Média "HelpNetSecurity" - List of latest news (1 758 results)

13:44 2025 Data Breach Investigations Report: Third-party breaches double - Help Net Security

Verizon's Data Breach Investigations Report (DBIR) 2025 analyzed 22,052 security incidents, including 12,195 confirmed data breaches.

12:23 Attackers phish OAuth codes, take over Microsoft 365 accounts - Help Net Security

Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 accounts.

08:00 When confusion becomes a weapon: How cybercriminals exploit economic turmoil - Help Net Security

In times of economic uncertainty, cybersecurity is as much about psychology, communication, and foresight as it is about technology.

07:30 SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories - Help Net Security

By connecting powerful language models to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks.

07:00 The dark side of YouTube: Malicious links, phishing, and deepfakes - Help Net Security

Discover the most common scams on YouTube. Learn how these scams work and what you can do to stay safe online.

06:30 Phishing emails delivering infostealers surge 84% - Help Net Security

Cybercriminals continued to shift to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks declined.

06:00 Cybersecurity jobs available right now: April 23, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of April 23, 2025, including on-site, hybrid, and remote roles.

17:00 54% of tech hiring managers expect layoffs in 2025 - Help Net Security

54% of tech hiring managers say their companies are likely to conduct layoffs within 2025, according to a study by General Assembly.

22/04 PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433) - Help Net Security

There are now public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433).

22/04 The legal blind spot of shadow IT - Help Net Security

Shadow IT isn’t just a security risk — it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations.

22/04 Email security, simplified: How PowerDMARC makes DMARC easy - Help Net Security

PowerDMARC offers tools to assist organizations in meeting these requirements, including one-click DNS record generation and DMARC reporting.

22/04 The C-suite gap that's putting your company at risk - Help Net Security

The C-suite gap is real. About 68% of CISOs said top executives underestimate the danger. Only 57% of other C-suite leaders agreed.

22/04 What school IT admins are up against, and how to help them win - Help Net Security

School IT admins face big problems with few resources. Learn what they're up against and how we can support them.

22/04 Compliance weighs heavily on security and GRC teams - Help Net Security

The burden of compliance weighs heavy on security and GRC teams, and the pain is growing faster than teams can adapt.

21/04 Oracle releases Unbreakable Enterprise Kernel 8 (UEK 8) - Help Net Security

Oracle Unbreakable Enterprise Kernel 8 (UEK 8) includes updates to memory management, better file system support, faster networking, etc.

21/04 Hawk Eye: Open-source scanner uncovers secrets and PII across platforms - Help Net Security

Hawk Eye is an open-source tool that helps find sensitive data before it leaks. It runs from the command line and checks many types of storage for PII and

21/04 Cybercriminals blend AI and social engineering to bypass detection - Help Net Security

Adversaries have refined their techniques, blending social engineering with AI and automation to evade detection.

21/04 Cyber threats now a daily reality for one in three businesses - Help Net Security

Businesses are losing out on an average of $98.5 million a year as a consequence of cyber threats, fraud, and regulatory hurdles.

21/04 Why CISOs are watching the GenAI supply chain shift closely - Help Net Security

In supply chain operations, GenAI is gaining traction. But many security leaders remain uneasy about what that means for data protection.

20/04 Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple plugs zero-day holes used in targeted iPhone

18/04 The Zoom attack you didn't see coming - Help Net Security

Did you know that when participating in a Zoom call, you can grant permission to other participants to control your computer remotely? While this feature

18/04 Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035) - Help Net Security

CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers.

18/04 The UK’s phone theft crisis is a wake-up call for digital security - Help Net Security

The UK phone theft crisis shows phones are targets. Businesses and users must secure devices and treat them like digital vaults.

18/04 Securing digital products under the Cyber Resilience Act - Help Net Security

The Cyber Resilience Act sets minimum security standards for digital products, differing from GDPR in its regulatory approach.

18/04 When ransomware strikes, what’s your move? - Help Net Security

There are no rules in ransomware negotiations, because there is no honor among thieves. Nobody wants to be the CISO in this situation.

18/04 Widely available AI tools signal new era of malicious bot activity - Help Net Security

Rise in accessible AI tools lowered the barrier to entry for cyber attackers, enabling them to create and deploy malicious bots at scale.

18/04 New infosec products of the week: April 18, 2025 - Help Net Security

The featured infosec products this week are from: Cato Networks, Cyware, Entrust, PlexTrac, and Seemplicity.

17/04 SafeLine Bot Management: Self-hosted alternative to Cloudflare - Help Net Security

SafeLine Bot Management is a self-hosted, transparent, and cost-effective alternative that puts bot defense under your control.

17/04 Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054) - Help Net Security

CVE-2025-24054 has been exploited by threat actors in campaigns targeting government and private institutions in Poland and Romania.

