News

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover

AWS, containers, Don't miss, Google, Hot stuff, Kubernetes, News, vulnerability, Wiz /

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering […]

React to this headline:

Loading spinner

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »

Review: The Developer’s Playbook for Large Language Model Security

Artificial Intelligence, books, cybersecurity, Don't miss, Exabeam, Hot stuff, News, Reviews, strategy, tips /

Review: The Developer’s Playbook for Large Language Model Security 2025-03-25 at 18:06 By Mirko Zorz With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to

React to this headline:

Loading spinner

Review: The Developer’s Playbook for Large Language Model Security Read More »

Microsoft’s new AI agents take on phishing, patching, alert fatigue

Artificial Intelligence, Aviatrix, BlueVoyant, cybersecurity, Don't miss, Fletch, Microsoft, News, OneTrust, Tanium /

Microsoft’s new AI agents take on phishing, patching, alert fatigue 2025-03-25 at 18:06 By Mirko Zorz Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with some of the most time-consuming security challenges, such as phishing, data protection, and identity management. Phishing is still one of the most

React to this headline:

Loading spinner

Microsoft’s new AI agents take on phishing, patching, alert fatigue Read More »

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses

CISO, cybersecurity, Cynomi, Don't miss, Hot stuff, News /

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses 2025-03-25 at 16:13 By Help Net Security By now, it’s no secret—cyber threats are on the rise, and the need for strong cybersecurity is greater than ever. Globally small and medium-sized businesses (SMBs) are prime targets for cyberattacks, yet many can’t afford a full-time Chief

React to this headline:

Loading spinner

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses Read More »

Trustwave MailMarshal’s Secure Email Gateway Protects Against Phishing/Ransomware Attacks

data breach, email security, Emerging Threats, News /

Trustwave MailMarshal’s Secure Email Gateway Protects Against Phishing/Ransomware Attacks 2025-03-25 at 15:28 By Combat Medusa Ransomware: Learn how Trustwave MailMarshal’s secure email gateway effectively blocks phishing attacks, the primary entry point for this dangerous threat. Strengthen Your Email Security: Discover the layered protection and advanced threat detection capabilities of our managed email security services, and prevent costly data breaches.

React to this headline:

Loading spinner

Trustwave MailMarshal’s Secure Email Gateway Protects Against Phishing/Ransomware Attacks Read More »

Spring clean your security data: The case for cybersecurity data hygiene

Auguria, cyber hygiene, cybersecurity, data management, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, SIEM, SOC, strategy /

Spring clean your security data: The case for cybersecurity data hygiene 2025-03-25 at 08:41 By Help Net Security Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess. The modern Security Operations

React to this headline:

Loading spinner

Spring clean your security data: The case for cybersecurity data hygiene Read More »

OT systems are strategic targets in global power struggles

cyberattacks, cybercrime, cybersecurity, News, Ransomware, Waterfall Security Solutions /

OT systems are strategic targets in global power struggles 2025-03-25 at 08:06 By Help Net Security Compared to 2023, 2024 saw a smaller increase in cyberattacks that caused physical consequences on OT organizations, according to Waterfall Security. Nevertheless, there were sharp jumps in the number of sites affected by the hacks, as well as in

React to this headline:

Loading spinner

OT systems are strategic targets in global power struggles Read More »

How AI agents could undermine computing infrastructure security

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, News, opinion, Teleport, threats, Video /

How AI agents could undermine computing infrastructure security 2025-03-25 at 07:34 By Help Net Security In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks. Unlike traditional software, AI agents aren’t fully deterministic, making them more vulnerable to

React to this headline:

Loading spinner

How AI agents could undermine computing infrastructure security Read More »

Cybersecurity jobs available right now: March 25, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: March 25, 2025 2025-03-25 at 07:03 By Anamarija Pogorelec Analyst – Cyber Threat Intelligence Adecco | UAE | On-site – View job details As an Analyst – Cyber Threat Intelligence, you will conduct threat hunting missions across multi-cloud environments and perform cyber forensics to analyze security incidents. You will also

React to this headline:

Loading spinner

Cybersecurity jobs available right now: March 25, 2025 Read More »

