News

Group Policy abuse reveals China-aligned espionage group targeting governments

APT, China, cybercrime, ESET, Malware, News, surveillance /

Group Policy abuse reveals China-aligned espionage group targeting governments 2025-12-18 at 13:42 By Anamarija Pogorelec ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with […]

Group Policy abuse reveals China-aligned espionage group targeting governments Read More »

More than half of public vulnerabilities bypass leading WAFs

Application Security, cybersecurity, Don't miss, Hot stuff, Miggo Security, News, report, web application security, Whitepapers and webinars /

More than half of public vulnerabilities bypass leading WAFs 2025-12-18 at 13:42 By Help Net Security Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven

More than half of public vulnerabilities bypass leading WAFs Read More »

The soft underbelly of space isn’t in orbit, it’s on the ground

aerospace, CISO, cybersecurity, Don't miss, Features, Hot stuff, KSAT, News, security telemetry, strategy, supply chain, tips /

The soft underbelly of space isn’t in orbit, it’s on the ground 2025-12-18 at 09:08 By Mirko Zorz In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He

The soft underbelly of space isn’t in orbit, it’s on the ground Read More »

Privacy risks sit inside the ads that fill your social media feed

Artificial Intelligence, cyber risk, Don't miss, Facebook, Features, Hot stuff, LLMs, Meta, News, Privacy, research, social media /

Privacy risks sit inside the ads that fill your social media feed 2025-12-18 at 08:34 By Sinisa Markovic Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for

Privacy risks sit inside the ads that fill your social media feed Read More »

Should AI access be treated as a civil right across generations?

Artificial Intelligence, Don't miss, networking, News, research /

Should AI access be treated as a civil right across generations? 2025-12-18 at 08:10 By Sinisa Markovic AI use is expanding faster than the infrastructure that supports it, and that gap is starting to matter for security, resilience, and access. A new position paper argues that access to AI should be treated as an intergenerational

Should AI access be treated as a civil right across generations? Read More »

What cybersecurity leaders are reading to stay ahead

books, cybersecurity, Don't miss, News /

What cybersecurity leaders are reading to stay ahead 2025-12-18 at 07:33 By Anamarija Pogorelec If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on your list is exploring cybersecurity, AI, engineering, or career development, these titles offer something useful for

What cybersecurity leaders are reading to stay ahead Read More »

Cisco email security appliances rooted and backdoored via still unpatched zero-day

APT, backdoor, China, Cisco, cyber espionage, Don't miss, email security, enterprise, Hot stuff, News /

Cisco email security appliances rooted and backdoored via still unpatched zero-day 2025-12-17 at 21:47 By Zeljka Zorz A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that appliances with non-standard

Cisco email security appliances rooted and backdoored via still unpatched zero-day Read More »

Actively exploited SonicWall zero-day patched (CVE-2025-40602)

0-day, Don't miss, Google Cloud, Hot stuff, News, SonicWall, vulnerability /

Actively exploited SonicWall zero-day patched (CVE-2025-40602) 2025-12-17 at 18:46 By Zeljka Zorz SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw is being leveraged by attackers. “This vulnerability was reported to be leveraged in combination

Actively exploited SonicWall zero-day patched (CVE-2025-40602) Read More »

LevelBlue Named Growth Index Leader in MDR by Frost & Sullivan

Managed Detection and Response, News, Reports, Spotlights /

LevelBlue Named Growth Index Leader in MDR by Frost & Sullivan 2025-12-17 at 17:47 By Frost & Sullivan has recognized LevelBlue as a Growth Index leader in the just-released Frost Radar: Managed Detection and Response, 2025. Companies plotted on the Frost Radar are the leaders in the industry for growth, innovation, or both. This article

LevelBlue Named Growth Index Leader in MDR by Frost & Sullivan Read More »

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Arctic Wolf Networks, CISA, Don't miss, firewall, Fortinet, Hot stuff, News, vulnerability /

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) 2025-12-17 at 16:31 By Zeljka Zorz Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday. Configuration files can expose information about

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718) Read More »

