News

China-linked Salt Typhoon hackers attempt to infiltrate European telco

APT, Darktrace, Don't miss, Europe, government-backed attacks, Hot stuff, News, telecommunications /

China-linked Salt Typhoon hackers attempt to infiltrate European telco 2025-10-20 at 18:42 By Zeljka Zorz Salt Typhoon, the China-linked APT group that has a penchant for targeting telecommunications companies, has been spotted trying to sneak into yet another one. The intrusion “Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics, […]

China-linked Salt Typhoon hackers attempt to infiltrate European telco Read More »

Most AI privacy research looks the wrong way

Artificial Intelligence, Carnegie Mellon University, cybersecurity, data security, Don't miss, Features, Hot stuff, LLMs, News, Privacy, research /

Most AI privacy research looks the wrong way 2025-10-20 at 13:19 By Mirko Zorz Most research on LLM privacy has focused on the wrong problem, according to a new paper by researchers from Carnegie Mellon University and Northeastern University. The authors argue that while most technical studies target data memorization, the biggest risks come from

Most AI privacy research looks the wrong way Read More »

Why ex-military professionals are a good fit for cybersecurity

cybersecurity, cybersecurity jobs, Don't miss, News, NTT DATA Services, SpecterOps, strategy, tips /

Why ex-military professionals are a good fit for cybersecurity 2025-10-20 at 13:19 By Sinisa Markovic After years of working as part of a team, many military veterans look for work that still carries meaning, challenge, and purpose. Cybersecurity offers a new way to serve and protect on a different battlefield. Earlier this year, the Department

Why ex-military professionals are a good fit for cybersecurity Read More »

Nodepass: Open-source TCP/UDP tunneling solution

cybersecurity, DevOps, Don't miss, GitHub, network monitoring, networking, News, open source, penetration testing, red team, software /

Nodepass: Open-source TCP/UDP tunneling solution 2025-10-20 at 13:18 By Sinisa Markovic When you think of network tunneling, “lightweight” and “enterprise-grade” rarely appear in the same sentence. NodePass, an open-source project, wants to change that. It’s a compact but powerful TCP/UDP tunneling solution built for DevOps teams and system administrators who need to manage complex network

Nodepass: Open-source TCP/UDP tunneling solution Read More »

Why cybersecurity hiring feels so hard right now

CISO, cybersecurity jobs, Don't miss, News, strategy, tips, Video /

Why cybersecurity hiring feels so hard right now 2025-10-20 at 07:30 By Help Net Security In this Help Net Security video, Carol Lee Hobson, CISO at PayNearMe, explores the realities behind the so-called cybersecurity “talent gap.” She explains why the issue is as much about hiring practices as it is about skills shortages, and offers

Why cybersecurity hiring feels so hard right now Read More »

Inside the messy reality of Microsoft 365 management

access control, cybersecurity, identity management, Microsoft 365, MSP, News, report, Syncro /

Inside the messy reality of Microsoft 365 management 2025-10-20 at 07:00 By Anamarija Pogorelec Most MSPs agree that Microsoft 365 is now the backbone of business operations, but a Syncro survey shows that complexity, incomplete backups, and reactive security continue to slow their progress in managing it. About 60% of MSPs said Microsoft 365 powers

Inside the messy reality of Microsoft 365 management Read More »

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days

News, Week in review /

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days 2025-10-19 at 19:21 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a healthcare cybersecurity strategy that works In this Help Net Security interview, Wayman Cummings, CISO at Ochsner Health, talks about

Week in review: F5 data breach, Microsoft patches three actively exploited zero-days Read More »

The F5 BIG-IP Source Code Breach

Emerging Threats, News, Vulnerabilities /

The F5 BIG-IP Source Code Breach 2025-10-17 at 20:17 By Karl Sigler On August 9, F5 discovered that multiple systems were compromised by what it is calling a “highly sophisticated nation-state threat actor” who maintained “long-term, persistent access to certain F5 systems”. These included the BIG-IP product development environment and engineering knowledge management platform. That

The F5 BIG-IP Source Code Breach Read More »

Microsoft revokes 200 certs used to sign malicious Teams installers

certificates, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, Ransomware /

Microsoft revokes 200 certs used to sign malicious Teams installers 2025-10-17 at 15:59 By Zeljka Zorz By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams. “In this campaign, Vanilla Tempest used fake MSTeamsSetup.exe files hosted on

