Invisible IT is becoming the next workplace priority 2025-12-08 at 07:31 By Anamarija Pogorelec IT leaders want their employees to work without running into digital hurdles, but many still struggle with fragmented systems that slow teams down. A new report from Lenovo sheds light on how widespread the problem has become and what organizations can […]
Invisible IT is becoming the next workplace priority Read More »
Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold 2025-12-07 at 11:38 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how
Building the missing layers for an internet of agents 2025-12-05 at 08:59 By Anamarija Pogorelec Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that the current network stack is not prepared for this shift. The work proposes two extra layers
Building the missing layers for an internet of agents Read More »
Data brokers are exposing medical professionals, and turning their personal lives into open files 2025-12-05 at 08:59 By Anamarija Pogorelec Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows how much data about doctors appears online and how easily it can be found.
What security leaders should watch for when companies buy or sell a business 2025-12-05 at 08:59 By Help Net Security In this Help Net Security video, Lane Sullivan SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures. Sullivan talks about the types of risk
What security leaders should watch for when companies buy or sell a business Read More »
New infosec products of the week: December 5, 2025 2025-12-05 at 07:05 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX Vision to block data loss from unapproved AI use BlackFog announced the availability of its
New infosec products of the week: December 5, 2025 Read More »
Malicious Rust packages targeted Web3 developers 2025-12-04 at 17:06 By Zeljka Zorz A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded 7257 times. Another package (uniswap-utils) by the same author
Malicious Rust packages targeted Web3 developers Read More »
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) 2025-12-04 at 14:32 By Zeljka Zorz A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday. The maximum-severity vulnerability was privately reported by Lachlan Davidson and has
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182) Read More »
Smart grids are trying to modernize and attackers are treating it like an invitation 2025-12-04 at 09:05 By Mirko Zorz In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack
Smart grids are trying to modernize and attackers are treating it like an invitation Read More »
A day in the life of the internet tells a bigger story 2025-12-04 at 08:43 By Sinisa Markovic On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by
A day in the life of the internet tells a bigger story Read More »
AI vs. you: Who’s better at permission decisions? 2025-12-04 at 08:04 By Sinisa Markovic A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into rushed
AI vs. you: Who’s better at permission decisions? Read More »
The quantum clock is ticking and businesses are still stuck in prep mode 2025-12-04 at 07:39 By Anamarija Pogorelec Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group (TCG) shows that most
The quantum clock is ticking and businesses are still stuck in prep mode Read More »
Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say 2025-12-03 at 15:24 By Zeljka Zorz A sprawling network that’s seemingly maintained to serve (illegal) online gambling opportunities and deliver malware to Indonesian citizens is likely also being used to provide threat actors command and control (C2) and anonymity services. “The infrastructure has
Global law enforcement actions put pressure on cybercrime networks 2025-12-03 at 08:33 By Sinisa Markovic In 2025, law enforcement agencies disrupted the infrastructure and operations of established cybercriminal groups. These groups shift across borders, and the agencies pursuing them are adjusting to that. International operations target cybercrime rings worldwide US investigators carried out one of
Global law enforcement actions put pressure on cybercrime networks Read More »
Portmaster: Open-source application firewall 2025-12-03 at 08:11 By Anamarija Pogorelec Portmaster is a free and open source application firewall built to monitor and control network activity on Windows and Linux. The project is developed in the EU and is designed to give users stronger privacy without asking them to manage every rule by hand. A
Portmaster: Open-source application firewall Read More »
CISOs are questioning what a crisis framework should look like 2025-12-03 at 07:32 By Anamarija Pogorelec CISOs increasingly assume the next breach is coming. What concerns them most is whether their teams will understand the incident quickly enough to limit the fallout. A recent report by Binalyze looks at how investigation practices are holding up
CISOs are questioning what a crisis framework should look like Read More »
Threat intelligence programs are broken, here is how to fix them 2025-12-03 at 07:12 By Anamarija Pogorelec Security teams often gather large amounts of threat data but still struggle to improve detection or response. Analysts work through long lists of alerts, leaders get unclear insights, and executives see costs that do not lead to better
Threat intelligence programs are broken, here is how to fix them Read More »
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) 2025-12-02 at 16:48 By Zeljka Zorz Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core
MuddyWater cyber campaign adds new backdoors in latest wave of attacks 2025-12-02 at 15:15 By Sinisa Markovic ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign
MuddyWater cyber campaign adds new backdoors in latest wave of attacks Read More »
How a noisy ransomware intrusion exposed a long-term espionage foothold 2025-12-02 at 15:15 By Zeljka Zorz Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might
How a noisy ransomware intrusion exposed a long-term espionage foothold Read More »