Week in review

Week in review: Trojanized KeePass allows ransomware attacks, cyber risks of AI hallucinations 2025-05-25 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Trojanized KeePass opens doors for ransomware attackers A suspected initial access broker has been leveraging trojanized versions of the open-source […]

React to this headline:

Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited 2025-05-18 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 Patch Tuesday, Microsoft has released security fixes for

React to this headline:

Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast 2025-05-11 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What a future without CVEs means for cyber defense For many cybersecurity professionals, the CVE program is the

React to this headline:

Week in review: Critical SAP NetWeaver flaw exploited, RSAC 2025 Conference 2025-05-04 at 10:47 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RSAC 2025 Conference RSAC 2025 Conference took place at the Moscone Center in San Francisco. Check out our microsite for related news,

React to this headline:

Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public 2025-04-27 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs MITRE has released the latest version of its ATT&CK framework,

React to this headline:

Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed 2025-04-20 at 11:33 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) Apple has released emergency security updates for iOS/iPadOS,

React to this headline:

Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed 2025-04-13 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) April 2025 Patch Tuesday is here, and Microsoft has delivered fixes

React to this headline:

Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast 2025-04-06 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warning about a significant increase of scanning

React to this headline:

Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot 2025-03-30 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft is rolling out a new generation

React to this headline:

Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware 2025-03-23 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Veeam has released fixes for a critical

React to this headline:

Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books 2025-03-16 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can

React to this headline:

Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs 2025-03-09 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How QR code attacks work and how to protect yourself While QR codes are convenient, they

React to this headline:

Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released 2025-03-02 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying

React to this headline:

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from 2025-02-23 at 12:41 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who

React to this headline:

Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged 2025-02-16 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes

React to this headline:

Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play 2025-02-09 at 11:11 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip

React to this headline:

Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers 2025-02-02 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085)

React to this headline:

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams 2025-01-26 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation

React to this headline:

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked 2025-01-19 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is encrypting data stored

React to this headline:

Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast 2025-01-12 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways,

React to this headline: