cnspec: Open-source, cloud-native security and policy project 2025-11-24 at 08:32 By Sinisa Markovic cnspec is an open source tool that helps when you are trying to keep a sprawling setup of clouds, containers, APIs and endpoints under control. It checks security and compliance across all of it, which makes it easier to see what needs […]
cnspec: Open-source, cloud-native security and policy project Read More »
The privacy tension driving the medical data shift nobody wants to talk about 2025-11-24 at 08:02 By Anamarija Pogorelec Most people assume their medical data sits in quiet storage, protected by familiar rules. That belief gives a sense of safety, but new research argues that the world around healthcare data has changed faster than the
The privacy tension driving the medical data shift nobody wants to talk about Read More »
What happens when vulnerability scores fall apart? 2025-11-24 at 07:54 By Anamarija Pogorelec Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A system that
What happens when vulnerability scores fall apart? Read More »
Email blind spots are back to bite security teams 2025-11-24 at 07:04 By Anamarija Pogorelec The threat landscape is forcing CISOs to rethink what they consider normal. The latest Cybersecurity Report 2026 by Hornetsecurity, based on analysis of more than 70 billion emails and broad threat telemetry, shows attackers adopting automation, AI driven social engineering,
Email blind spots are back to bite security teams Read More »
Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach 2025-11-23 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The tech that turns supply chains from brittle to unbreakable In this Help Net Security interview, Sev Kelian, CISO and VP
Salesforce Gainsight compromise: Early findings and customer guidance 2025-11-21 at 14:16 By Zeljka Zorz In the wake of Salesforce’s announcement about “unusual activity involving Gainsight-published applications” and the company’s revocation of access and refresh tokens associated with them, Gainsight has been doing a good job keeping customers updated on current investigation findings. On the status
Salesforce Gainsight compromise: Early findings and customer guidance Read More »
Research shows identity document checks are missing key signals 2025-11-21 at 10:06 By Anamarija Pogorelec Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep
Research shows identity document checks are missing key signals Read More »
How one quick AI check can leak your company’s secrets 2025-11-21 at 08:30 By Help Net Security In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production source code with a public AI tool. The tool learned from the
How one quick AI check can leak your company’s secrets Read More »
What insurers really look at in your identity controls 2025-11-21 at 08:30 By Anamarija Pogorelec Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are entering a market that rewards maturity and penalizes gaps that once passed without scrutiny.
What insurers really look at in your identity controls Read More »
Convenience culture is breaking personal security 2025-11-21 at 08:30 By Anamarija Pogorelec AI is changing how scams are built, shared, and trusted. A new global survey from Bitdefender shows how far the problem has spread. AI is helping scams evolve faster than people can respond Over seven in ten consumers encountered some form of scam
Convenience culture is breaking personal security Read More »
New infosec products of the week: November 21, 2025 2025-11-21 at 07:01 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack. Kentik AI Advisor brings intelligence and automation to network design and operations Kentik has launched the Kentik AI
New infosec products of the week: November 21, 2025 Read More »
Salesforce investigates new incident echoing Salesloft Drift compromise 2025-11-20 at 23:14 By Zeljka Zorz In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. “Our investigation indicates this activity may have enabled unauthorized access to certain customers’ Salesforce data
Salesforce investigates new incident echoing Salesloft Drift compromise Read More »
Security gap in Perplexity’s Comet browser exposed users to system-level attacks 2025-11-20 at 17:56 By Zeljka Zorz There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s
Security gap in Perplexity’s Comet browser exposed users to system-level attacks Read More »
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices 2025-11-20 at 15:03 By Zeljka Zorz A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. Multi-stage delivery Dubbed DigitStealer by Jamf researchers, this threat is unusually sophisticated. Before
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices Read More »
Is your password manager truly GDPR compliant? 2025-11-20 at 08:34 By Sinisa Markovic Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security teams rush to uncover who had access, how those passwords were stored and whether sensitive data
Is your password manager truly GDPR compliant? Read More »
Google Play Store’s privacy practices still confuse Android users 2025-11-20 at 08:05 By Sinisa Markovic Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play Store, those privacy sections often leave people scratching their heads. A new study looks at
Google Play Store’s privacy practices still confuse Android users Read More »
BlueCodeAgent helps developers secure AI-generated code 2025-11-20 at 08:05 By Sinisa Markovic When AI models generate code, they deliver power and risk at the same time for security teams. That tension is at the heart of the new tool called BlueCodeAgent, designed to help developers and security engineers defend against code-generation threats. Why code generation
BlueCodeAgent helps developers secure AI-generated code Read More »
The confidence trap holding security back 2025-11-20 at 07:37 By Anamarija Pogorelec Security leaders often feel prepared for a major cyber incident, but performance data shows a different reality. Teams continue to miss key steps during practice scenarios, and the gap between confidence and capability keeps growing. Findings from Immersive’s Cyber Workforce Benchmark Report show
The confidence trap holding security back Read More »
When IT fails, OT pays the price 2025-11-20 at 07:02 By Anamarija Pogorelec State groups, criminal crews, and hybrid operators are all using familiar IT entry points to reach systems that support industrial processes, according to the latest Operational Technology Threat Report from Trellix. The report covers attacks observed from April through September 2025 and
When IT fails, OT pays the price Read More »
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp 2025-11-19 at 19:03 By Nathaniel Morales, John Basmayor, and Nikita Kazymirskyi Trustwave SpiderLabs researchers have recently identified a banking Trojan we dubbed Eternidade Stealer, which is distributed through WhatsApp hijacking and social engineering lures. In this blog post, we will break down the techniques used in the
SpiderLabs IDs New Banking Trojan Distributed Through WhatsApp Read More »