Bots vs. humans? Why intent is the game-changer 2025-09-17 at 07:30 By Help Net Security In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams. He explores how advanced AI agents and sophisticated bots blur the […]
React to this headline:
Bots vs. humans? Why intent is the game-changer Read More »
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack 2025-09-17 at 01:18 By Zeljka Zorz A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who
React to this headline:
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Read More »
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents 2025-09-16 at 15:46 By Zeljka Zorz All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira ransomware attacks Managed security service providers and external incident responders have had a
React to this headline:
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents Read More »
GitHub adds post-quantum protection for SSH access 2025-09-16 at 12:05 By Sinisa Markovic GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe. What GitHub is changing GitHub has introduced a new type of SSH key that combines
React to this headline:
GitHub adds post-quantum protection for SSH access Read More »
Building security that protects customers, not just auditors 2025-09-16 at 09:31 By Mirko Zorz In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions. He points out that good engineering usually leads to strong security, and cautions
React to this headline:
Building security that protects customers, not just auditors Read More »
Google introduces VaultGemma, a differentially private LLM built for secure data handling 2025-09-16 at 09:31 By Sinisa Markovic Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent individual data points from being exposed, which makes it safer for handling confidential
React to this headline:
Product showcase: Clean Links exposes what’s hiding behind a QR code 2025-09-16 at 08:40 By Anamarija Pogorelec Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams while saving you time and frustration.
React to this headline:
Product showcase: Clean Links exposes what’s hiding behind a QR code Read More »
AI video surveillance could end privacy as we know it 2025-09-16 at 08:40 By Sinisa Markovic AI-powered video surveillance brings up big questions about privacy. On one hand, it can make us feel safer, but on the other, it can easily cross the line into intrusion. The more we let technology watch and track our
React to this headline:
AI video surveillance could end privacy as we know it Read More »
OT security needs continuous operations, not one-time fixes 2025-09-16 at 08:40 By Anamarija Pogorelec Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the past
React to this headline:
OT security needs continuous operations, not one-time fixes Read More »
Cybersecurity jobs available right now: September 16, 2025 2025-09-16 at 07:11 By Anamarija Pogorelec CISO Haier Europe | Italy | On-site – View job details As a CISO, you will develop an information security strategy aligned with organizational priorities, secure executive support, and oversee the protection of data, intellectual property, and technology assets. You will
React to this headline:
Cybersecurity jobs available right now: September 16, 2025 Read More »
Phishing campaign targets Rust developers 2025-09-15 at 19:27 By Zeljka Zorz Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign. The phishing email The emails started hitting developers’ inboxes on Friday, minutes after they published a (new)
React to this headline:
Phishing campaign targets Rust developers Read More »
Most enterprise AI use is invisible to security teams 2025-09-15 at 10:38 By Mirko Zorz Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI
React to this headline:
Most enterprise AI use is invisible to security teams Read More »
Arkime: Open-source network analysis and packet capture system 2025-09-15 at 08:47 By Help Net Security Arkime is an open-source system for large-scale network analysis and packet capture. It works with your existing security tools to store and index network traffic in standard PCAP format, making it easy to search and access. The solution includes a
React to this headline:
Arkime: Open-source network analysis and packet capture system Read More »
What could a secure 6G network look like? 2025-09-15 at 08:47 By Help Net Security The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised
React to this headline:
What could a secure 6G network look like? Read More »
Why neglected assets are the hidden threat attackers love to find 2025-09-15 at 07:58 By Help Net Security In this Help Net Security video, Tim Chase, Tech Evangelist at Orca Security, explores one of the most overlooked cybersecurity risks: neglected assets. From forgotten cloud resources and outdated OT systems to expired domains and abandoned storage,
React to this headline:
Why neglected assets are the hidden threat attackers love to find Read More »
Static feeds leave intelligence teams reacting to irrelevant or late data 2025-09-15 at 07:12 By Anamarija Pogorelec Boards and executives are not asking for another feed of indicators. They want to know whether their organization is being targeted, how exposed they are, and what steps need to be taken. A new report from Flashpoint argues
React to this headline:
Static feeds leave intelligence teams reacting to irrelevant or late data Read More »
Week in review: Salesloft Drift breach investigation results, malicious GitHub Desktop installers 2025-09-14 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Salesloft Drift data breach: Investigation reveals how attackers got in The attack that resulted in the Salesloft Drift data breach started
React to this headline:
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot 2025-09-12 at 19:00 By Help Net Security ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Secure Boot on outdated systems. The sample was uploaded from
React to this headline:
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Read More »
CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders
React to this headline:
CISA looks to partners to shore up the future of the CVE Program Read More »
Your heartbeat could reveal your identity, even in anonymized datasets 2025-09-12 at 09:12 By Mirko Zorz A new study has found that electrocardiogram (ECG) signals, often shared publicly for medical research, can be linked back to individuals. Researchers were able to re-identify people in anonymous datasets with surprising accuracy, raising questions about how health data
React to this headline:
Your heartbeat could reveal your identity, even in anonymized datasets Read More »