17/04 Apple plugs zero-days holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) - Help Net Security

Apple has released emergency security updates to fix two actively exploited zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201).

17/04 Cyber threats against energy sector surge as global tensions mount - Help Net Security

Cyber threats targeting the energy sector are increasing, driven by a host of geopolitical and technological factors.

17/04 Gurucul introduces self-driving SIEM powered by AI enhancements - Help Net Security

Gurucul's Next-Gen SIEM empowers the entire SecOps team with autonomous automation to effectively manage and optimize data.

17/04 When AI agents go rogue, the fallout hits the enterprise - Help Net Security

AI agents pose risks such as biases, hallucinations, and vulnerabilities in LLMs, which can expose systems to breaches and manipulation.

17/04 Microsoft vulnerabilities: What's improved, what's at risk - Help Net Security

Microsoft reported a record 1,360 vulnerabilities in 2024, according to the BeyondTrust latest Microsoft Vulnerabilities Report.

17/04 Review: Hands-On Industrial Internet of Things - Help Net Security

Hands-On Industrial Internet of Things provides valuable insights and practical guidance for IoT architects, developers, AI engineers.

16/04 Cozy Bear targets EU diplomats with wine-tasting invites (again) - Help Net Security

APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events.

16/04 Funding uncertainty may spell the end of MITRE's CVE program - Help Net Security

The future of the CVE program hangs in the balance: MITRE could lose the US federal funding that helps them maintain it.

16/04 When companies merge, so do their cyber threats - Help Net Security

Mergers and acquisitions (M&A) deals can drive growth, but they also open the door to serious cybersecurity threats.

16/04 Strategic AI readiness for cybersecurity: From hype to reality - Help Net Security

AI readiness framework ensures resilient cybersecurity by integrating ethics, data, governance, and collaboration into AI strategies.

16/04 Attack Flow: Learn how cyber adversaries combine and sequence offensive techniques - Help Net Security

MITRE's Attack Flow project aims to translate complex cyber operations into a structured language. By describing how adversaries sequence and combine

16/04 The future of authentication: Why passwordless is the way forward - Help Net Security

Discover why passwordless authentication is essential for improving security, reducing risks, and enhancing user experience.

16/04 Browser extensions make nearly every employee a potential attack vector - Help Net Security

While Chrome, Edge and Firefox are the most common stores for extensions, the browser extension threat surface goes much wider.

15/04 Hertz data breach: Customers in US, EU, UK, Australia and Canada affected - Help Net Security

Car rental company Hertz has suffered a data breach linked to last year's exploitation of Cleo zero-day vulnerabilities by ransomware gang.

15/04 Critical flaws fixed in Nagios Log Server - Help Net Security

The Nagios Security Team has fixed three critical vulnerabilities affecting popular log management and analysis platform Nagios Log Server.

15/04 Why shorter SSL/TLS certificate lifespans matter - Help Net Security

Shorter certificate lifespans reduce attack windows, boost agility, and push organizations to reassess their cybersecurity operations.

15/04 Cybercriminal groups embrace corporate structures to scale, sustain operations - Help Net Security

Cybercriminal groups mimic corporate structures, offering pay, perks, and protection to build loyalty and sustain long-term operations.

15/04 94% of firms say pentesting is essential, but few are doing it right - Help Net Security

For many organizations, regular pentesting is an essential element of their security strategy, according to Cobalt.

15/04 Chief Legal Officers step up in cybersecurity oversight - Help Net Security

This video discusses how Chief Legal Officers (CLOs) are becoming integral leaders in cybersecurity strategy, holding leadership positions.

15/04 Cybersecurity jobs available right now: April 15, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of April 15, 2025, including on-site, hybrid, and remote roles.

14/04 Package hallucination: LLMs may deliver malicious code to careless devs - Help Net Security

LLMs' tendency to "hallucinate" code packages that don't exist could lead to a new type of supply chain attack dubbed "slopsquatting".

14/04 The quiet data breach hiding in AI workflows - Help Net Security

As AI becomes embedded in daily business workflows, the risk of data exposure increases. CISOs cannot treat this as a secondary concern.

14/04 Tirreno: Open-source fraud prevention platform - Help Net Security

Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products,

14/04 Sector by sector: How data breaches are wrecking bottom lines - Help Net Security

Data breaches drive up costs through lost trust, fines, and downtime—learn how industries can reduce impact with smarter strategies.

14/04 Organizations can't afford to be non-compliant - Help Net Security

Regulatory non-compliance can result in financial penalties ranging from thousands to millions of dollars, according to Secureframe

13/04 Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day

11/04 Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices - Help Net Security

An attacker using old FortiOS flaws to breach FortiGate devices has been leveraging symlink to retain limited access to them after patching.

