Stealthy attack serves poisoned web pages only to AI agents 2025-09-05 at 14:30 By Zeljka Zorz AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous […]
Stealthy attack serves poisoned web pages only to AI agents Read More »
September 2025 Patch Tuesday forecast: The CVE matrix 2025-09-05 at 10:18 By Help Net Security We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator
September 2025 Patch Tuesday forecast: The CVE matrix Read More »
How to reclaim control over your online shopping data 2025-09-05 at 09:33 By Sinisa Markovic Online shopping is convenient, saves time, and everything is just a click away. But how often do we stop to think about what happens to the data we leave behind, or the risks that might come with it? Where shopping
How to reclaim control over your online shopping data Read More »
File security risks rise as insiders, malware, and AI challenges converge 2025-09-05 at 08:42 By Anamarija Pogorelec Breaches tied to file access are happening often, and the costs add up quickly. Many organizations have faced multiple file-related incidents over the last two years, with financial losses stretching into the millions. The fallout often includes stolen
File security risks rise as insiders, malware, and AI challenges converge Read More »
Smart ways CISOs can do more with less 2025-09-05 at 08:05 By Help Net Security In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor partnerships to leveraging AI and making smart investments, she offers actionable advice for maintaining strong
Smart ways CISOs can do more with less Read More »
Connected cars are smart, convenient, and open to cyberattacks 2025-09-05 at 07:32 By Sinisa Markovic Consumers are concerned about vulnerabilities in their vehicles, which directly impacts purchasing behavior and brand loyalty, according to RunSafe Security. Vehicles now run on over 100 million lines of code, which is more than most fighter jets, but they often
Connected cars are smart, convenient, and open to cyberattacks Read More »
CyberFlex: Flexible Pen testing as a Service with EASM 2025-09-04 at 16:58 By Help Net Security About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. Customers benefit from continuous coverage of their entire attack application attack surface, while enjoying a flexible consumption model.
CyberFlex: Flexible Pen testing as a Service with EASM Read More »
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) 2025-09-04 at 16:58 By Zeljka Zorz Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) Read More »
LinkedIn expands company verification, mandates workplace checks for certain roles 2025-09-04 at 16:00 By Mirko Zorz LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace verification when someone adds or updates a leadership or recruiter
LinkedIn expands company verification, mandates workplace checks for certain roles Read More »
macOS vulnerability allowed Keychain and iOS app decryption without a password 2025-09-04 at 15:41 By Mirko Zorz Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) enabled. The issue, tracked as CVE-2025-24204, stems from Apple mistakenly granting the
macOS vulnerability allowed Keychain and iOS app decryption without a password Read More »
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) 2025-09-04 at 14:48 By Zeljka Zorz A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several Sitecore solutions, Mandiant has revealed. About CVE-2025-53690 CVE-2025-53690 is a ViewState deserialization vulnerability that affects any version of Sitecore
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690) Read More »
New threat group uses custom tools to hijack search results 2025-09-04 at 12:02 By Anamarija Pogorelec ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, and the United States. Countries where GhostRedirector victims were detected (Source: ESET)
New threat group uses custom tools to hijack search results Read More »
Cutting through CVE noise with real-world threat signals 2025-09-04 at 09:02 By Sinisa Markovic CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or
Cutting through CVE noise with real-world threat signals Read More »
Attackers are turning Salesforce trust into their biggest weapon 2025-09-04 at 09:02 By Sinisa Markovic Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The report shows that malicious activity inside Salesforce environments rose sharply in the first quarter of this
Attackers are turning Salesforce trust into their biggest weapon Read More »
DDoS attacks serve as instruments of political influence and disruption 2025-09-04 at 07:02 By Sinisa Markovic In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds of 3.12 Tbps and 1.5 Gpps. These attacks have moved beyond
DDoS attacks serve as instruments of political influence and disruption Read More »
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise 2025-09-03 at 16:13 By Zeljka Zorz Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated
Cloudflare confirms data breach linked to Salesloft Drift supply chain compromise Read More »
BruteForceAI: Free AI-powered login brute force tool 2025-09-03 at 09:31 By Help Net Security BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically. It
BruteForceAI: Free AI-powered login brute force tool Read More »
How gaming experience can help with a cybersecurity career 2025-09-03 at 08:41 By Sinisa Markovic Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of
How gaming experience can help with a cybersecurity career Read More »
Detecting danger: EASM in the modern security stack 2025-09-03 at 08:03 By Help Net Security In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats – it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that
Detecting danger: EASM in the modern security stack Read More »
Five habits of highly secure development teams 2025-09-03 at 07:46 By Help Net Security In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the
Five habits of highly secure development teams Read More »