News

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)

Adobe, Assetnote, Don't miss, e-commerce, Hot stuff, magento, News, Sansec, Searchlight Cyber, vulnerability /

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) 2025-10-23 at 14:39 By Zeljka Zorz Attackers are trying to exploit CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source, Sansec researchers have warned. The company blocked over 250 exploitation attempts targeting multiple stores on Wednesday, and expects the attacks to continue at pace. About […]

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236) Read More »

Faster LLM tool routing comes with new security considerations

Atsign, cybersecurity, Don't miss, Features, Hot stuff, LLMs, monitoring, networking, News, research /

Faster LLM tool routing comes with new security considerations 2025-10-23 at 09:23 By Sinisa Markovic Large language models depend on outside tools to perform real-world tasks, but connecting them to those tools often slows them down or causes failures. A new study from the University of Hong Kong proposes a way to fix that. The

Faster LLM tool routing comes with new security considerations Read More »

The next cyber crisis may start in someone else’s supply chain

Artificial Intelligence, cybersecurity, News, report, Risk Management, Riskonnect, supply chain, threats /

The next cyber crisis may start in someone else’s supply chain 2025-10-23 at 09:23 By Anamarija Pogorelec Organizations are getting better at some aspects of risk management but remain underprepared for the threats reshaping the business landscape, according to a new Riskonnect report. The findings show a growing gap between awareness and action as technology,

The next cyber crisis may start in someone else’s supply chain Read More »

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector

cybercrime, cybersecurity, Don't miss, ESET, Malware, News, North Korea, Remote Access Trojan, scams, threats, trojan /

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector 2025-10-23 at 09:23 By Sinisa Markovic ESET researchers have uncovered a fresh wave of Operation DreamJob, a long-running campaign linked to North Korea’s Lazarus Group. This latest activity targeted several European defense contractors, including firms deeply involved in drone and

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector Read More »

Your wearable knows your heartbeat, but who else does?

cybersecurity, Don't miss, hardware, healthcare, Madaket Health, medical devices, News, Privacy, threats /

Your wearable knows your heartbeat, but who else does? 2025-10-23 at 09:23 By Sinisa Markovic Smartwatches, glucose sensors, and connected drug-monitoring devices are common in care programs. Remote monitoring helps detect changes early and supports personalized treatment and long-term condition management. They give clinicians valuable insight into patient health but also introduce new exposure points.

Your wearable knows your heartbeat, but who else does? Read More »

Gartner predicts the technologies set to transform 2026

Gartner, News, predictions, report, survey /

Gartner predicts the technologies set to transform 2026 2025-10-23 at 07:09 By Anamarija Pogorelec Gartner has unveiled its vision for the technologies that will define 2026, spotlighting the innovations and risks that business and IT leaders can’t afford to ignore. The research firm says organizations are entering a period of change, where AI, connectivity, and

Gartner predicts the technologies set to transform 2026 Read More »

Attackers target retailers’ gift card systems using cloud-only techniques

cloud security, Don't miss, Hot stuff, Microsoft 365, News, Palo Alto Networks, Retail, spear-phishing /

Attackers target retailers’ gift card systems using cloud-only techniques 2025-10-22 at 17:12 By Zeljka Zorz A newly uncovered attack campaign mounted by suspected Morocco-based attackers has been hitting global retailers and other businesses issuing gift cards. What makes this campaign stand out is how the threat actors avoid typical malware techniques and endpoint hacking and

Attackers target retailers’ gift card systems using cloud-only techniques Read More »

Attackers turn trusted OAuth apps into cloud backdoors

attack tools, automation, cloud security, Don't miss, enterprise, Hot stuff, Microsoft Entra ID, News, OAuth, privileged accounts, Proofpoint /

Attackers turn trusted OAuth apps into cloud backdoors 2025-10-22 at 15:43 By Zeljka Zorz Attackers are increasingly abusing internal OAuth-based applications to gain persistent access to cloud environments, Proofpoint researchers warn. These apps often remain unnoticed for quite some time and allow attackers to maintain access to high-privileged accounts even after passwords are reset or

Attackers turn trusted OAuth apps into cloud backdoors Read More »

OpenFGA: The open-source engine redefining access control

access control, DevOps, Don't miss, GitHub, News, open source, software, Terraform /

OpenFGA: The open-source engine redefining access control 2025-10-22 at 15:13 By Sinisa Markovic OpenFGA is an open-source, high-performance, and flexible authorization engine inspired by Google’s Zanzibar system for relationship-based access control. It helps developers model and enforce fine-grained access control in their applications. At its core, OpenFGA enables teams to define who can do what

OpenFGA: The open-source engine redefining access control Read More »