Microsoft revokes 200 certs used to sign malicious Teams installers Read More »

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)

0-day, Cisco, Don't miss, exploit, Hot stuff, News, rootkits, Trend Micro /

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) 2025-10-17 at 15:29 By Zeljka Zorz Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices. “The operation targeted victims running older Linux systems that do not have endpoint detection response solutions,” Trend Micro

Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352) Read More »

A new approach to blockchain spam: Local reputation over global rules

blockchain, cybersecurity, Don't miss, Ethereum, Features, Hot stuff, News, research, spam /

A new approach to blockchain spam: Local reputation over global rules 2025-10-17 at 10:18 By Mirko Zorz Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains

A new approach to blockchain spam: Local reputation over global rules Read More »

Inside healthcare’s quiet cybersecurity breakdown

Compliance, cyberattacks, cybersecurity, healthcare, News, OMEGA Systems, report, risk /

Inside healthcare’s quiet cybersecurity breakdown 2025-10-17 at 08:52 By Anamarija Pogorelec Hospitals, clinics, and care networks continue to treat cybersecurity as a back-office issue, according to the 2025 Healthcare IT Landscape Report from Omega Systems. Security takes a back seat Healthcare IT leaders are juggling competing demands. Rising costs, new privacy regulations, and expanding digital

Inside healthcare’s quiet cybersecurity breakdown Read More »

Everyone’s adopting AI, few are managing the risk

Artificial Intelligence, AuditBoard, cyber resilience, cybersecurity, framework, News, report, risk, Risk Management /

Everyone’s adopting AI, few are managing the risk 2025-10-17 at 08:52 By Anamarija Pogorelec AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for the

Everyone’s adopting AI, few are managing the risk Read More »

SAP zero-day wake-up call: Why ERP systems need a unified defense

0-day, Don't miss, News, Onapsis, threat detection, Video, vulnerability management /

SAP zero-day wake-up call: Why ERP systems need a unified defense 2025-10-17 at 08:52 By Help Net Security In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they

SAP zero-day wake-up call: Why ERP systems need a unified defense Read More »

New infosec products of the week: October 17, 2025

Aura, BitSight, Blumira, Cayosoft, Corelight, Netcraft, News, Picus Security /

New infosec products of the week: October 17, 2025 2025-10-17 at 07:17 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Aura, Bitsight, Blumira, Cayosoft, Corelight, Netcraft, and Picus Security. Picus Security uses AI to turn threat intelligence into attack simulations Picus Security launched new AI-powered

New infosec products of the week: October 17, 2025 Read More »

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)

Adobe, CISA, Don't miss, exploit, Hot stuff, News, security update, vulnerability /

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) 2025-10-16 at 19:52 By Zeljka Zorz CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation. Adobe fixed the vulnerability in August 2025, along with CVE-2025-54254,

“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253) Read More »

When trusted AI connections turn hostile

Anaconda, Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research /

When trusted AI connections turn hostile 2025-10-16 at 09:02 By Mirko Zorz Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while staying undetected by

When trusted AI connections turn hostile Read More »

Identifying risky candidates: Practical steps for security leaders

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity verification, Insider Threat, News, Nisos, opinion, strategy /

Identifying risky candidates: Practical steps for security leaders 2025-10-16 at 08:32 By Help Net Security Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation,

Identifying risky candidates: Practical steps for security leaders Read More »

Everyone wants AI, but few are ready to defend it

agentic AI, Artificial Intelligence, Cisco, cybersecurity, monitoring, News, report /

Everyone wants AI, but few are ready to defend it 2025-10-16 at 08:05 By Anamarija Pogorelec The rush to deploy AI is reshaping how companies think about risk, according to Cisco. A global study finds that while most organizations are moving quickly to adopt AI, many are not ready for the pressure it puts on

Everyone wants AI, but few are ready to defend it Read More »

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China

cyber espionage, cybersecurity, Don't miss, hardware, industrial robots, News, Privacy, research, vulnerability /

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China 2025-10-16 at 07:33 By Sinisa Markovic Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that can be hacked through Bluetooth Their tests show

Humanoid robot found vulnerable to Bluetooth hack, data leaks to China Read More »

Scroll to Top