11/04 Why security culture is crypto's strongest asset - Help Net Security

Building a strong crypto asset security culture requires employees and investors to fully understand potential risks.

11/04 Ransomware groups push negotiations to new levels of uncertainty - Help Net Security

Ransomware incidents continued to increase in frequency and severity in 2024, with remote access tools biggest contributor.

11/04 Why remote work is a security minefield (and what you can do about it) - Help Net Security

Explore the cybersecurity challenges businesses face in remote work and and learn how businesses can secure their employees.

11/04 iOS devices face twice the phishing attacks of Android - Help Net Security

2024 brought about countless new cybersecurity challenges including significant growth of the mobile threat landscape.

11/04 New infosec products of the week: April 11, 2025 - Help Net Security

The featured infosec products this week are from: Forescout, Index Engines, Jit, RunSafe Security, and Seal Security.

10/04 Trump orders revocation of security clearances for Chris Krebs, SentinelOne - Help Net Security

Trump signs Executive Order to revoke security clearance held by former CISA head Chris Krebs and his colleagues at SentinelOne.

10/04 FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887) - Help Net Security

Fortinet has released patches for a vulnerability (CVE-2024-48887) in its FortiSwitch devices that could give attackers admin privileges.

10/04 How to find out if your AI vendor is a security risk - Help Net Security

An AI vendor without strong security controls is a risk—if it can’t track API use or access, it doesn’t deserve your business.

10/04 From likes to leaks: How social media presence impacts corporate security - Help Net Security

Social media oversharing is a significant cybersecurity risk for companies, exposing them to phishing and data theft.

10/04 Review: The Ultimate Kali Linux Book, Third Edition - Help Net Security

The Ultimate Kali Linux Book is a practical guide that teaches the tools, techniques, and mindset needed to become a penetration tester.

09/04 WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) - Help Net Security

A WhatsApp for Windows security vulnerability (CVE-2025-30401) may allow attackers to trick users into running malicious code.

09/04 RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406) - Help Net Security

A RCE vulnerability (CVE-2025-30406) in Gladinet CentreStack file-sharing/remote file access platform has been added to CISA's KEV catalog.

09/04 OpenSSL prepares for a quantum future with 3.5.0 release - Help Net Security

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that

09/04 Why CISOs are doubling down on cyber crisis simulations - Help Net Security

Cyber crisis simulations observe how teams work under pressure. They tests processes, spot stress points, and support resilience.

09/04 Transforming cybersecurity into a strategic business enabler - Help Net Security

By ensuring that cybersecurity strategy is aligned with your mission, you can deliver on key business goals.

09/04 APTRS: Open-source automated penetration testing reporting system - Help Net Security

APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on

09/04 AI is challenging the geopolitical status quo - Help Net Security

New data from Armis Labs shows that the threat of AI in cyberwarfare is growing, and the geopolitical status quo is now a reality.

08/04 Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) - Help Net Security

For April 2025 Patch Tuesday, Microsoft delivers fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) under active attack.

08/04 11 cyber defense tips to stay secure at work and home - Help Net Security

Cybersecurity evolves with technology, making it our responsibility. Strengthen your cyber defense at home and work with these 11 steps.

08/04 Excessive agency in LLMs: The growing risk of unchecked autonomy - Help Net Security

Excessive agency refers to scenarios where the LLM executes unauthorized commands and makes unintended information disclosures.

08/04 Phishing, fraud, and the financial sector's crisis of trust - Help Net Security

Discover how advanced phishing attacks and fraud are impacting the financial sector, causing major losses and eroding customer trust.

08/04 Observability is security's way back into the cloud conversation - Help Net Security

Security teams must do the work of taking a seat at the table well in advance of organizational efforts to roll out cloud infrastructure.

08/04 Cyberattacks on water and power utilities threaten public safety - Help Net Security

80% of utility operators were targeted by cyberattacks in the past year, according to The State of Critical Infrastructure Resilience report.

08/04 Cybersecurity jobs available right now: April 8, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of April 8, 2025, including on-site, hybrid, and remote roles.

07/04 WinRAR MotW bypass flaw fixed, update ASAP (CVE-2025-31334) - Help Net Security

A flaw (CVE-2025-31334) allowing attackers to bypass Windows' MotW security warning and execute arbitrary code has been fixed in WinRAR 7.11.

07/04 CISOs battle security platform fatigue - Help Net Security

It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds

07/04 The shift to identity-first security and why it matters - Help Net Security

Arun Shrestha discusses AI's impact on access management, identity-first security, and how CISOs can adopt AI responsibly and securely.

07/04 YES3 Scanner: Open-source S3 security scanner for public access, ransomware protection - Help Net Security

YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as

07/04 The rise of compromised LLM attacks - Help Net Security

Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses the rise of compromised LLM attacks.