Companies want the benefits of AI without the cyber blowback

Artificial Intelligence, cybersecurity, deepfakes, Europe, ISACA, LLMs, News, regulation, report, resilience, threats /

Companies want the benefits of AI without the cyber blowback 2025-10-22 at 07:19 By Anamarija Pogorelec 51% of European IT and cybersecurity professionals said they expect AI-driven cyber threats and deepfakes to keep them up at night in 2026, according to ISACA. AI takes centre stage in threat outlook The main reason for this concern

Companies want the benefits of AI without the cyber blowback Read More »

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)

CISA, Don't miss, GuidePoint Security, Hot stuff, News, PoC, Synacktiv, WatchTowr, Windows, Windows Server /

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) 2025-10-21 at 19:13 By Zeljka Zorz CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which has added the flaw to its Known Exploited Vulnerabilities catalog,

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073) Read More »

Google introduces agentic threat intelligence for faster, conversational threat analysis

agentic AI, Artificial Intelligence, Google, Google Cloud, Mandiant, News, Threat Intelligence, VirusTotal /

Google introduces agentic threat intelligence for faster, conversational threat analysis 2025-10-21 at 19:00 By Mirko Zorz Security teams spend much of their day pulling data from reports, forums, and feeds, trying to connect clues across multiple sources. Google says that work can now happen through a simple conversation. A new way to interact with threat

Google introduces agentic threat intelligence for faster, conversational threat analysis Read More »

Agentic AI security: Building the next generation of access controls

Delinea, Don't miss, Hot stuff, News, report /

Agentic AI security: Building the next generation of access controls 2025-10-21 at 10:03 By Help Net Security As artificial intelligence (AI) solutions continue to evolve, the rise of agentic AI—intelligent systems that can act autonomously on behalf of an organization—presents new security challenges. Research from Delinea’s 2025 AI in Identity Security Demands a New Playbook

Agentic AI security: Building the next generation of access controls Read More »

When everything’s connected, everything’s at risk

access control, Brown & Brown, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, supply chain /

When everything’s connected, everything’s at risk 2025-10-21 at 09:02 By Mirko Zorz In this Help Net Security interview, Ken Deitz, CISO at Brown & Brown, discusses how the definition of cyber risk has expanded beyond IT to include IoT, OT, and broader supply chain ecosystems. As organizations connect these assets through cloud and networked systems,

When everything’s connected, everything’s at risk Read More »

Your smart building isn’t so smart without security

Claroty, cybersecurity, digital transformation, News, Nozomi Networks, smart building /

Your smart building isn’t so smart without security 2025-10-21 at 08:52 By Sinisa Markovic The lights switch on as you walk in. The air adjusts to your presence. Somewhere in the background, a server notes your arrival. It’s the comfort of a smart building, but that comfort might come with a cost. Smart buildings use

Your smart building isn’t so smart without security Read More »

10 data security companies to watch in 2026

Atakama, cybersecurity, data security, Don't miss, Dymium, EchoMark, Hot stuff, HYCU, Knostic, Netzilo, News, NextLabs, Paperclip, SealPath, SideDrawer /

10 data security companies to watch in 2026 2025-10-21 at 08:52 By Sinisa Markovic At Help Net Security, we’ve been tracking the cybersecurity world for nearly three decades. Through our Industry News section, we’ve watched countless companies rise, and push the limits of what’s possible in data protection. Some vendors consistently stand out, not just

10 data security companies to watch in 2026 Read More »

AI’s split personality: Solving crimes while helping conceal them

Artificial Intelligence, cybercrime, cybersecurity, digital forensics, Don't miss, generative AI, News, research /

AI’s split personality: Solving crimes while helping conceal them 2025-10-21 at 08:52 By Sinisa Markovic What happens when investigators and cybercriminals start using the same technology? AI is now doing both, helping law enforcement trace attacks while also being tested for its ability to conceal them. A new study from the University of Cagliari digs

AI’s split personality: Solving crimes while helping conceal them Read More »

Cybersecurity jobs available right now: October 21, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: October 21, 2025 2025-10-21 at 07:02 By Anamarija Pogorelec CISO Open-Xchange | Germany | Remote – View job details As a CISO, you will lead the development and implementation of security strategies and requirements across the OX Group. You will advise management on information security matters, provide transparent reporting, and

Cybersecurity jobs available right now: October 21, 2025 Read More »

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)

Don't miss, Hot stuff, IIoT, industrial communications, Moxa, network, News, router, vulnerability /

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) 2025-10-20 at 20:10 By Zeljka Zorz Moxa has fixed 5 vulnerabilities in its industrial network security appliances and routers, including a remotely exploitable flaw (CVE-2025-6950) that may result in complete system compromise. There’s no mention of these flaws being exploited in the wild, but due

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950) Read More »

Scroll to Top