News

UK’s new Cyber Security and Resilience Bill targets weak links in critical services

critical infrastructure, cyber resilience, data center, Don't miss, energy sector, healthcare, Hot stuff, legislation, MSP, News, public sector, transportation, UK /

UK’s new Cyber Security and Resilience Bill targets weak links in critical services 2025-11-12 at 18:17 By Zeljka Zorz The UK government has introduced the Cyber Security and Resilience Bill, a major piece of legislation designed to boost the country’s protection against cyber threats. The new law aims to strengthen the digital defenses of essential […]

UK’s new Cyber Security and Resilience Bill targets weak links in critical services Read More »

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215)

Don't miss, Hot stuff, Immersive, Ivanti, Microsoft, MS Office, News, Patch Tuesday, Rapid7, security update, Trend Micro, Windows /

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) 2025-11-12 at 14:44 By Zeljka Zorz Microsoft has delivered a rather light load of patches for November 2025 Patch Tuesday: some 60+ vulnerabilities have received a fix, among them an actively exploited Windows Kernel flaw (CVE-2025-62215). CVE-2025-62215 CVE-2025-62215 is a memory corruption issue that stems

Patch Tuesday: Microsoft fixes actively exploited Windows kernel vulnerability (CVE-2025-62215) Read More »

Shadow AI risk: Navigating the growing threat of ungoverned AI adoption

Delinea, Don't miss, Hot stuff, News, report /

Shadow AI risk: Navigating the growing threat of ungoverned AI adoption 2025-11-12 at 10:44 By Help Net Security AI is transforming how businesses operate, but it’s also creating new, often hidden risks. As employees and business units eagerly embrace and experiment with AI solutions, many organizations are losing control over where and how AI is

Shadow AI risk: Navigating the growing threat of ungoverned AI adoption Read More »

ProxyBridge: Open-source proxy routing for Windows applications

Don't miss, GitHub, News, open source, Proxy, software, Windows /

ProxyBridge: Open-source proxy routing for Windows applications 2025-11-12 at 10:44 By Sinisa Markovic ProxyBridge is a lightweight, open-source tool that lets Windows users route network traffic from specific applications through SOCKS5 or HTTP proxies. It can redirect both TCP and UDP traffic and gives users the option to route, block, or allow connections on a

ProxyBridge: Open-source proxy routing for Windows applications Read More »

Autonomous AI could challenge how we define criminal behavior

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, LLMs, News, research /

Autonomous AI could challenge how we define criminal behavior 2025-11-12 at 10:44 By Sinisa Markovic Whether we ever build AI that thinks like a person is still uncertain. What seems more realistic is a future with more independent machines. These systems already work across many industries and digital environments. Alongside human-to-human and human-to-machine contact, communication

Autonomous AI could challenge how we define criminal behavior Read More »

AI is forcing boards to rethink how they govern security

agentic AI, boardroom, CISO, cyber risk, cybersecurity, Google Cloud, News, report, security metrics, security ROI, strategy /

AI is forcing boards to rethink how they govern security 2025-11-12 at 10:44 By Anamarija Pogorelec Boards are spending more time on cybersecurity but still struggle to show how investments improve business performance. The focus has shifted from whether to fund protection to how to measure its return and ensure it supports growth. AI, automation,

AI is forcing boards to rethink how they govern security Read More »

When every day is threat assessment day

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, financial industry, generative AI, Hot stuff, Insurance, News, Sammons Financial Group, strategy, threat, threats /

When every day is threat assessment day 2025-11-12 at 09:00 By Mirko Zorz In this Help Net Security interview, Paul J. Mocarski, VP & CISO at Sammons Financial Group, discusses how insurance carriers are adapting their cybersecurity strategies. He explains how ongoing threat assessments, AI-driven automation, and third-party risk management help maintain readiness. Mocarski also

When every day is threat assessment day Read More »

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

0-day, CISA, CVE, Don't miss, Government, Hot stuff, News, Palo Alto Networks, Samsung, spyware, vulnerability /

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) 2025-11-11 at 17:38 By Zeljka Zorz CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian agencies to address it by the start of December. “This type of vulnerability is a frequent attack

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) Read More »

GNU Coreutils 9.9 brings fixes and updates across essential tools

Linux, News, open source, software /

GNU Coreutils 9.9 brings fixes and updates across essential tools 2025-11-11 at 16:59 By Anamarija Pogorelec GNU Coreutils is the backbone of many enterprise Linux environments. It provides the basic file, shell, and text utilities that every GNU-based system depends on. The latest release, version 9.9, refines these tools with fixes and performance improvements. Several

GNU Coreutils 9.9 brings fixes and updates across essential tools Read More »

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480)

0-day, Don't miss, file-sharing, Gladinet, Hot stuff, Mandiant, News, remote access /

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) 2025-11-11 at 14:47 By Zeljka Zorz Attackers have exploited a now-fixed vulnerability (CVE-2025-12480) in the Gladinet Triofox secure file sharing and remote access platform while it was still a zero-day, Mandiant revealed on Monday. CVE-2025-12480 exploitation and attack details Gladinet’s Triofox solution is used by medium and large

Attackers exploited another Gladinet Triofox zero-day (CVE-2025-12480) Read More »

