News

AI security governance converts disorder into deliberate innovation

Artificial Intelligence, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, strategy /

AI security governance converts disorder into deliberate innovation 2025-08-14 at 09:16 By Help Net Security AI security governance provides a stable compass, channeling efforts and transforming AI from an experimental tool to a reliable, enterprise-class solution. With adequate governance built at the center of AI efforts, business leaders can shape AI plans with intention, while […]

React to this headline:

Loading spinner

AI security governance converts disorder into deliberate innovation Read More »

Open-source flow monitoring with SENSOR: Benefits and trade-offs

Don't miss, Features, Hot stuff, InferSight, mikrotik, networking, News, open source, Paessler, resarch, RESILIX, Semper Victus, software, traffic monitoring /

Open-source flow monitoring with SENSOR: Benefits and trade-offs 2025-08-14 at 09:16 By Mirko Zorz Flow monitoring tools are useful for tracking traffic patterns, planning capacity, and spotting threats. But many off-the-shelf solutions come with steep licensing costs and hardware demands, especially if you want to process every packet. A research team at the University of

React to this headline:

Loading spinner

Open-source flow monitoring with SENSOR: Benefits and trade-offs Read More »

The top CTEM platforms you should know in 2025

cybersecurity, Don't miss, framework, Hot stuff, Ionix, News, opinion, threat, threat detection, vulnerability management /

The top CTEM platforms you should know in 2025 2025-08-14 at 08:02 By Help Net Security Continuous Threat Exposure Management (CTEM) is a modern cybersecurity strategy originally coined by Gartner analysts, which focuses on identifying, prioritizing, validating, and mobilizing teams to reduce threat exposure across an organization’s full attack surface. It’s in a category of

React to this headline:

Loading spinner

The top CTEM platforms you should know in 2025 Read More »

AI is changing Kubernetes faster than most teams can keep up

Cloud, cloud computing, Kubernetes, News, report, Spectro Cloud /

AI is changing Kubernetes faster than most teams can keep up 2025-08-14 at 07:32 By Sinisa Markovic AI is changing how enterprises approach Kubernetes operations, strategy, and scale. The 2025 State of Production Kubernetes report from Spectro Cloud paints a picture of where the industry is heading: AI is shaping decisions around infrastructure cost, tooling,

React to this headline:

Loading spinner

AI is changing Kubernetes faster than most teams can keep up Read More »

Free courses: Master AI tools from Microsoft, AWS, and Google

Artificial Intelligence, generative AI, Google Cloud, LLMs, Microsoft, News, skill development /

Free courses: Master AI tools from Microsoft, AWS, and Google 2025-08-14 at 07:32 By Anamarija Pogorelec Learn how AI technologies can be applied to enhance security, create safe and responsible applications, develop intelligent agents, and improve information discovery. You’ll gain practical skills, explore new tools, and work on projects that help you apply what you

React to this headline:

Loading spinner

Free courses: Master AI tools from Microsoft, AWS, and Google Read More »

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities

Croatia, Don't miss, Europe, Hot stuff, News, Ransomware, SharePoint, vulnerability /

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities 2025-08-13 at 18:01 By Zeljka Zorz The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions worldwide” that were attacked using the Microsoft SharePoint “ToolShell” vulnerabilities. The attack happened on Thursday,

React to this headline:

Loading spinner

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities Read More »

NIST finalizes lightweight cryptography standard for small devices

authentication, Encryption, Government, hardware, Internet of Things, News, NIST, security standard, standards /

NIST finalizes lightweight cryptography standard for small devices 2025-08-13 at 17:24 By Anamarija Pogorelec The National Institute of Standards and Technology (NIST) has finalized a lightweight cryptography standard to protect even the smallest networked devices from cyberattacks. Published as Ascon-Based Lightweight Cryptography Standards for Constrained Devices (NIST Special Publication 800-232), the standard offers tools for

React to this headline:

Loading spinner

NIST finalizes lightweight cryptography standard for small devices Read More »

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779)

Akamai, Don't miss, Hot stuff, Immersive, Microsoft, MS Office, News, Patch Tuesday, SharePoint, Tenable, Trend Micro /

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) 2025-08-13 at 15:20 By Zeljka Zorz For August 2025 Patch Tuesday, Microsoft has released security updates resolving 100+ security vulnerabilities in its various solutions, including a relative path traversal flaw in Windows Kerberos (CVE-2025-53779) that allows an authorized attacker to elevate privileges over a network as part of a

React to this headline:

Loading spinner

Microsoft fixes “BadSuccessor” Kerberos vulnerability (CVE-2025-53779) Read More »

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256)

Don't miss, exploit, Fortinet, Hot stuff, News, security update, SIEM /

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256) 2025-08-13 at 12:43 By Zeljka Zorz Fortinet has released patches for a critical OS command injection vulnerability (CVE-2025-25256) in FortiSIEM, after practical exploit code surfaced in the wild. About CVE-2025-25256 FortiSIEM is a security information and event management platform used by organizations to collect, correlate

React to this headline:

Loading spinner

Fortinet warns about FortiSIEM vulnerability with in-the-wild exploit code (CVE-2025-25256) Read More »

AWS CISO explains how cloud-native security scales with your business

access management, Amazon Web Services, Artificial Intelligence, AWS, CISO, Cloud, cloud security, cybersecurity, Don't miss, Features, Hot stuff, News, strategy /

