News

Week in review: Cisco fixes critical UCCX flaws, November 2025 Patch Tuesday forecast

News, Week in review /

Week in review: Cisco fixes critical UCCX flaws, November 2025 Patch Tuesday forecast 2025-11-09 at 11:00 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Securing real-time payments without slowing them down In this Help Net Security interview, Arun Singh, CISO at Tyro, discusses what […]

Week in review: Cisco fixes critical UCCX flaws, November 2025 Patch Tuesday forecast Read More »

Attackers upgrade ClickFix with tricks used by online stores

Don't miss, Hot stuff, Malware, News, Push Security, social engineering /

Attackers upgrade ClickFix with tricks used by online stores 2025-11-07 at 15:42 By Zeljka Zorz Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection. Push Security has spotted one of these pages, showing an embedded tutorial

Attackers upgrade ClickFix with tricks used by online stores Read More »

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL?

Adobe, apple, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? 2025-11-07 at 13:28 By Help Net Security October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116

November 2025 Patch Tuesday forecast: Windows Exchange Server EOL? Read More »

What keeps phishing training from fading over time

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, phishing, research, security awareness, strategy, tips, training /

What keeps phishing training from fading over time 2025-11-07 at 13:28 By Mirko Zorz When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to

What keeps phishing training from fading over time Read More »

Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story

automation, CIO, CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Interval Group, News, orchestration, strategy /

Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story 2025-11-07 at 13:28 By Mirko Zorz In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations

Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story Read More »

New infosec products of the week: November 7, 2025

1touch.io, Barracuda Networks, Bitdefender, Forescout, Komodor, News /

New infosec products of the week: November 7, 2025 2025-11-07 at 07:24 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor. Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools Security Data Lake empowers both in-house security teams

New infosec products of the week: November 7, 2025 Read More »

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354)

Cisco, contact center, Don't miss, Hot stuff, News, vulnerability /

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) 2025-11-06 at 17:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root. The good news is that there is currently no evidence of

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) Read More »

SonicWall cloud backup hack was the work of a state actor

backup, cloud security, Don't miss, firewall, Hot stuff, Mandiant, News, SonicWall /

SonicWall cloud backup hack was the work of a state actor 2025-11-06 at 15:30 By Zeljka Zorz Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed). “[The incident] was isolated

SonicWall cloud backup hack was the work of a state actor Read More »

Russia-linked hackers intensify attacks as global APT activity shifts

APT, China, cybercrime, Don't miss, ESET, EU, Europe, News, North Korea, report, Russian Federation /

Russia-linked hackers intensify attacks as global APT activity shifts 2025-11-06 at 14:50 By Anamarija Pogorelec State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran,

Russia-linked hackers intensify attacks as global APT activity shifts Read More »

OpenGuardrails: A new open-source model aims to make AI safer for real-world use

Artificial Intelligence, CISO, cybersecurity, Don't miss, Features, GitHub, Hexnode, Hot stuff, InfluxData, LLMs, News, open source, system hardening /

OpenGuardrails: A new open-source model aims to make AI safer for real-world use 2025-11-06 at 10:28 By Mirko Zorz When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful

OpenGuardrails: A new open-source model aims to make AI safer for real-world use Read More »

Enterprises are losing track of the devices inside their networks

cybersecurity, embedded systems, Forescout, hardware, Internet of Things, News, research, vulnerability management /

Enterprises are losing track of the devices inside their networks 2025-11-06 at 08:37 By Sinisa Markovic Security teams are often surprised when they discover the range and number of devices connected to their networks. The total goes far beyond what appears in agent-based telemetry or old manual asset inventories. Enterprise networks face broader exposure from

Enterprises are losing track of the devices inside their networks Read More »

Humans built the problem, AI just scaled it

Artificial Intelligence, cybersecurity, data loss prevention, data security, email security, News, Proofpoint, report /