Protecting your personal information from data brokers

cybersecurity, data, data security, Don't miss, how-to, News, regulation, strategy, tips /

Protecting your personal information from data brokers 2025-03-24 at 18:01 By Help Net Security How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this? So, these companies, called data brokers, collect everything they can about you – where

React to this headline:

Loading spinner

Protecting your personal information from data brokers Read More »

Report: Fortune 500 employee-linked account exposure

Don't miss, Enzoic, News, Whitepapers and webinars /

Report: Fortune 500 employee-linked account exposure 2025-03-24 at 16:01 By Help Net Security A backbone of our economy, Fortune 500 companies employ more than 31 million people worldwide. According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts became newly

React to this headline:

Loading spinner

Report: Fortune 500 employee-linked account exposure Read More »

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)

Cloudflare, Don't miss, framework, Hot stuff, News, Next.js, open source, PoC, ProjectDiscovery, vulnerability, web application security, web development /

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) 2025-03-24 at 15:17 By Zeljka Zorz A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).

React to this headline:

Loading spinner

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) Read More »

How AI, corruption and digital tools fuel Europe’s criminal underworld

cybercrime, Don't miss, EU, Europe, Europol, law enforcement, News, report /

How AI, corruption and digital tools fuel Europe’s criminal underworld 2025-03-24 at 09:31 By Help Net Security Europol has released its 2025 report on serious and organized crime in the EU. The EU Serious and Organised Crime Threat Assessment (EU-SOCTA) is based on intelligence from EU countries and global law enforcement. The findings are stark.

React to this headline:

Loading spinner

How AI, corruption and digital tools fuel Europe’s criminal underworld Read More »

Enterprises walk a tightrope between AI innovation and security

Artificial Intelligence, ChatGPT, cybercrime, cybersecurity, News, report, survey, Zscaler /

Enterprises walk a tightrope between AI innovation and security 2025-03-24 at 08:02 By Help Net Security AI/ML tool usage surged globally in 2024, with enterprises integrating AI into operations and employees embedding it in daily workflows, according to Zscaler. The report reveals a 3,000+% year-over-year growth in enterprise use of AI/ML tools, highlighting the rapid

React to this headline:

Loading spinner

Enterprises walk a tightrope between AI innovation and security Read More »

Finders Keypers: Open-source AWS KMS key usage finder

AWS, Don't miss, GitHub, News, open source, software /

Finders Keypers: Open-source AWS KMS key usage finder 2025-03-24 at 07:32 By Mirko Zorz Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the

React to this headline:

Loading spinner

Finders Keypers: Open-source AWS KMS key usage finder Read More »

Cloud providers aren’t delivering on security promises

Arctic Wolf Networks, CISO, Cloud, cybersecurity, News, report, survey /

Cloud providers aren’t delivering on security promises 2025-03-24 at 07:03 By Help Net Security Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% don’t believe their cloud environment is secure, and 43% think cloud service providers

React to this headline:

Loading spinner

Cloud providers aren’t delivering on security promises Read More »

Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware

News, Week in review /

Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware 2025-03-23 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Veeam has released fixes for a critical

React to this headline:

Loading spinner

Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware Read More »

53% of security teams lack continuous and up-to-date visibility

Bedrock Security, cybersecurity, data, data security, News, report, survey /

53% of security teams lack continuous and up-to-date visibility 2025-03-21 at 18:03 By Help Net Security Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security. The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving

React to this headline:

Loading spinner

53% of security teams lack continuous and up-to-date visibility Read More »

Malicious ads target Semrush users to steal Google account credentials

Don't miss, Google, Hot stuff, malvertising, Malwarebytes, News, SEO /

Malicious ads target Semrush users to steal Google account credentials 2025-03-21 at 14:35 By Zeljka Zorz Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign Malwarebytes researchers have spotted a campaign consisting of a slew of malicious ads

React to this headline:

Loading spinner

Malicious ads target Semrush users to steal Google account credentials Read More »

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

backup, disaster recovery, Don't miss, enterprise, Hot stuff, MSP, Nakivo, News, PoC, SMBs, vulnerability, WatchTowr /

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Scroll to Top