News

Nodepass: Open-source TCP/UDP tunneling solution

cybersecurity, DevOps, Don't miss, GitHub, network monitoring, networking, News, open source, penetration testing, red team, software /

Nodepass: Open-source TCP/UDP tunneling solution 2025-10-20 at 13:18 By Sinisa Markovic When you think of network tunneling, “lightweight” and “enterprise-grade” rarely appear in the same sentence. NodePass, an open-source project, wants to change that. It’s a compact but powerful TCP/UDP tunneling solution built for DevOps teams and system administrators who need to manage complex network […]

React to this headline:

Loading spinner

Nodepass: Open-source TCP/UDP tunneling solution Read More »

Why cybersecurity hiring feels so hard right now

CISO, cybersecurity jobs, Don't miss, News, strategy, tips, Video /

Why cybersecurity hiring feels so hard right now 2025-10-20 at 07:30 By Help Net Security In this Help Net Security video, Carol Lee Hobson, CISO at PayNearMe, explores the realities behind the so-called cybersecurity “talent gap.” She explains why the issue is as much about hiring practices as it is about skills shortages, and offers

React to this headline:

Loading spinner

Why cybersecurity hiring feels so hard right now Read More »

Inside the messy reality of Microsoft 365 management

access control, cybersecurity, identity management, Microsoft 365, MSP, News, report, Syncro /

Inside the messy reality of Microsoft 365 management 2025-10-20 at 07:00 By Anamarija Pogorelec Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 powers

React to this headline:

Loading spinner

Inside the messy reality of Microsoft 365 management Read More »

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days

News, Week in review /

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days 2025-10-19 at 19:21 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a healthcare cybersecurity strategy that works In this Help Net Security interview, Wayman Cummings, CISO at Ochsner Health, talks about

React to this headline:

Loading spinner

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days Read More »

The F5 BIG-IP Source Code Breach

Emerging Threats, News, Vulnerabilities /

The F5 BIG-IP Source Code Breach 2025-10-17 at 20:17 By Karl Sigler On August 9, F5 discovered that multiple systems were compromised by what it is calling a “highly sophisticated nation-state threat actor” who maintained “long-term, persistent access to certain F5 systems”. These included the BIG-IP product development environment and engineering knowledge management platform. That

React to this headline:

Loading spinner

The F5 BIG-IP Source Code Breach Read More »

Microsoft revokes 200 certs used to sign malicious Teams installers

certificates, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, Ransomware /

Microsoft revokes 200 certs used to sign malicious Teams installers 2025-10-17 at 15:59 By Zeljka Zorz By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on

React to this headline:

Loading spinner

Microsoft revokes 200 certs used to sign malicious Teams installers Read More »

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)

0-day, Cisco, Don't miss, exploit, Hot stuff, News, rootkits, Trend Micro /

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) 2025-10-17 at 15:29 By Zeljka Zorz Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. “The operation targeted victims running older Linux systems that do not have endpoint detection response solutions,” Trend Micro

React to this headline:

Loading spinner

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) Read More »

A new approach to blockchain spam: Local reputation over global rules

blockchain, cybersecurity, Don't miss, Ethereum, Features, Hot stuff, News, research, spam /

A new approach to blockchain spam: Local reputation over global rules 2025-10-17 at 10:18 By Mirko Zorz Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains

React to this headline:

Loading spinner

A new approach to blockchain spam: Local reputation over global rules Read More »

Inside healthcare’s quiet cybersecurity breakdown

Compliance, cyberattacks, cybersecurity, healthcare, News, OMEGA Systems, report, risk /

Inside healthcare’s quiet cybersecurity breakdown 2025-10-17 at 08:52 By Anamarija Pogorelec Hospitals, clinics, and care networks continue to treat cybersecurity as a back-office issue, according to the 2025 Healthcare IT Landscape Report from Omega Systems. Security takes a back seat Healthcare IT leaders are juggling competing demands. Rising costs, new privacy regulations, and expanding digital

React to this headline:

Loading spinner

Inside healthcare’s quiet cybersecurity breakdown Read More »

Everyone’s adopting AI, few are managing the risk

Artificial Intelligence, AuditBoard, cyber resilience, cybersecurity, framework, News, report, risk, Risk Management /