06/04 Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect

04/04 April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft - Help Net Security

Todd Schell from Ivanti gives his overview of March 2025 and forecast for April 2025 Patch Tuesday. Are you ready to get patching?

04/04 Forward-thinking CISOs are shining a light on shadow IT - Help Net Security

CISO Curtis Simpson discusses balancing security with innovation in shadow IT and the need for real-time visibility to manage risks.

04/04 Connected cars drive into a cybersecurity crisis - Help Net Security

Explore the cybersecurity risks of modern vehicles, from remote hacks to vulnerabilities in autonomous cars.

04/04 Benefits from privacy investment are greater than the cost - Help Net Security

Organizations report strong returns on privacy investment benefits, highlighting improved customer trust, and increased consumer confidence.

04/04 Inside the AI-driven threat landscape - Help Net Security

This video discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers.

04/04 New infosec products of the week: April 4, 2025 - Help Net Security

The featured infosec products this week are from: 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam.

03/04 Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) - Help Net Security

A suspected Chinese APT group has exploited CVE-2025-22457 - previously thought not to be exploitable - to compromise Ivanti VPN appliances.

03/04 Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) - Help Net Security

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers, CISA warned.

03/04 Phishers are increasingly impersonating electronic toll collection companies - Help Net Security

Three US electronic toll collection companies made it into Guardio's Q1 2025 Top 10 list of brands imitated for phishing.

03/04 Beware fake AutoCAD, SketchUp sites dropping malware - Help Net Security

Malware peddlers are saddling users with backdoors via malicious sites that mimic official AutoCAD and SketchUp sites.

03/04 7 ways to get C-suite buy-in on that new cybersecurity tool - Help Net Security

Winning C-suite buy-in for a cybersecurity tool means framing it as a business enabler, reducing risks, and driving competitive growth.

03/04 Building a cybersecurity strategy that survives disruption - Help Net Security

Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable

03/04 Cybercriminals exfiltrate data in just three days - Help Net Security

The median time between attackers’ initial action and their first attempt to breach Active Directory (AD) was just 11 hours.

03/04 Open-source malware doubles, data exfiltration attacks dominate - Help Net Security

A total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype's Open Source Malware Index.

03/04 Review: Zero to Engineer - Help Net Security

Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree.

02/04 How to map and manage your cyber attack surface with EASM - Help Net Security

The external attack surface management platform monitors for changes and new domains, keeping assets updated and security ahead.

02/04 Google is making sending end-to-end encrypted emails easy - Help Net Security

Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now.

02/04 North Korean IT workers set their sights on European organizations - Help Net Security

North Korean IT workers are seeking to fraudulently gain employment with organizations around the world, including Europe.

02/04 Balancing data protection and clinical usability in healthcare - Help Net Security

This article explores the growing ransomware threat in healthcare, highlighting challenges in healthcare data protection, and more.

02/04 BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework - Help Net Security

BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is

02/04 Only 1% of malicious emails that reach inboxes deliver malware - Help Net Security

Email threats of all kinds will become more personalized, making them harder to ignore and more convincing.

02/04 Your smart home may not be as secure as you think - Help Net Security

Discover the security risks of smart IoT devices and learn practical tips to protect your connected home from cyber threats.

01/04 Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) - Help Net Security

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening.

01/04 Building a reasonable cyber defense program - Help Net Security

Document each cybersecurity step with CIS SecureSuite to reliably maintain, review, and refine a reasonable cyber defense program.

01/04 Attackers are probing Palo Alto Networks GlobalProtect portals - Help Net Security

GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals.

01/04 Why global tensions are a cybersecurity problem for every business - Help Net Security

As global tensions rise, cybersecurity faces increasing growing threats from sophisticated nation-state attacks.

01/04 How to build an effective cybersecurity simulation - Help Net Security

Cybersecurity simulations exercise real-world resilience, helping companies prepare for actual crises, not just compliance.

01/04 The human side of insider threats: People, pressure, and payback - Help Net Security

Discover why employees may become insider threats and find out how to protect your organization from these risks.

01/04 Generative AI Is reshaping financial fraud. Can security keep up? - Help Net Security

Yinglian Xie discusses how AI-driven fraud prevention strategies, real-time data orchestration, and ML balance security and user experience.

01/04 Cybersecurity jobs available right now: April 1, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of April 1, 2025, including on-site, hybrid, and remote roles.

31/03 CISA reveals new malware variant used on compromised Ivanti Connect Secure devices - Help Net Security

CISA has released IOCs and updated mitigation advice for rooting out new malware used on Ivanti Connect Secure VPN appliances.

