Legal gaps in AI are a business risk, not just a compliance issue 2025-07-14 at 07:02 By Anamarija Pogorelec A new report from Zendesk outlines a growing problem for companies rolling out AI tools: many aren’t ready to manage the risks. The AI Trust Report 2025 finds that while AI is moving into customer service […]
Legal gaps in AI are a business risk, not just a compliance issue Read More »
Week in review: Microsoft fixes wormable RCE bug on Windows, check for CitrixBleed 2 exploitation 2025-07-13 at 10:21 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) For July 2025 Patch Tuesday, Microsoft has released patches for 130
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) 2025-07-11 at 15:32 By Zeljka Zorz Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses,
Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812) Read More »
Behind the code: How developers work in 2025 2025-07-11 at 13:01 By Anamarija Pogorelec How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday workflows.
Behind the code: How developers work in 2025 Read More »
Where policy meets profit: Navigating the new frontier of defense tech startups 2025-07-11 at 08:33 By Mirko Zorz In this Help Net Security interview, Thijs Povel, Managing Partner at Ventures.eu, discusses how the firm evaluates emerging technologies through the lens of defense and resilience. He explains how founders from both defense and adjacent sectors are
Where policy meets profit: Navigating the new frontier of defense tech startups Read More »
Employees are quietly bringing AI to work and leaving security behind 2025-07-11 at 08:06 By Help Net Security While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating
Employees are quietly bringing AI to work and leaving security behind Read More »
Financial firms are locking the front door but leaving the back open 2025-07-11 at 07:32 By Anamarija Pogorelec Financial institutions are building stronger defenses against direct cyberattacks, but they may be overlooking a growing problem: their vendors. According to Black Kite’s new report, third-party risk has become one of the biggest cybersecurity threats facing the
Financial firms are locking the front door but leaving the back open Read More »
New infosec products of the week: July 11, 2025 2025-07-11 at 07:01 By Sinisa Markovic Here’s a look at the most interesting products from the past week, featuring releases from Barracuda Networks, Cynomi, Lepide, Tosibox, and Zenni Optical. Cynomi’s platform updates enable service providers to prioritize their security efforts Cynomi has launched new business impact
New infosec products of the week: July 11, 2025 Read More »
Four arrested in connection with M&S, Co-op ransomware attacks 2025-07-10 at 17:19 By Zeljka Zorz Four individuals suspected of having been involved in the ransomware attacks that hit UK-based retailers earlier this year have been arrested by the UK National Crime Agency. “Two males aged 19, another aged 17, and a 20-year-old female were apprehended
Four arrested in connection with M&S, Co-op ransomware attacks Read More »
Ruckus network management solutions riddled with unpatched vulnerabilities 2025-07-10 at 15:52 By Zeljka Zorz Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have
Ruckus network management solutions riddled with unpatched vulnerabilities Read More »
What EU’s PQC roadmap means on the ground 2025-07-10 at 09:11 By Mirko Zorz In this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and addresses both the technical and regulatory challenges of migrating to PQC. Warburton also outlines practical steps
What EU’s PQC roadmap means on the ground Read More »
Fake online stores look real, rank high, and trap unsuspecting buyers 2025-07-10 at 08:32 By Sinisa Markovic Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device. E-shop scams rose by 790% in the first
Fake online stores look real, rank high, and trap unsuspecting buyers Read More »
Open source has a malware problem, and it’s getting worse 2025-07-10 at 08:27 By Help Net Security Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204.
Open source has a malware problem, and it’s getting worse Read More »
C-suites step up on OT cybersecurity, and it’s paying off 2025-07-10 at 07:44 By Help Net Security There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives, according to Fortinet. Growing maturity in OT cybersecurity processes and solutions (Source: Fortinet) OT security moves
C-suites step up on OT cybersecurity, and it’s paying off Read More »
Global software supply chain visibility remains critically low 2025-07-10 at 07:44 By Help Net Security Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. Poor risk visibility leaves software supply chains
Global software supply chain visibility remains critically low Read More »
Train smarter, respond faster: Close the skill gaps in your SOC 2025-07-09 at 16:05 By Zeljka Zorz “In today’s fast-paced digital landscape” – as AI chatbots are fond of phrasing it – a cyber attack targeting your organization is a statistical certainty. But is your security team ready to respond when it happens? Can they
Train smarter, respond faster: Close the skill gaps in your SOC Read More »
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) 2025-07-09 at 14:31 By Zeljka Zorz For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed (CVE-2025-49719) and a wormable RCE bug on Windows and Windows Server (CVE-2025-47981). CVE-2025-49719 and CVE-2025-49717, in Microsoft SQL Server CVE-2025-49719 is an uninitialized memory
Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) Read More »
Why your security team feels stuck 2025-07-09 at 08:44 By Mirko Zorz Cybersecurity friction usually gets framed as a user problem: password policies that frustrate employees, MFA that slows down logins, or blocked apps that send workers into the arms of shadow IT. But there’s a different kind of friction happening behind the scenes, and
Why your security team feels stuck Read More »
It’s time to give AI security its own playbook and the people to run it 2025-07-09 at 08:04 By Mirko Zorz In this Help Net Security interview, Dr. Nicole Nichols, Distinguished Engineer in Machine Learning Security at Palo Alto Networks, discusses why existing security models need to evolve to address the risks of AI agents.
It’s time to give AI security its own playbook and the people to run it Read More »
Kanvas: Open-source incident response case management tool 2025-07-09 at 07:31 By Mirko Zorz Kanvas is an open-source incident response case management tool with a simple desktop interface, built in Python. It gives investigators a place to work with SOD (Spreadsheet of Doom) or similar files, so they can handle key tasks without jumping between different
Kanvas: Open-source incident response case management tool Read More »