News

Why Managed Detection and Response (MDR) is Now Mission-Critical

Managed Detection and Response, News, Reports, Tips & Tricks /

Why Managed Detection and Response (MDR) is Now Mission-Critical 2025-10-10 at 16:16 By The digital landscape across Asia/Pacific (excluding Japan) (APEJ) is characterized by rapid growth in the acceptance of Managed Detection and Response (MDR), and driven by a corresponding surge in cyber threats, according to IDC’s just released report IDC MarketScape: Asia/Pacific (Excluding Japan) […]

Why Managed Detection and Response (MDR) is Now Mission-Critical Read More »

Apple offers $2 million for zero-click exploit chains

apple, bug bounty, Don't miss, Hot stuff, News /

Apple offers $2 million for zero-click exploit chains 2025-10-10 at 16:16 By Zeljka Zorz Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more

Apple offers $2 million for zero-click exploit chains Read More »

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)

0-day, Don't miss, enterprise, file-sharing, Gladinet, Hot stuff, MSP, News, remote access, SMBs /

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) 2025-10-10 at 13:40 By Zeljka Zorz CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a

Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) Read More »

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday /

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft 2025-10-10 at 09:33 By Help Net Security A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far behind, after six years in existence, comes

October 2025 Patch Tuesday forecast: The end of a decade with Microsoft Read More »

From theory to training: Lessons in making NICE usable

CISA, CISO, CXO, cybersecurity, Daon, Don't miss, Features, framework, Hot stuff, News, NICE, research, Risk Management, SMBs, strategy, tips /

From theory to training: Lessons in making NICE usable 2025-10-10 at 09:02 By Mirko Zorz SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train staff without getting lost in the thousands of skills and

From theory to training: Lessons in making NICE usable Read More »

Securing agentic AI with intent-based permissions

access management, agentic AI, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, Token Security, zero trust /

Securing agentic AI with intent-based permissions 2025-10-10 at 08:31 By Help Net Security When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, automakers had to add airbags, crumple zones, and (eventually) adaptive driver assistance systems that anticipate

Securing agentic AI with intent-based permissions Read More »

Nagios: Open-source monitoring solution

Don't miss, GitHub, monitoring, News, open source, software /

Nagios: Open-source monitoring solution 2025-10-10 at 08:19 By Anamarija Pogorelec Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT infrastructure, covering everything from websites and DNS to servers, routers, switches, workstations, and critical services. It helps organizations proactively

Nagios: Open-source monitoring solution Read More »

New infosec products of the week: October 10, 2025

News, Object First, OPSWAT, Radiflow, Semperis /

New infosec products of the week: October 10, 2025 2025-10-10 at 07:04 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Object First, OPSWAT, Radiflow, and Semperis. OPSWAT’s MetaDefender Drive delivers portable, network-free threat scanning Purpose-built for critical infrastructure, MetaDefender Drive with Smart Touch is a

New infosec products of the week: October 10, 2025 Read More »

Legit tools, illicit uses: Velociraptor, Nezha turned against victims

APT, attack tools, Cisco, Don't miss, Hot stuff, Huntress, News, open source, Ransomware, Sophos /

Legit tools, illicit uses: Velociraptor, Nezha turned against victims 2025-10-09 at 19:19 By Zeljka Zorz Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their attack toolbox. Velociraptor misuse A suspected China-based ransomware threat actor has

Legit tools, illicit uses: Velociraptor, Nezha turned against victims Read More »

Attackers compromised ALL SonicWall firewall configuration backup files

backup, cloud security, Don't miss, enterprise, firewall, Hot stuff, Mandiant, News, SMBs, SonicWall /

Attackers compromised ALL SonicWall firewall configuration backup files 2025-10-09 at 15:41 By Zeljka Zorz The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, SonicWall stated on Wednesday, following the conclusion of a Mandiant-supported investigation into the incident. Early reports suggested

Attackers compromised ALL SonicWall firewall configuration backup files Read More »

Researchers develop AI system to detect scam websites in search results

cybercrime, cybersecurity, framework, machine learning, News, scams /

Researchers develop AI system to detect scam websites in search results 2025-10-09 at 13:07 By Sinisa Markovic Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent sites once they are found, but identifying new ones remains difficult. To

Researchers develop AI system to detect scam websites in search results Read More »

Behind the screens: Building security customers appreciate

access control, Artificial Intelligence, authentication, CISO, cybersecurity, Don't miss, Features, financial industry, fraud, Hot stuff, identity verification, News, PRA Group, strategy, tips /

Behind the screens: Building security customers appreciate 2025-10-09 at 08:03 By Mirko Zorz In this Help Net Security interview, Jess Vachon, CISO at PRA Group, discusses the company’s multi-layered defense against fraud and its commitment to protecting customer trust. Vachon explains how PRA Group balances identity verification with a seamless customer experience. Vachon also reflects

Behind the screens: Building security customers appreciate Read More »

Six metrics policymakers need to track cyber resilience

cyber insurance, cyber resilience, cyber risk, cybersecurity, Europe, Government, News, policy, report, security metrics, Zurich Insurance Group /

Six metrics policymakers need to track cyber resilience 2025-10-09 at 07:48 By Anamarija Pogorelec Most countries are still making national cyber policy decisions without reliable numbers. Regulations often focus on incident reporting after damage is done, but they fail to give governments a forward-looking picture of resilience. A new report from Zurich Insurance Group argues

Six metrics policymakers need to track cyber resilience Read More »

Turning the human factor into your strongest cybersecurity defense

burnout, cybersecurity, Don't miss, Hot stuff, human error, News, training, Upwind, Video /

Turning the human factor into your strongest cybersecurity defense 2025-10-09 at 07:30 By Help Net Security In this Help Net Security video, Jacob Martens, Field CISO at Upwind Security, explores one of cybersecurity’s most enduring challenges: the human factor behind breaches. Despite advances in technology, most attacks still begin with people, not code. He explains

Turning the human factor into your strongest cybersecurity defense Read More »

Researchers uncover ClickFix-themed phishing kit

Don't miss, Hot stuff, News, Palo Alto Networks, phishing, social engineering /

Researchers uncover ClickFix-themed phishing kit 2025-10-08 at 16:26 By Zeljka Zorz Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting users with malware by using the increasingly popular ClickFix social engineering technique. “This tool allows threat actors to create highly customizable phishing

Researchers uncover ClickFix-themed phishing kit Read More »

North Korean hackers stole over $2 billion in cryptocurrency this year

Cryptocurrency, Cryptocurrency Exchange, Don't miss, Elliptic, Hot stuff, News, North Korea, social engineering, theft /

North Korean hackers stole over $2 billion in cryptocurrency this year 2025-10-08 at 14:49 By Zeljka Zorz North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though this year’s record losses are driven largely by the February attack on

North Korean hackers stole over $2 billion in cryptocurrency this year Read More »

Rethinking AI security architectures beyond Earth

aerospace, Artificial Intelligence, AWS, CISO, cybersecurity, data center, Don't miss, Features, Google Cloud, Hot stuff, NASA, News, One Identity, research, security telemetry /

Rethinking AI security architectures beyond Earth 2025-10-08 at 09:39 By Mirko Zorz If you think managing cloud security is complex, try doing it across hundreds of satellites orbiting the planet. Each one is a moving endpoint that must stay secure while communicating through long, delay-prone links. A new study explores how AI could automate security

Rethinking AI security architectures beyond Earth Read More »

DefectDojo: Open-source DevSecOps platform

DevSecOps, Don't miss, GitHub, News, open source, software /

DefectDojo: Open-source DevSecOps platform 2025-10-08 at 09:39 By Anamarija Pogorelec DefectDojo is an open-source tool for DevSecOps, application security posture management (ASPM), and vulnerability management. It helps teams manage security testing, track and remove duplicate findings, handle remediation, and generate reports. Whether you’re a solo security practitioner or a CISO managing multiple teams, DefectDojo helps

DefectDojo: Open-source DevSecOps platform Read More »

Developing economies are falling behind in the fight against cybercrime

cybercrime, cybersecurity, News /

Developing economies are falling behind in the fight against cybercrime 2025-10-08 at 08:04 By Sinisa Markovic Cybercrime is a global problem, but not every country is equally equipped to fight it. In many developing economies, cybersecurity is still seen as a luxury, something nice to have when budgets allow. That means little investment in tools,

Developing economies are falling behind in the fight against cybercrime Read More »

Scroll to Top