31/03 EU invests €1.3 billion in AI and cybersecurity - Help Net Security

DIGITAL is an EU funding initiative designed to bring digital technology closer to businesses, citizens, and public administrations.

31/03 Windows 11 quick machine recovery: Restoring devices with boot issues - Help Net Security

Microsoft has rolled out Quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages.

31/03 Canada launches breach risk self-assessment online tool - Help Net Security

The privacy breach risk self-assessment tool guides users through a series of questions to assess the sensitivity of personal information.

31/03 Two things you need in place to successfully adopt AI - Help Net Security

Organizations need a seamless AI security policy to maximize efficiency, mitigate risk, and protect sensitive data while using AI tools.

31/03 Exegol: Open-source hacking environment - Help Net Security

Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It's made for penetration testers, CTF

31/03 Only 2-5% of application security alerts require immediate action - Help Net Security

The large volume of security alerts, many created by automated tools, is overwhelming security and development teams.

31/03 GenAI turning employees into unintentional insider threats - Help Net Security

99% of organizations are enforcing policies to reduce the risks associated with GenAI apps, according to Netskope.

31/03 How to recognize and prevent deepfake scams - Help Net Security

Learn how deepfakes work, the risks they pose in fraud and misinformation, and effective ways to detect and prevent deepfake scams.

30/03 Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching,

28/03 Cloudflare open sources OPKSSH to bring Single Sign-On to SSH - Help Net Security

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OIDC, allowing devs to ditch manually configured SSH keys.

28/03 Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) - Help Net Security

There's currently no indication that the Firefox sandbox escape vulnerability (CVE-2025-2857) is under active exploitation.

28/03 Android financial threats: What businesses need to know to protect themselves and their customers - Help Net Security

Android financial threats, targeting banking apps and cryptocurrency wallets, grew by 20% in H2 of 2024 compared to the H1 of the year.

28/03 Cybersecurity spending set to jump 12.2% in 2025 - Help Net Security

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the forecast from the IDC Worldwide Security Spending Guide.

28/03 Healthcare's alarming cybersecurity reality - Help Net Security

89% of healthcare organizations have the top 1% of riskiest IoMT devices – which contain known exploitable vulnerabilities.

28/03 Post-quantum cryptography and the future of online safety - Help Net Security

This video explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare.

28/03 Infosec products of the month: March 2025 - Help Net Security

The featured infosec products this month are from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, iProov, Keysight Technologies, and more.

27/03 CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) - Help Net Security

A critical vulnerability (CVE-2025-2825) in the CrushFTP file transfer solution can give attackers access to internet-facing servers.

27/03 The hidden costs of security tool bloat and how to fix it - Help Net Security

Deep observability unifies log and network telemetry, streamlining security tool stacks, boosting efficiency, and ensuring defense.

27/03 Cyber insurance isn't always what it seems - Help Net Security

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others

27/03 Hottest cybersecurity open-source tools of the month: March 2025 - Help Net Security

This article features open-source cybersecurity tools that are gaining attention for strengthening security across various environments.

27/03 ETSI releases security standard for the quantum future - Help Net Security

ETSI security standard helps IT define who can decrypt app data, ensuring access control beyond just entry permissions.

26/03 Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool - Help Net Security

EDRKillShifter is an EDR killer targeting a variety of security solutions that the RansomHub operators expect to find.

26/03 China-linked FamousSparrow APT group resurfaces with enhanced capabilities - Help Net Security

FamousSparrow, a China-aligned Advanced Persistent APT group, deployed two previously undocumented versions of the SparrowDoor backdoor.

26/03 If you think you're immune to phishing attempts, you're wrong! - Help Net Security

How security consultant Troy Hunt got tricked by a clever phishing email and his Mailchimp account got compromised.

26/03 Whitepaper: Voice of Security 2025 - Help Net Security

Discover insights from 900 security leaders in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS.

26/03 Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) - Help Net Security

Google is rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability exploited by an APT group.

26/03 A CISO’s guide to securing AI models - Help Net Security

CISOs should adopt a proactive security approach, from release to operation, to protect ML models from emerging threats.

26/03 Malwoverview: First response tool for threat hunting - Help Net Security

Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families,

26/03 How does your data end up on the dark web? - Help Net Security

Learn how the dark web works, and how cybercriminals use it to trade stolen data and conduct illegal activities.

25/03 Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover - Help Net Security

"IngressNightmare" vulnerabilities affecting Ingress NGINX Controller for Kubernetes that may be used to take over Kubernetes clusters.

25/03 Review: The Developer's Playbook for Large Language Model Security - Help Net Security

With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into

25/03 Microsoft’s new AI agents take on phishing, patching, alert fatigue - Help Net Security

Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with the most time-consuming security challenges.

25/03 The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses - Help Net Security

The vCISO Academy trains service providers to expand cybersecurity services, better serve clients, and enhance resilience—for free.