Everyone’s adopting AI, few are managing the risk 2025-10-17 at 08:52 By Anamarija Pogorelec AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for the

React to this headline:

Loading spinner

Everyone’s adopting AI, few are managing the risk Read More »

SAP zero-day wake-up call: Why ERP systems need a unified defense

0-day, Don't miss, News, Onapsis, threat detection, Video, vulnerability management /

SAP zero-day wake-up call: Why ERP systems need a unified defense 2025-10-17 at 08:52 By Help Net Security In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they

React to this headline:

Loading spinner

SAP zero-day wake-up call: Why ERP systems need a unified defense Read More »

New infosec products of the week: October 17, 2025

Aura, BitSight, Blumira, Cayosoft, Corelight, Netcraft, News, Picus Security /

New infosec products of the week: October 17, 2025 2025-10-17 at 07:17 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Aura, Bitsight, Blumira, Cayosoft, Corelight, Netcraft, and Picus Security. Picus Security uses AI to turn threat intelligence into attack simulations Picus Security launched new AI-powered

React to this headline:

Loading spinner

New infosec products of the week: October 17, 2025 Read More »

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)

Adobe, CISA, Don't miss, exploit, Hot stuff, News, security update, vulnerability /

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,

React to this headline:

Loading spinner

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »

When trusted AI connections turn hostile

Anaconda, Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research /

When trusted AI connections turn hostile 2025-10-16 at 09:02 By Mirko Zorz Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while staying undetected by

React to this headline:

Loading spinner

When trusted AI connections turn hostile Read More »

Identifying risky candidates: Practical steps for security leaders

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity verification, Insider Threat, News, Nisos, opinion, strategy /

Identifying risky candidates: Practical steps for security leaders 2025-10-16 at 08:32 By Help Net Security Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,

React to this headline:

Loading spinner

Identifying risky candidates: Practical steps for security leaders Read More »

Everyone wants AI, but few are ready to defend it

agentic AI, Artificial Intelligence, Cisco, cybersecurity, monitoring, News, report /

Everyone wants AI, but few are ready to defend it 2025-10-16 at 08:05 By Anamarija Pogorelec The rush to deploy AI is reshaping how companies think about risk, according to Cisco. A global study finds that while most organizations are moving quickly to adopt AI, many are not ready for the pressure it puts on

React to this headline:

Loading spinner

Everyone wants AI, but few are ready to defend it Read More »

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China

cyber espionage, cybersecurity, Don't miss, hardware, industrial robots, News, Privacy, research, vulnerability /

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China 2025-10-16 at 07:33 By Sinisa Markovic Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show

React to this headline:

Loading spinner

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China Read More »

The password problem we keep pretending to fix

Artificial Intelligence, authentication, breach, cybersecurity, identity, identity management, News, report, RSA, zero trust /

The password problem we keep pretending to fix 2025-10-16 at 07:15 By Anamarija Pogorelec Experts across industries say they are still losing ground against identity-related breaches, even after years of investment in stronger access controls, according to RSA. Many said their organizations had faced at least one identity-related breach in recent years, and most of

React to this headline:

Loading spinner

The password problem we keep pretending to fix Read More »

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info

CrowdStrike, data breach, data theft, Don't miss, F5 Networks, Hot stuff, IOActive, Mandiant, NCC Group, NCSC, networking, News, source code /

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info 2025-10-15 at 18:39 By Zeljka Zorz US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed today. BIG-IP vulnerabilities are often

React to this headline:

Loading spinner

F5 data breach: “Nation-state” attackers stole BIG-IP source code, vulnerability info Read More »

Microsoft patches three zero-days actively exploited by attackers

0patch, Don't miss, drivers, Hot stuff, Immersive, Microsoft, Microsoft Exchange, MS Office, News, Patch Tuesday, Tenable, Trend Micro, Windows /

Microsoft patches three zero-days actively exploited by attackers 2025-10-15 at 13:18 By Zeljka Zorz On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827. The actively exploited vulnerabilities are an unusual mix CVE-2025-24990 is in the third-party driver (ltmdm64.sys) for the software-based Agere Modem,

React to this headline:

Loading spinner

Microsoft patches three zero-days actively exploited by attackers Read More »

Scroll to Top