How far can police push privacy before it breaks

Amnesty International, Data Protection, Government, law enforcement, News, Privacy, surveillance, Wire /

How far can police push privacy before it breaks 2025-11-11 at 10:29 By Sinisa Markovic Police use drones, body cameras, and license plate readers as part of their daily work. Supporters say these tools make communities safer. Critics see something different, a system that collects too much data and opens the door to abuse. When

How far can police push privacy before it breaks Read More »

Hidden risks in the financial sector’s supply chain

BitSight, CISO, cyber risk, cybersecurity, financial industry, News, report, Risk Management /

Hidden risks in the financial sector’s supply chain 2025-11-11 at 10:29 By Anamarija Pogorelec When a cyber attack hits a major bank or trading platform, attention usually turns to the institution. But new research suggests the real danger may lie elsewhere. BitSight researchers found that many of the technology providers serving the financial sector have

Hidden risks in the financial sector’s supply chain Read More »

CISOs are cracking under pressure

burnout, CISO, cybersecurity, Don't miss, enterprise, Nagomi Security, News, report, strategy /

CISOs are cracking under pressure 2025-11-11 at 10:29 By Sinisa Markovic Cybersecurity leaders are hitting their limit. A new report from Nagomi Security shows that most CISOs are stretched thin, dealing with nonstop incidents, too many tools, and growing pressure from their boards. The pressures are so intense that many say they are burned out

CISOs are cracking under pressure Read More »

To get funding, CISOs are mastering the language of money

Artificial Intelligence, boardroom, CISO, cybersecurity, Don't miss, Features, Hot stuff, investment, News, resilience, Risk Management, security ROI /

To get funding, CISOs are mastering the language of money 2025-11-11 at 09:00 By Mirko Zorz In this Help Net Security interview, Chris Wheeler, CISO at Resilience, talks about how CISOs are managing changing cybersecurity budgets. While overall spending is up, many say the increases don’t match their most pressing needs. Wheeler explains how organizations

To get funding, CISOs are mastering the language of money Read More »

Download: Strengthening Identity Security whitepaper

Don't miss, Enzoic, News, Whitepapers and webinars /

Download: Strengthening Identity Security whitepaper 2025-11-10 at 16:00 By Help Net Security Identity threats are escalating. Attackers increasingly exploit compromised credentials, often undetected by organizations, and use social engineering to gain access. Most companies lack visibility into service account activity and don’t have the tools to detect identity-led threats. New identity security solutions are helping

Download: Strengthening Identity Security whitepaper Read More »

Adopting a counterintelligence mindset in luxury logistics

CISO, cyber risk, cybersecurity, Data Protection, Don't miss, Features, Ferrari Group, Hot stuff, News, resilience, Risk Management, strategy, supply chain, threats, transportation /

Adopting a counterintelligence mindset in luxury logistics 2025-11-10 at 11:28 By Mirko Zorz In this Help Net Security interview, Andrea Succi, Group CISO at Ferrari Group, discusses how cybersecurity is integrated into every aspect of the logistics industry. He explains why protecting data can be as critical as securing physical assets and how a layered

Adopting a counterintelligence mindset in luxury logistics Read More »

How to adopt AI security tools without losing control

Artificial Intelligence, cybersecurity, Don't miss, Fire Mountain Labs, Incident Response, News, risk assessment, security controls, Video /

How to adopt AI security tools without losing control 2025-11-10 at 11:28 By Help Net Security In this Help Net Security video, Josh Harguess, CTO of Fire Mountain Labs, explains how to evaluate, deploy, and govern AI-driven security tools. He talks about the growing role of AI in security operations and the new kinds of

How to adopt AI security tools without losing control Read More »

sqlmap: Open-source SQL injection and database takeover tool

Don't miss, GitHub, News, open source, penetration testing, scanner, scanning, software /

sqlmap: Open-source SQL injection and database takeover tool 2025-11-10 at 11:28 By Sinisa Markovic Finding and exploiting SQL injection vulnerabilities is one of the oldest and most common steps in web application testing. sqlmap streamlines this process. It is an open-source penetration testing tool that automates the detection and exploitation of SQL injection flaws and

sqlmap: Open-source SQL injection and database takeover tool Read More »

AI is rewriting how software is built and secured

Artificial Intelligence, Censuswide, CISO, cybersecurity, Cycode, DevSecOps, News, report, strategy /

AI is rewriting how software is built and secured 2025-11-10 at 11:28 By Anamarija Pogorelec AI has become part of everyday software development, shaping how code is written and how fast products reach users. A new report from Cycode, The 2026 State of Product Security for the AI Era, explores how deeply AI now runs

AI is rewriting how software is built and secured Read More »

Wi-Fi signals may hold the key to touchless access control

authentication, biometrics, cybersecurity, Don't miss, Features, hardware, Hot stuff, Internet of Things, networking, News, Raspberry Pi, research, wireless /

Wi-Fi signals may hold the key to touchless access control 2025-11-10 at 09:00 By Mirko Zorz Imagine walking into a secure building where the door unlocks the moment your hand hovers near it. No keycards, no PINs, no fingerprints. Instead, the system identifies you by the way your palm distorts the surrounding Wi-Fi signal. That

Wi-Fi signals may hold the key to touchless access control Read More »

Scroll to Top