LevelBlue Secures a Top Five Spot on MSSP Alert’s 2025 Rankings

Managed Security Services, News, Spotlights /

LevelBlue Secures a Top Five Spot on MSSP Alert’s 2025 Rankings 2025-12-17 at 15:05 By For the second consecutive year, LevelBlue has been named a top-ranked Managed Security Services Provider (MSSP), placing fifth on the prestigious MSSP Alert’s Top MSSP 250 list for 2025. This article is an excerpt from LevelBlue Blog View Original Source

LevelBlue Secures a Top Five Spot on MSSP Alert’s 2025 Rankings Read More »

Why vulnerability reports stall inside shared hosting companies

cybersecurity, Don't miss, Features, Hot stuff, News, research, strategy, tips, vulnerability disclosure, vulnerability management /

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

Banks built rules for yesterday’s crime and RegTech is trying to fix that

Compliance, cybercrime, financial industry, machine learning, News, regulation, research /

Banks built rules for yesterday’s crime and RegTech is trying to fix that 2025-12-17 at 08:32 By Sinisa Markovic Criminals are moving money across borders faster, and financial institutions are feeling the squeeze. Compliance teams feel this strain every day as they try to keep up with schemes that shift through accounts, intermediaries, and digital

Banks built rules for yesterday’s crime and RegTech is trying to fix that Read More »

Zabbix: Open-source IT and OT observability solution

automation, Don't miss, GitHub, monitoring, News, open source, security operations, software /

Zabbix: Open-source IT and OT observability solution 2025-12-17 at 08:08 By Anamarija Pogorelec Zabbix is an open source monitoring platform designed to track the availability, performance, and integrity of IT environments. It monitors networks along with servers, virtual machines, applications, services, databases, websites, and cloud resources. For cybersecurity professionals, this visibility matters because operational issues

Zabbix: Open-source IT and OT observability solution Read More »

How exposure management changes cyber defense

cybersecurity, Don't miss, endpoint management, Endpoint Security, News, SixMap, Video /

How exposure management changes cyber defense 2025-12-17 at 07:36 By Help Net Security In this Help Net Security video, Larry Slusser, VP of Strategy at SixMap, explains why endpoint detection and response is only part of the security story. Drawing on his work as an incident responder, engagement manager, and ransomware negotiator, he describes EDR

How exposure management changes cyber defense Read More »

AI breaks the old security playbook

Artificial Intelligence, CISO, CXO, cybersecurity, Deloitte, News, report /

AI breaks the old security playbook 2025-12-17 at 07:06 By Anamarija Pogorelec AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core infrastructure. Some AI tools reach hundreds of millions of users each week. Inference costs have fallen 280 fold, but overall spending is

AI breaks the old security playbook Read More »

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost

Artificial Intelligence, News, Vulnerabilities /

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost 2025-12-16 at 17:05 By LevelBlue is redefining what clients and partners can expect from a managed security provider.  This article is an excerpt from LevelBlue Blog View Original Source

LevelBlue and Tenable Introduce Unlimited Enterprise-Grade Vulnerability Scanning in USM Platform at No Additional Cost Read More »

European police busts Ukraine scam call centers

Don't miss, EU, Hot stuff, law enforcement, News, scams, Ukraine /

European police busts Ukraine scam call centers 2025-12-16 at 15:25 By Zeljka Zorz Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced today. “The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and

European police busts Ukraine scam call centers Read More »

SoundCloud breached, hit by DoS attacks

data breach, Don't miss, DoS, Hot stuff, News, SoundCloud /

SoundCloud breached, hit by DoS attacks 2025-12-16 at 14:05 By Zeljka Zorz Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages. It

SoundCloud breached, hit by DoS attacks Read More »

The messy data trails of telehealth are becoming a security nightmare

CISO, Compliance, cybersecurity, Data Protection, Don't miss, Features, healthcare, Hot stuff, News, Ro, telehealth /

The messy data trails of telehealth are becoming a security nightmare 2025-12-16 at 09:24 By Mirko Zorz In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems

The messy data trails of telehealth are becoming a security nightmare Read More »

Scroll to Top