25/03 Spring clean your security data: The case for cybersecurity data hygiene - Help Net Security

Poor data hygiene isn't just an annoyance; it actively degrades security operation capabilities and readiness.

25/03 OT systems are strategic targets in global power struggles - Help Net Security

Compared to 2023, 2024 saw a smaller increase in cyberattacks that caused physical consequences on OT organizations.

25/03 Cybersecurity jobs available right now: March 25, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of March 25, 2025, including on-site, hybrid, and remote roles.

24/03 Protecting your personal information from data brokers - Help Net Security

Learn how data brokers collect and sell your personal information. Discover the steps you can take to protect your privacy.

24/03 Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) - Help Net Security

A critical auth bypass vulnerability (CVE-2025-29927) in the Next.js framework can be trivially exploited to compromise web apps.

24/03 How AI, corruption and digital tools fuel Europe's criminal underworld - Help Net Security

Europol reveals how the Europe criminal underworld is evolving, posing a growing threat to security and stability.

24/03 Enterprises walk a tightrope between AI innovation and security - Help Net Security

AI/ML tool usage surged globally in 2024, with enterprises integrating AI into operations and employees embedding it in daily workflows.

24/03 Finders Keypers: Open-source AWS KMS key usage finder - Help Net Security

Finders Keypers is an open-source tool that helps to discover usage and blast radius of encryption keys in AWS.

24/03 Cloud providers aren’t delivering on security promises - Help Net Security

Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf.

23/03 Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability

21/03 53% of security teams lack continuous and up-to-date visibility - Help Net Security

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations increase AI adoption.

21/03 Malicious ads target Semrush users to steal Google account credentials - Help Net Security

Cyber crooks are exploiting users' interest in Semrush, a popular SEO and market research SaaS platform, to steal Google account credentials.

21/03 NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) - Help Net Security

A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, used by orgs of all sizes and MSPs, is being exploited by attackers.

21/03 The hidden risk in SaaS: Why companies need a digital identity exit strategy - Help Net Security

Relying on SaaS providers outside your region for identity services is a risky gamble companies can't afford amid sudden policy shifts.

21/03 AI will make ransomware even more dangerous - Help Net Security

49% of security professionals say their company leaders possess a high level of understanding for exposure management.

21/03 Scammers cash in on tax season - Help Net Security

Scammers have long used tax season to exploit people sharing sensitive financial information, but AI has made their scams more convincing.

21/03 New infosec products of the week: March 21, 2025 - Help Net Security

The featured infosec products this week are from: 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks.

20/03 Why rooting and jailbreaking make you a target - Help Net Security

As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking mobile devices remain a powerful attack vector.

20/03 Cybersecurity jobs available right now in the USA: March 20, 2025 - Help Net Security

Here are the cybersecurity job openings in the USA as of March 20, 2025, including on-site, hybrid, and remote roles.

20/03 Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) - Help Net Security

Veeam has released fixes for a critical RCE vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution

20/03 RansomHub affiliate leverages multi-function Betruger backdoor - Help Net Security

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to effect various actions during their attacks.

20/03 Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates - Help Net Security

Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience.

20/03 5 pitfalls that can delay cyber incident response and recovery - Help Net Security

Avoiding incident response pitfalls is key to cyber resilience. CISOs must refine planning, communication, and automation to stay ahead.

20/03 How healthcare CISOs can balance security and accessibility without compromising care - Help Net Security

HealthEquity CISO discusses how vendor management and zero trust help mitigate healthcare data risk and protect vital patient care.

20/03 Chinese military-linked companies dominate US digital supply chain - Help Net Security

Despite growing national security concerns, Chinese military-linked companies remain deeply embedded in the US digital supply chain.

20/03 70% of leaked secrets remain active two years later - Help Net Security

The explosion of leaked secrets represents one of the most significant yet underestimated threats in cybersecurity.

19/03 Most organizations change policies to reduce CISO liability risk - Help Net Security

93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs.

19/03 Report: The State of Secrets Sprawl 2025 - Help Net Security

GitGuardian’s 2025 report shows secrets sprawl remains unchecked, with 23.8 million leaks on public GitHub in 2024.

19/03 APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) - Help Net Security

State-sponsored cyber spies and cybercrime groups have been exploiting a zero-day Windows vulnerability (ZDI-CAN-25373) since 2017.

19/03 Moving beyond checkbox security for true resilience - Help Net Security

In this Help Net Security interview, MITRE’s William Booth covers proactive security measures, compliance and emerging threats.

19/03 Dependency-Check: Open-source Software Composition Analysis (SCA) tool - Help Net Security

Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities.