AWS CISO explains how cloud-native security scales with your business 2025-08-13 at 09:01 By Mirko Zorz In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and processes

React to this headline:

Loading spinner

AWS CISO explains how cloud-native security scales with your business Read More »

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD

Apricorn, data security, Don't miss, Encryption, hardware, News, Product showcase /

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD 2025-08-13 at 08:31 By Anamarija Pogorelec The Apricorn Aegis NVX is a hardware-based 256-Bit AES XTS external SSD drive with integrated USB-C cable. Its storage capacities range from 500GB to 2TB. The device is OS free and cross-platform compatible. Design and build The drive comes with

React to this headline:

Loading spinner

Product showcase: Apricorn Aegis NVX, a high-security, portable SSD Read More »

How to build and grow a scalable vCISO practice as an MSP

Cynomi, Don't miss, Hot stuff, News /

How to build and grow a scalable vCISO practice as an MSP 2025-08-13 at 08:03 By Help Net Security The cybersecurity needs of small and midsize businesses have reached a critical point. Compliance mandates, increasing ransomware attacks, and cyber insurance requirements are driving demand for expert guidance. Yet, hiring a full-time Chief Information Security Officer

React to this headline:

Loading spinner

How to build and grow a scalable vCISO practice as an MSP Read More »

Global OT cyber risk could top $329 billion, new report warns

critical infrastructure, cyber risk, cybersecurity, Don't miss, Dragos, ICS/SCADA, Marsh McLennan, News, report, Risk Management /

Global OT cyber risk could top $329 billion, new report warns 2025-08-13 at 07:36 By Anamarija Pogorelec A new study from Dragos and Marsh McLennan puts hard numbers on the global financial risk tied to OT cyber incidents. The 2025 OT Security Financial Risk Report estimates that the most extreme scenarios could place more than

React to this headline:

Loading spinner

Global OT cyber risk could top $329 billion, new report warns Read More »

CISOs face a complex tangle of tools, threats, and AI uncertainty

CISO, cybersecurity, JumpCloud, News, report /

CISOs face a complex tangle of tools, threats, and AI uncertainty 2025-08-13 at 07:02 By Anamarija Pogorelec Most organizations are juggling too many tools, struggling with security blind spots, and rushing into AI adoption without governance, according to JumpCloud. he average organization now uses more than nine tools to manage core IT functions. That is

React to this headline:

Loading spinner

CISOs face a complex tangle of tools, threats, and AI uncertainty Read More »

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543)

Citrix, Don't miss, Europe, Fortinet, Hot stuff, NCSC-NL, NetScaler, News, Shadowserver /

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) 2025-08-12 at 17:51 By Zeljka Zorz FortiGuard Labs has reported a dramatic spike in exploitation attempts targeting Citrix Bleed 2, a critical buffer over‑read flaw (CVE‑2025‑5777) affecting Citrix NetScaler ADC (Application Delivery Controller) and Gateway devices. Since July 28, 2025, they have detected over 6,000 exploitation

React to this headline:

Loading spinner

Netscaler vulnerability was exploited as zero-day for nearly two months (CVE-2025-6543) Read More »

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088)

0-day, APT, backdoor, BI.ZONE, Canada, cyber espionage, Don't miss, ESET, Europe, exploit, Hot stuff, News, Russian Federation, spear-phishing, WinRAR /

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) 2025-08-12 at 16:11 By Zeljka Zorz The RomCom attackers aren’t the only ones that have been leveraging the newly unveiled WinRAR vulnerability (CVE-2025-8088) in zero-day attacks: according to Russian cybersecurity company BI.ZONE, a group tracked as Paper Werewolf has been using it to target Russian organizations.

React to this headline:

Loading spinner

WinRAR zero-day was exploited by two threat actors (CVE-2025-8088) Read More »

APT groups are getting personal, and CISOs should be concerned

APT, attacks, CISO, cybersecurity, Data Protection, Don't miss, Doppel, Features, Hot stuff, how-to, News, Privacy, strategy, threats, tips /

APT groups are getting personal, and CISOs should be concerned 2025-08-12 at 14:42 By Mirko Zorz Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store

React to this headline:

Loading spinner

APT groups are getting personal, and CISOs should be concerned Read More »

What makes a security program mature and how to get there faster

CISO, Don't miss, Hot stuff, News, PlexTrac, strategy, tips, Video /

What makes a security program mature and how to get there faster 2025-08-12 at 08:31 By Help Net Security Security leaders are flush with tools and data, but it’s not helping their programs mature. In this Help Net Security video, PlexTrac’s Dan DeCloss outlines the 3 key gaps holding security programs back and what sets

React to this headline:

Loading spinner

What makes a security program mature and how to get there faster Read More »

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Semperis, software /

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations 2025-08-12 at 08:01 By Help Net Security EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security professionals practice spotting and exploiting common misconfigurations. The tool creates a range

React to this headline:

Loading spinner

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations Read More »

Why DNS threats should be on every CISO’s radar in 2025

attacks, CISO, cybersecurity, DNS, Infoblox, News, report, threats /

Why DNS threats should be on every CISO’s radar in 2025 2025-08-12 at 07:32 By Sinisa Markovic DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are feeling the pressure. The report shows that DNS is being used

React to this headline:

Loading spinner

Why DNS threats should be on every CISO’s radar in 2025 Read More »

Scroll to Top