AI code looks fine until the review starts 2025-12-23 at 08:23 By Anamarija Pogorelec Software teams have spent the past year sorting through a rising volume of pull requests generated with help from AI coding tools. New research puts numbers behind what many reviewers have been seeing during work. The research comes from CodeRabbit and […]
AI code looks fine until the review starts Read More »
Cybersecurity jobs available right now: December 23, 2025 2025-12-23 at 07:06 By Anamarija Pogorelec Application Security Architect ARRISE | UAE | Hybrid – View job details As an Application Security Architect, you will define and mature the application security architecture strategy, standards, and guardrails across products and platforms. You will lead threat modeling and architecture
Cybersecurity jobs available right now: December 23, 2025 Read More »
Docker makes hardened images free open and transparent for everyone 2025-12-22 at 15:09 By Sinisa Markovic Docker has made its open source Docker Hardened Images project available at no cost for every developer and organization. The catalog contains more than 1,000 container images built on open source distributions such as Debian and Alpine and is
Docker makes hardened images free open and transparent for everyone Read More »
574 arrests, $3 million recovered in Africa-wide cybercrime crackdown 2025-12-22 at 15:09 By Anamarija Pogorelec Law enforcement agencies across 19 countries arrested 574 suspects and recovered approximately $3 million during a major cybercrime operation spanning Africa. Suspects were arrested in Ghana in connection to the cyber-fraud case, with over 100 digital devices seized. (Source: Europol)
574 arrests, $3 million recovered in Africa-wide cybercrime crackdown Read More »
WatchGuard Firebox firewalls under attack (CVE-2025-14733) 2025-12-22 at 13:24 By Zeljka Zorz More than 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers, Shadowserver’s latest scanning reveals. About CVE-2025-14733 WatchGuard Firebox firewalls, which also incorporate VPN and unified threat management capabilities, are used
WatchGuard Firebox firewalls under attack (CVE-2025-14733) Read More »
DIG AI: Uncensored darknet AI assistant at the service of criminals and terrorists 2025-12-22 at 13:00 By Help Net Security Resecurity has identified the emergence of uncensored darknet AI assistants, enabling threat actors to leverage advanced data processing capabilities for malicious purposes. One of these – DIG AI – was identified on September 29 of
DIG AI: Uncensored darknet AI assistant at the service of criminals and terrorists Read More »
Building cyber talent through competition, residency, and real-world immersion 2025-12-22 at 09:01 By Mirko Zorz In this Help Net Security interview, Chrisma Jackson, Director of Cybersecurity & Mission Computing Center and CISO at Sandia National Laboratories, reflects on where the cyber talent pipeline breaks down and what it takes to fix it. She discusses skill
Building cyber talent through competition, residency, and real-world immersion Read More »
Browser agents don’t always respect your privacy choices 2025-12-22 at 08:49 By Sinisa Markovic Browser agents promise to handle online tasks without constant user input. They can shop, book reservations, and manage accounts by driving a web browser through an AI model. A new academic study warns that this convenience comes with privacy risks that
Browser agents don’t always respect your privacy choices Read More »
Anubis: Open-source web AI firewall to protect from scraper bots 2025-12-22 at 08:49 By Sinisa Markovic Anubis is an open-source tool designed to protect websites from automated scraping and abusive traffic by adding computational friction before a request is served. Maintained by TecharoHQ, the project targets a growing problem for site operators who want to
Anubis: Open-source web AI firewall to protect from scraper bots Read More »
Session tokens give attackers a shortcut around MFA 2025-12-22 at 07:45 By Help Net Security In this Help Net Security video, Simon Wijckmans, CEO at cside, discusses why session token theft is rising and why security teams miss it. He walks through how web applications rely on browsers to store session tokens after login often
Session tokens give attackers a shortcut around MFA Read More »
NIST issues guidance on securing smart speakers 2025-12-22 at 07:02 By Sinisa Markovic Smart home devices, such as voice-activated digital assistants, are increasingly used in home health care, with risks involved. An attacker could change a prescription, steal medical data, or connect a patient to an impostor. To reduce cybersecurity risks tied to this use,
NIST issues guidance on securing smart speakers Read More »
Week in review: Exploited zero-day in Cisco email security appliances, Kali Linux 2025.4 released 2025-12-21 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How researchers are teaching AI agents to ask for permission the right way People are starting to hand more
AI isn’t one system, and your threat model shouldn’t be either 2025-12-19 at 09:02 By Mirko Zorz In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters,
AI isn’t one system, and your threat model shouldn’t be either Read More »
LLMs work better together in smart contract audits 2025-12-19 at 08:42 By Sinisa Markovic Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of
LLMs work better together in smart contract audits Read More »
Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management 2025-12-19 at 08:24 By Help Net Security NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features
Identity risk is changing faster than most security teams expect 2025-12-19 at 07:35 By Anamarija Pogorelec Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered
Identity risk is changing faster than most security teams expect Read More »
New infosec products of the week: December 19, 2025 2025-12-19 at 07:02 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST built on deep code analysis to eliminate false positives Apiiro introduced Apiiro
New infosec products of the week: December 19, 2025 Read More »
Crypto theft in 2025: North Korean hackers continue to dominate 2025-12-18 at 17:42 By Zeljka Zorz When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed. “North Korean hackers stole $2.02 billion
Crypto theft in 2025: North Korean hackers continue to dominate Read More »
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring 2025-12-18 at 16:12 By Help Net Security Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms
Clipping Scripted Sparrow’s wings: Tracking a global phishing ring Read More »
Microsoft 365 users targeted in device code phishing attacks 2025-12-18 at 16:12 By Zeljka Zorz Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when
Microsoft 365 users targeted in device code phishing attacks Read More »