19/03 Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK - Help Net Security

Find out how to secure your iCloud data after Apple removed Advanced Data Protection in the UK, exposing backups, photos, and Notes to risks.

18/03 The rise of DAST 2.0 in 2025 - Help Net Security

Modern DAST validates risk in real time, integrates with engineering, proves exploitability, and enables fast, effective fixes.

18/03 How AI and automation are reshaping security leadership - Help Net Security

If security leaders gained time through automation or AI, 43% would use it to focus more on security policy development.

18/03 Stealthy StilachiRAT steals data, may enable lateral movement - Help Net Security

While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat, according to Microsoft.

18/03 FBI: Free file converter sites and tools deliver malware - Help Net Security

Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools.

18/03 How financial institutions can minimize their attack surface - Help Net Security

Sunil Mallik discusses cybersecurity threats that financial institutions face and how organizations can strengthen their security.

18/03 Hackers target AI and crypto as software supply chain risks grow - Help Net Security

Software supply chain attacks are rising as open-source and commercial software face critical vulnerabilities and targeted threats.

18/03 Cybersecurity jobs available right now: March 18, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of March 18, 2025, including on-site, hybrid, and remote roles.

17/03 How to encrypt and secure sensitive files on macOS - Help Net Security

Encrypting files on macOS protects data from hackers and theft, ensuring security even if a device is lost or stolen.

17/03 GitHub project maintainers targeted with fake security alert - Help Net Security

Phishers are targeting GitHub account owners with a fake security alert that leads to a malicious OAuth app.

17/03 Review: Cybersecurity Tabletop Exercises - Help Net Security

Cybersecurity Tabletop Exercises offers insights into how organizations have leveraged tabletop exercises to identify security gaps.

17/03 IntelMQ: Open-source tool for collecting and processing security feeds - Help Net Security

IntelMQ is an open-source solution designed to help IT security teams streamline the collecting and processing security feeds.

16/03 Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum

14/03 Quantifying cyber risk strategies to resonate with CFOs and boards - Help Net Security

Mir Kashifuddin discusses how CISOs can align cyber risk with business value, drive resilience, and secure a stronger strategic role.

14/03 Top 5 threats keeping CISOs up at night in 2025 - Help Net Security

Here are the top five threats keeping CISOs up at night in 2025 and what CISOs can do about them.

14/03 94% of Wi-Fi networks lack protection against deauthentication attacks - Help Net Security

A report, based on an analysis of over 500,000 wireless networks, reveals that 6% are protected against Wi-Fi deauthentication attacks.

14/03 New infosec products of the week: March 14, 2025 - Help Net Security

The featured infosec products this week are from: Alloy, Detectify, Pondurance, and SimSpace.

13/03 How to secure your personal metadata from online trackers - Help Net Security

Learn how to protect your privacy by securing personal metadata from online trackers, advertisers, and cyber threats with these simple tips.

13/03 CISOs, are your medical devices secure? Attackers are watching closely - Help Net Security

Learn how CISOs can secure medical devices, mitigate risks, and implement strategies to protect patient safety and healthcare infrastructure.

13/03 Cybersecurity classics: 10 books that shaped the industry - Help Net Security

Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats.

13/03 Cybersecurity jobs available right now in Europe: March 13, 2025 - Help Net Security

Here are the cybersecurity job openings in Europe as of March 13, 2025, including on-site, hybrid, and remote roles.

12/03 Goodbye passwords? Enterprises ramping up passkey adoption - Help Net Security

Enterprise passkey adoption rises as businesses move away from passwords to enhance security, combat AI-driven threats.

12/03 NIST selects HQC as backup algorithm for post-quantum encryption - Help Net Security

NIST has chosen a new algorithm for post-quantum encryption called HQC, which will serve as a backup for ML-KEM.

12/03 NetBird: Open-source network security - Help Net Security

NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single

12/03 Burnout in cybersecurity: How CISOs can protect their teams (and themselves) - Help Net Security

Cybersecurity burnout is a growing crisis, impacting team performance and retention. Explore the warning signs and strategies CISOs can use.

11/03 How to spot and avoid AI-generated scams - Help Net Security

Discover how cybercriminals exploit AI for phishing, deepfakes, and voice cloning, and learn how to spot key signs of AI-generated scams.

11/03 Smart cybersecurity spending and how CISOs can invest where it matters - Help Net Security

This article explores why smart cybersecurity spending means better protection and where CISOs should invest for maximum impact.

11/03 How remote work strengthens cybersecurity teams - Help Net Security

Remote work enhances cybersecurity by expanding the talent pool, driving zero trust adoption, and improving resilience through monitoring.

11/03 Cybersecurity jobs available right now: March 11,2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of March 11, 2025, including on-site, hybrid, and remote roles.

