CISOs brace for a new kind of AI chaos 2025-09-12 at 08:47 By Anamarija Pogorelec AI is being added to business processes faster than it is being secured, creating a wide gap that attackers are already exploiting, according to the SANS Institute. The scale of the problem Attackers are using AI to work at speeds […]
React to this headline:
CISOs brace for a new kind of AI chaos Read More »
Attackers are coming for drug formulas and patient data 2025-09-12 at 08:18 By Sinisa Markovic In the pharmaceutical industry, clinical trial data, patient records, and proprietary drug formulas are prime targets for cybercriminals. These high-value assets make the sector a constant focus for attacks. Disruptions to research or medicine distribution can have life-threatening consequences. “During
React to this headline:
Attackers are coming for drug formulas and patient data Read More »
Ransomware, vendor outages, and AI attacks are hitting harder in 2025 2025-09-12 at 07:57 By Mirko Zorz Ransomware, third-party disruptions, and the rise of AI-powered attacks are reshaping the cyber risk landscape in 2025. A new midyear analysis from Resilience shows how these forces are playing out in real-world incidents and how they are changing
React to this headline:
Ransomware, vendor outages, and AI attacks are hitting harder in 2025 Read More »
New infosec products of the week: September 12, 2025 2025-09-12 at 07:02 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from Cynomi, DataLocker, Gigamon, Lookout, and Relyance AI. Cynomi simplifies vendor risk management Cynomi’s TPRM provides MSPs and MSSPs with a scalable way to deliver these
React to this headline:
New infosec products of the week: September 12, 2025 Read More »
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls 2025-09-11 at 18:25 By Zeljka Zorz Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting it. Like last September and earlier this year, the attackers are affiliates of the Akira
React to this headline:
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Read More »
Default Cursor setting can be exploited to run malicious code on developers’ machines 2025-09-11 at 14:02 By Zeljka Zorz An out-of-the-box setting in Cursor, a popular AI source-code editor, could be leveraged by attackers to covertly run malicious code on users’ computers, researchers have warned. An exploitable vulnerability in the Cursor AI editor Cursor is
React to this headline:
Default Cursor setting can be exploited to run malicious code on developers’ machines Read More »
When typing becomes tracking: Study reveals widespread silent keystroke interception 2025-09-11 at 09:17 By Mirko Zorz You type your email address into a website form but never hit submit. Hours later, a marketing email shows up in your inbox. According to new research, that is not a coincidence. A team of researchers from UC Davis,
React to this headline:
When typing becomes tracking: Study reveals widespread silent keystroke interception Read More »
How attackers weaponize communications networks 2025-09-11 at 08:30 By Mirko Zorz In this Help Net Security interview, Gregory Richardson, Vice President, Advisory CISO Worldwide, at BlackBerry, talks about the growing risks to communications networks. He explains why attackers focus on these networks and how their motivations range from corporate espionage to geopolitical influence. The discussion
React to this headline:
How attackers weaponize communications networks Read More »
AI is everywhere, but scaling it is another story 2025-09-11 at 08:02 By Anamarija Pogorelec AI is being adopted across industries, but many organizations are hitting the same obstacles, according to Tines. IT leaders say orchestration is the key to scaling AI. They point to governance, visibility, and collaboration as the critical areas executives need
React to this headline:
AI is everywhere, but scaling it is another story Read More »
The state of DMARC adoption: What 10M domains reveal 2025-09-11 at 07:43 By Help Net Security In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email
React to this headline:
The state of DMARC adoption: What 10M domains reveal Read More »
Why organizations need a new approach to risk management 2025-09-11 at 07:12 By Anamarija Pogorelec To succeed in the risk environment, risk, audit, and compliance leaders need to focus on what Gartner calls “reflexive risk ownership.” This is a future state where business leaders don’t just identify and manage risks after they occur, but instinctively
React to this headline:
Why organizations need a new approach to risk management Read More »
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday 2025-09-10 at 13:56 By Zeljka Zorz On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively exploited. Among the critical and important vulnerabilities patched by Microsoft
React to this headline:
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday Read More »
Automated network pentesting uncovers what traditional tests missed 2025-09-10 at 11:45 By Zeljka Zorz Most organizations run an annual network penetration test, remediate the issues it uncovers, and move on. But attackers are probing networks every day, using publicly available tools to exploit common misconfigurations and overlooked vulnerabilities. A new report, based on over 50,000
React to this headline:
Automated network pentesting uncovers what traditional tests missed Read More »
Deepfakes are rewriting the rules of geopolitics 2025-09-10 at 09:21 By Sinisa Markovic Deception and media manipulation have always been part of warfare, but AI has taken them to a new level. Entrust reports that deepfakes were created every five minutes in 2024, while the European Parliament estimates that 8 million will circulate across the
React to this headline:
Deepfakes are rewriting the rules of geopolitics Read More »
Garak: Open-source LLM vulnerability scanner 2025-09-10 at 09:00 By Help Net Security LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks for problems like hallucinations, prompt injections, jailbreaks, and toxic outputs. By running
React to this headline:
Garak: Open-source LLM vulnerability scanner Read More »
Fixing silent failures in security controls with adversarial exposure validation 2025-09-10 at 08:16 By Help Net Security Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. Appearances can
React to this headline:
Fixing silent failures in security controls with adversarial exposure validation Read More »
AI agents are here, now comes the hard part for CISOs 2025-09-10 at 07:40 By Mirko Zorz AI agents are being deployed inside enterprises today to handle tasks across security operations. This shift creates new opportunities for security teams but also introduces new risks. Google Cloud’s new report, The ROI of AI 2025, shows that
React to this headline:
AI agents are here, now comes the hard part for CISOs Read More »
CISOs, stop chasing vulnerabilities and start managing human risk 2025-09-10 at 07:25 By Anamarija Pogorelec Breaches continue to grow in scale and speed, yet the weakest point remains unchanged: people. According to Dune Security’s 2025 CISO Risk Intelligence Survey, over 90 percent of incidents still originate from user behavior rather than technical flaws. The survey
React to this headline:
CISOs, stop chasing vulnerabilities and start managing human risk Read More »
Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses 2025-09-09 at 23:45 By Karl Sigler Trustwave’s Security & Compliance Team is aware of the Salesloft vulnerability affecting Drift chatbot integrations. Trustwave, A LevelBlue Company, and its affiliated entities do not utilize Drift, and Salesforce has confirmed the incident did not impact clients without this integration.
React to this headline:
Salesloft Drift Supply Chain Attack Affects Hundreds of Businesses Read More »
Plex tells users to change passwords due to data breach, pushes server owners to upgrade 2025-09-09 at 19:42 By Zeljka Zorz Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third party accessed a limited subset of customer data from
React to this headline:
Plex tells users to change passwords due to data breach, pushes server owners to upgrade Read More »