News

APT groups are getting personal, and CISOs should be concerned

APT, attacks, CISO, cybersecurity, Data Protection, Don't miss, Doppel, Features, Hot stuff, how-to, News, Privacy, strategy, threats, tips /

APT groups are getting personal, and CISOs should be concerned 2025-08-12 at 14:42 By Mirko Zorz Instead of focusing only on corporate systems, some APT groups are now going after executives in their personal lives. Home networks, private devices, and even family members have become targets. This approach works because executives often work remotely, store […]

APT groups are getting personal, and CISOs should be concerned Read More »

What makes a security program mature and how to get there faster

CISO, Don't miss, Hot stuff, News, PlexTrac, strategy, tips, Video /

What makes a security program mature and how to get there faster 2025-08-12 at 08:31 By Help Net Security Security leaders are flush with tools and data, but it’s not helping their programs mature. In this Help Net Security video, PlexTrac’s Dan DeCloss outlines the 3 key gaps holding security programs back and what sets

What makes a security program mature and how to get there faster Read More »

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Semperis, software /

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations 2025-08-12 at 08:01 By Help Net Security EntraGoat is a purpose-built tool that sets up a vulnerable Microsoft Entra ID environment to mimic real-world identity security issues. It’s designed to help security professionals practice spotting and exploiting common misconfigurations. The tool creates a range

EntraGoat: Vulnerable Microsoft Entra ID infrastructure to simulate identity security misconfigurations Read More »

Why DNS threats should be on every CISO’s radar in 2025

attacks, CISO, cybersecurity, DNS, Infoblox, News, report, threats /

Why DNS threats should be on every CISO’s radar in 2025 2025-08-12 at 07:32 By Sinisa Markovic DNS is once again in the crosshairs of threat actors. According to the 2025 DNS Threat Landscape Report by Infoblox, attackers are changing tactics, and enterprises are feeling the pressure. The report shows that DNS is being used

Why DNS threats should be on every CISO’s radar in 2025 Read More »

Cybersecurity jobs available right now: August 12, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: August 12, 2025 2025-08-12 at 07:08 By Anamarija Pogorelec Cloud Platforms Engineering Manager Mozn | UAE | Remote – View job details As a Cloud Platforms Engineering Manager, you will lead the design, implementation, and lifecycle management of scalable, secure, and highly available cloud infrastructure. Embed security best practices across

Cybersecurity jobs available right now: August 12, 2025 Read More »

What the Matter 1.4.2 update means for smart home security

certification, cybersecurity, hardware, Internet of Things, Matter, networking, News, smart home, wireless /

What the Matter 1.4.2 update means for smart home security 2025-08-11 at 18:28 By Anamarija Pogorelec Matter is built on the idea that smart home devices should be secure, reliable, and easy to use. It is based on Internet Protocol (IP), which allows devices, mobile apps, and cloud services to communicate. Matter also defines a

What the Matter 1.4.2 update means for smart home security Read More »

Win-DDoS: Attackers can turn public domain controllers into DDoS agents

DDoS, Don't miss, DoS, enterprise, Hot stuff, News, SafeBreach, vulnerability, Windows, Windows Server /

Win-DDoS: Attackers can turn public domain controllers into DDoS agents 2025-08-11 at 16:02 By Zeljka Zorz SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one one of which (CVE-2025-32724) can also be leveraged to force public DCs to participate in distributed

Win-DDoS: Attackers can turn public domain controllers into DDoS agents Read More »

WinRAR zero day exploited by RomCom hackers in targeted attacks

backdoor, CVE, cybersecurity, ESET, News, software, vulnerability, WinRAR /

WinRAR zero day exploited by RomCom hackers in targeted attacks 2025-08-11 at 12:55 By Sinisa Markovic ESET researchers have discovered a previously unknown vulnerability in WinRAR, exploited in the wild by Russia-aligned group RomCom. If you use WinRAR or related components such as the Windows versions of its command line tools, UnRAR.dll, or the portable

WinRAR zero day exploited by RomCom hackers in targeted attacks Read More »

How Brandolini’s law informs our everyday infosec reality

attacks, automation, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Portnox, social engineering, supply chain /

How Brandolini’s law informs our everyday infosec reality 2025-08-11 at 09:00 By Help Net Security Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude bigger than to produce it.” While it’s often thrown around in political debates and

How Brandolini’s law informs our everyday infosec reality Read More »

From legacy to SaaS: Why complexity is the enemy of enterprise security

access management, authentication, Bridge IT, CISO, cybersecurity, digital transformation, Don't miss, enterprise, Features, Hot stuff, identity verification, MFA, News, SaaS, security awareness, strategy, tips, zero trust /

From legacy to SaaS: Why complexity is the enemy of enterprise security 2025-08-11 at 08:32 By Mirko Zorz In this Help Net Security interview, Robert Buljevic, Technology Consultant at Bridge IT, discusses how the coexistence of legacy systems and SaaS applications is changing the way organizations approach security. He explains why finding the right balance