Humans built the problem, AI just scaled it 2025-11-06 at 08:04 By Anamarija Pogorelec Information moves across cloud platforms, personal devices, and AI tools, often faster than security teams can track it. Proofpoint’s 2025 Data Security Landscape report shows that most organizations faced data loss last year, usually caused by their own people. With AI

Humans built the problem, AI just scaled it Read More »

What shadow AI means for your company’s security

Artificial Intelligence, cybersecurity, Don't miss, News, risk, Video, XM Cyber /

What shadow AI means for your company’s security 2025-11-06 at 07:45 By Help Net Security In this Help Net Security video, Peled Eldan‏, Head of Research at XM Cyber, explains the hidden risks of shadow AI. He describes how employees often use unapproved AI tools at work to save time or solve problems, even when

What shadow AI means for your company’s security Read More »

Retailers are learning to say no to ransom demands

cybersecurity, Encryption, extortion, News, Ransomware, report, Retail, Sophos /

Retailers are learning to say no to ransom demands 2025-11-06 at 07:45 By Anamarija Pogorelec Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data encryption, recovery costs have dropped, and businesses are bouncing back faster. Yet

Retailers are learning to say no to ransom demands Read More »

Google uncovers malware using LLMs to operate and evade detection

APT, Artificial Intelligence, cybercriminals, data theft, Don't miss, Google, Hot stuff, LLMs, Malware, News, Threat Intelligence /

Google uncovers malware using LLMs to operate and evade detection 2025-11-05 at 20:53 By Zeljka Zorz PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that

Google uncovers malware using LLMs to operate and evade detection Read More »

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)

CISA, Control Web Panel, Don't miss, Fenrisk, FindSec, Hot stuff, Linux, News, vulnerability, web hosting /

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) 2025-11-05 at 14:59 By Zeljka Zorz On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) Read More »

PortGPT: How researchers taught an AI to backport security patches automatically

Artificial Intelligence, automation, Canonical, CISO, cybersecurity, DevSecOps, Don't miss, Features, Git, Hot stuff, Linux, LLMs, News, open source, patching, research, strategy, tips /

PortGPT: How researchers taught an AI to backport security patches automatically 2025-11-05 at 09:07 By Mirko Zorz Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that

PortGPT: How researchers taught an AI to backport security patches automatically Read More »

AI can flag the risk, but only humans can close the loop

Artificial Intelligence, Compliance, cybersecurity, digital forensics, Don't miss, Endpoint Security, EY, Features, machine learning, monitoring, News, third party compromise /

AI can flag the risk, but only humans can close the loop 2025-11-05 at 09:07 By Mirko Zorz In this Help Net Security interview, Dilek Çilingir, Global Forensic & Integrity Services Leader at EY, discusses how AI is transforming third-party assessments and due diligence. She explains how machine learning and behavioral analytics help organizations detect

AI can flag the risk, but only humans can close the loop Read More »

VulnRisk: Open-source vulnerability risk assessment platform

Don't miss, GitHub, News, open source, risk assessment, software, vulnerability management /

VulnRisk: Open-source vulnerability risk assessment platform 2025-11-05 at 09:07 By Anamarija Pogorelec VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights what matters. The tool is free to use and designed for local development and testing. The platform’s scoring engine

VulnRisk: Open-source vulnerability risk assessment platform Read More »

Connected homes: Is bystander privacy anyone’s responsibility?

CCTV, cybersecurity, Don't miss, Features, hardware, Hot stuff, Internet of Things, News, Privacy, research, smart home, surveillance /

Connected homes: Is bystander privacy anyone’s responsibility? 2025-11-05 at 09:07 By Sinisa Markovic Smart doorbells, connected cameras, and home monitoring systems have become common sights on doorsteps and living rooms. They promise safety and convenience, but they also raise a problem. These devices record more than their owners. They capture neighbors, visitors, and anyone passing

Connected homes: Is bystander privacy anyone’s responsibility? Read More »

Scroll to Top