You can’t audit how AI thinks, but you can audit what it does 2025-10-31 at 08:30 By Mirko Zorz In this Help Net Security interview, Wade Bicknell, Head, IT Security & Operations, CFA Institute, discusses how CISOs can use AI while maintaining security and governance. He explains why AI presents both defensive opportunities and emerging […]
You can’t audit how AI thinks, but you can audit what it does Read More »
Passwordless adoption moves from hype to habit 2025-10-31 at 08:00 By Anamarija Pogorelec With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, organizations are changing how users log in, and new data shows the shift is picking
Passwordless adoption moves from hype to habit Read More »
WhatsApp now lets you secure chat backups with passkeys 2025-10-30 at 15:46 By Anamarija Pogorelec Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, fingerprint, or device screen-lock code. Backups have long been a weak link in messaging-security. Even if chats
WhatsApp now lets you secure chat backups with passkeys Read More »
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) 2025-10-30 at 15:46 By Zeljka Zorz Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band update Last week’s release of an emergency fix for CVE-2025-59287, a Windows Server Update Services (WSUS) remote code execution vulnerability,
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Read More »
How neighbors could spy on smart homes 2025-10-30 at 13:34 By Mirko Zorz Even with strong wireless encryption, privacy in connected homes may be thinner than expected. A new study from Leipzig University shows that someone in an adjacent apartment could learn personal details about a household without breaking any encryption. By monitoring the wireless
How neighbors could spy on smart homes Read More »
Email breaches are the silent killers of business growth 2025-10-30 at 07:16 By Anamarija Pogorelec 78% of organizations were hit by an email breach in the past 12 months, according to the Email Security Breach Report 2025 by Barracuda. Phishing, impersonation, and account takeover continue to drive incidents that often lead to ransomware and data
Email breaches are the silent killers of business growth Read More »
SUSE Linux Enterprise Server 16 puts AI in the operating system 2025-10-30 at 07:16 By Sinisa Markovic SUSE has released SUSE Linux Enterprise Server (SLES) 16, calling it AI-ready and built for long-term use. The release marks the first major update in the Enterprise Server line in more than five years and signals a new
SUSE Linux Enterprise Server 16 puts AI in the operating system Read More »
OpenAI’s gpt-oss-safeguard enables developers to build safer AI 2025-10-29 at 19:07 By Sinisa Markovic OpenAI is releasing a research preview of gpt-oss-safeguard, a set of open-weight reasoning models for safety classification. The models come in two sizes: gpt-oss-safeguard-120b and gpt-oss-safeguard-20b. Both are fine-tuned versions of the gpt-oss open models and available under the Apache 2.0
OpenAI’s gpt-oss-safeguard enables developers to build safer AI Read More »
Sanctions won’t stop cyberattacks, but they can still “bite” 2025-10-29 at 16:58 By Zeljka Zorz Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a group of current and former cybersecurity officials, analysts, and researchers tackled
Sanctions won’t stop cyberattacks, but they can still “bite” Read More »
Python Foundation rejects US government grant earmarked for security improvements 2025-10-29 at 14:23 By Zeljka Zorz The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its community, the programming non-profit announced on Monday. “In January 2025, the PSF
Python Foundation rejects US government grant earmarked for security improvements Read More »
AI agents can leak company data through simple web searches 2025-10-29 at 10:24 By Mirko Zorz When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how that same setup can be used to quietly pull
AI agents can leak company data through simple web searches Read More »
Early reporting helps credit unions stop fraudulent transfers faster 2025-10-29 at 08:48 By Mirko Zorz In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening payment security. As cybercriminals leverage social engineering and AI-driven tactics, Scaffidi explains how innovation
Early reporting helps credit unions stop fraudulent transfers faster Read More »
Scammers target international students by threatening their visa status 2025-10-29 at 08:29 By Sinisa Markovic In 2025, the U.S. government revoked thousands of visas from international students, often without warning or explanation. According to a newly released study, this opened a door for scammers. Posing as government officials, police, or university staff, they took advantage
Scammers target international students by threatening their visa status Read More »
Proximity: Open-source MCP security scanner 2025-10-29 at 08:29 By Mirko Zorz Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule
Proximity: Open-source MCP security scanner Read More »
Product showcase: Syteca – The human-centric insider threat management platform 2025-10-29 at 08:00 By Help Net Security Most organizations think the greatest danger lurks outside their walls. But statistics keep proving otherwise. According to Verizon’s 2025 Data Breach Investigation Report, 60% of breaches involve the human element. The real risk often comes from within –
Product showcase: Syteca – The human-centric insider threat management platform Read More »
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) 2025-10-28 at 19:27 By Zeljka Zorz A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Read More »
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign 2025-10-28 at 16:28 By Zeljka Zorz CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware. An analysis of the malware’s code and the campaign’s infrastructure
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign Read More »
Managing legacy medical devices that can no longer be patched 2025-10-28 at 10:22 By Mirko Zorz In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in healthcare environments. She explains how organizations can protect legacy systems, collaborate with vendors, and
Managing legacy medical devices that can no longer be patched Read More »
Review: The Wireless Cookbook 2025-10-28 at 10:22 By Mirko Zorz The Wireless Cookbook is a project-centered guide to working with Wi-Fi, Bluetooth, and LoRa, written with the Raspberry Pi as the main platform. It is aimed at people who learn through building, experimenting, and breaking things to understand how they work. For security professionals, this
Review: The Wireless Cookbook Read More »
Chain of security weaknesses found in smart air compressor model 2025-10-28 at 10:22 By Sinisa Markovic Contractors and workshops often rely on air compressors to power their tools and keep projects running. But when those compressors are connected to the internet, convenience can introduce new risks. Researchers at George Mason University found that the California
Chain of security weaknesses found in smart air compressor model Read More »