From legacy to SaaS: Why complexity is the enemy of enterprise security Read More »

Review: From Day Zero to Zero Day

books, Don't miss, how-to, News, Review, Reviews, skill development, strategy, tips, vulnerability assessment /

Review: From Day Zero to Zero Day 2025-08-11 at 08:02 By Mirko Zorz From Day Zero to Zero Day is a practical guide for cybersecurity pros who want to move beyond reading about vulnerabilities and start finding them. It gives a methodical look at how real vulnerability research is done. About the author Eugene Lim

Review: From Day Zero to Zero Day Read More »

Pentesting is now central to CISO strategy

Artificial Intelligence, CISO, cybersecurity, Data Protection, generative AI, News, penetration testing, report, supply chain /

Pentesting is now central to CISO strategy 2025-08-11 at 07:36 By Anamarija Pogorelec Security leaders are rethinking their approach to cybersecurity as digital supply chains expand and generative AI becomes embedded in critical systems. A recent survey of 225 security leaders conducted by Emerald Research found that 68% are concerned about the risks posed by

Pentesting is now central to CISO strategy Read More »

Breaches are up, budgets are too, so why isn’t healthcare safer?

cyber resilience, cyber risk, cybersecurity, healthcare, News, report, resilience, security ROI, supply chain attacks, supply chain compromise /

Breaches are up, budgets are too, so why isn’t healthcare safer? 2025-08-11 at 07:11 By Sinisa Markovic A new report from Resilience outlines a growing cyber crisis in the U.S. healthcare sector, where ransomware attacks, vendor compromise, and human error continue to cause widespread disruption. In 2023, breaches exposed 168 million records, and the first

Breaches are up, budgets are too, so why isn’t healthcare safer? Read More »

Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025

News, Week in review /

Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025 2025-08-10 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Hat USA 2025 Black Hat USA 2025 took place at the Mandalay Bay Convention Center in Las Vegas. Explore

Week in review: SonicWall firewalls targeted in ransomware attacks, Black Hat USA 2025 Read More »

August 2025 Patch Tuesday forecast: Try, try, again

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, Patch Tuesday, SharePoint /

August 2025 Patch Tuesday forecast: Try, try, again 2025-08-08 at 09:30 By Help Net Security July turned into a surprisingly busy month. It started slowly with a fairly ‘calm’ Patch Tuesday as I forecasted in my last blog. Although there were 130 new CVEs addressed across all the Microsoft releases, there was only one publicly

August 2025 Patch Tuesday forecast: Try, try, again Read More »

Third-party partners or ticking time bombs?

CISO, cyber risk, cybersecurity, CyXcel, Don't miss, Hot stuff, News, resilience, Risk Management, strategy, supply chain, third party compromise, tips, Video /

Third-party partners or ticking time bombs? 2025-08-08 at 08:46 By Help Net Security In this Help Net Security video, Ngaire Elizabeth Guzzetti, Technical Director Supply Chain at CyXcel, discusses why a third of U.S. organizations don’t trust third-party vendors to manage critical risks and what that means for supply chain security. She breaks down the

Third-party partners or ticking time bombs? Read More »

From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends

cybersecurity, LevelBlue, News, report, social engineering, threats /

From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends 2025-08-08 at 08:07 By Sinisa Markovic Cybercriminals are getting better at lying. That’s the takeaway from a new LevelBlue report, which outlines how attackers are using social engineering and legitimate tools to quietly move through environments before they’re caught. Data showing at what stage

From fake CAPTCHAs to RATs: Inside 2025’s cyber deception threat trends Read More »

Fraud controls don’t guarantee consumer trust

Artificial Intelligence, Experian, fraud, generative AI, identity verification, News, report /

Fraud controls don’t guarantee consumer trust 2025-08-08 at 07:31 By Help Net Security Over a third of companies say they are using AI, including generative AI, to fight fraud, according to Experian. As fraud threats become more complex, companies are accelerating their investments with over half adopting new analytics and building AI models to enhance

Fraud controls don’t guarantee consumer trust Read More »

New infosec products of the week: August 8, 2025

Black Kite, Descope, Elastic, ExtraHop, LastPass, News, Riverbed /

New infosec products of the week: August 8, 2025 2025-08-08 at 07:02 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Black Kite, Descope, Elastic, ExtraHop, LastPass, and Riverbed. Elastic AI SOC Engine helps SOC teams expose hidden threats Elastic AI SOC Engine (EASE) is a

New infosec products of the week: August 8, 2025 Read More »

What GPT‑5 means for IT teams, devs, and the future of AI at work

Artificial Intelligence, Azoma, ChatGPT, Don't miss, generative AI, LLMs, News /

What GPT‑5 means for IT teams, devs, and the future of AI at work 2025-08-07 at 20:58 By Sinisa Markovic OpenAI has released GPT‑5, the newest version of its large language model. It’s now available to developers and ChatGPT users, and it brings some real changes to how AI can be used in business and

What GPT‑5 means for IT teams, devs, and the future of AI at work Read More »

Scroll to Top