko Zorz Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from

React to this headline:

Loading spinner

Most AI privacy research looks the wrong way Read More »

Why ex-military professionals are a good fit for cybersecurity

cybersecurity, cybersecurity jobs, Don't miss, News, NTT DATA Services, SpecterOps, strategy, tips /

Why ex-military professionals are a good fit for cybersecurity 2025-10-20 at 13:19 By Sinisa Markovic After years of working as part of a team, many military veterans look for work that still carries meaning, challenge, and purpose. Cybersecurity offers a new way to serve and protect on a different battlefield. Earlier this year, the Department

React to this headline:

Loading spinner

Why ex-military professionals are a good fit for cybersecurity Read More »

Nodepass: Open-source TCP/UDP tunneling solution

cybersecurity, DevOps, Don't miss, GitHub, network monitoring, networking, News, open source, penetration testing, red team, software /

Nodepass: Open-source TCP/UDP tunneling solution 2025-10-20 at 13:18 By Sinisa Markovic When you think of network tunneling, “lightweight” and “enterprise-grade” rarely appear in the same sentence. NodePass, an open-source project, wants to change that. It’s a compact but powerful TCP/UDP tunneling solution built for DevOps teams and system administrators who need to manage complex network

React to this headline:

Loading spinner

Nodepass: Open-source TCP/UDP tunneling solution Read More »

Why cybersecurity hiring feels so hard right now

CISO, cybersecurity jobs, Don't miss, News, strategy, tips, Video /

Why cybersecurity hiring feels so hard right now 2025-10-20 at 07:30 By Help Net Security In this Help Net Security video, Carol Lee Hobson, CISO at PayNearMe, explores the realities behind the so-called cybersecurity “talent gap.” She explains why the issue is as much about hiring practices as it is about skills shortages, and offers

React to this headline:

Loading spinner

Why cybersecurity hiring feels so hard right now Read More »

Inside the messy reality of Microsoft 365 management

access control, cybersecurity, identity management, Microsoft 365, MSP, News, report, Syncro /

Inside the messy reality of Microsoft 365 management 2025-10-20 at 07:00 By Anamarija Pogorelec Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 powers

React to this headline:

Loading spinner

Inside the messy reality of Microsoft 365 management Read More »

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days

News, Week in review /

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days 2025-10-19 at 19:21 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a healthcare cybersecurity strategy that works In this Help Net Security interview, Wayman Cummings, CISO at Ochsner Health, talks about

React to this headline:

Loading spinner

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days Read More »

Scroll to Top