10/03 Review: The Cybersecurity Trinity - Help Net Security

Cybersecurity Trinity provides an approach to cybersecurity by integrating AI, automation, and active cyber defense into a unified strategy.

10/03 March 2025 Patch Tuesday forecast: A return to normalcy - Help Net Security

Todd Schell from Ivanti gives his overview of February and forecast for March 2025 Patch Tuesday. Are you ready to get patching?

10/03 Hetty: Open-source HTTP toolkit for security research - Help Net Security

Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro.

10/03 How to safely dispose of old tech without leaving a security risk - Help Net Security

Learn how to securely dispose of old tech without leaving behind sensitive data or risking unauthorized access to your personal information.

10/03 Who’s in your digital house? The truth about third-party access - Help Net Security

Fran Rosch discusses organizations’ challenges in securing third-party access and offers insights on how businesses can address these risks.

09/03 Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How QR code attacks work and how to protect yourself

07/03 Cloud security gains overshadowed by soaring storage fees - Help Net Security

Cloud storage fees (API calls, data access, etc.) comprise 49% of an average user’s service bill, compared to the actual stored capacity.

07/03 Can AI-powered gamified simulations help cybersecurity teams keep up? - Help Net Security

AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance the skills of cybersecurity teams.

07/03 AI threats and workforce shortages put pressure on security leaders - Help Net Security

Fortra’s John Grancarich discusses growing concerns among security leaders about AI-driven threats and the cybersecurity skills shortage

07/03 New infosec products of the week: March 7, 2025 - Help Net Security

The featured infosec products this week are from: Outpost24, Palo Alto Networks, Red Canary, and Sonatype.

06/03 Cybersecurity jobs available right now in the USA: March 6, 2025 - Help Net Security

Here are the cybersecurity job openings in the USA as of March 6, 2025, including on-site, hybrid, and remote roles.

06/03 How to prevent data leakage in collaboration tools like Slack and Teams - Help Net Security

Learn how to prevent data leakage in collaboration tools like Slack and Teams by enforcing proper permissions and monitoring user activity.

06/03 The CISO's bookshelf: 10 must-reads for security leaders - Help Net Security

Discover essential reads for CISOs in this curated list of books covering cybersecurity leadership, risk management, board communication, etc.

06/03 89% of enterprise AI usage is invisible to the organization - Help Net Security

Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report.

05/03 The 5 stages of incident response grief - Help Net Security

This article compares the Five Stages of Grief to incident response offering security teams new insights to manage cyber breaches.

05/03 Fix Inventory: Open-source cloud asset inventory tool - Help Net Security

Fix Inventory is an open-source tool that addresses key cloud asset inventory issues. It was built for cloud-native environments.

05/03 Why multi-cloud security needs a fresh approach to stay resilient - Help Net Security

Multi-cloud security demands a new approach as organizations face complex attack surfaces, inconsistent policies, and evolving threats.

05/03 Scammers take over social media - Help Net Security

Cybercriminals increasingly exploit social media using AI-driven scams, malvertising, and phishing tactics at scale.

04/03 Prioritizing data and identity security in 2025 - Help Net Security

Improving data and identity security requires understanding attackers, key vulnerabilities, and the modern threat landscape.

04/03 eBook: What does it take to be a full-fledged virtual CISO? - Help Net Security

The eBook explains the essential functions of the vCISO, outlining the minimum requirements for comprehensive vCISO services.

04/03 Building cyber resilience in banking: Expert insights on strategy, risk, and regulation - Help Net Security

Discover how banks achieve cyber resilience via integrated GRC, robust risk management, IAM, incident response & vendor oversight.

04/03 CISO vs. CIO: Where security and IT leadership clash (and how to fix it) - Help Net Security

The dynamic between a CISO and CIO has always been complex, but with the right strategies, they can align to create a resilient organization.

04/03 Why a push for encryption backdoors is a global security risk - Help Net Security

Governments in the UK, US, and Europe press tech firms to weaken encryption, risking privacy and exposing sensitive data to cyber threats.

04/03 Cybersecurity jobs available right now: March 4, 2025 - Help Net Security

Here are the worldwide cybersecurity job openings available as of March 4, 2025, including on-site, hybrid, and remote roles.

03/03 Online crime-as-a-service skyrockets with 24,000 users selling attack tools - Help Net Security

The rapid growth of AI-based technology has introduced new challenges, making remote identity verification systems more vulnerable to attacks.

03/03 Commix: Open-source OS command injection exploitation tool - Help Net Security

Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities.

03/03 Review: The Chief AI Officer's Handbook - Help Net Security

The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for

03/03 How QR code attacks work and how to protect yourself - Help Net Security

Learn about QR code attacks and the various techniques cybercriminals use to exploit QR codes for phishing and malware distribution.

02/03 Week in review: Botnet hits M365 accounts, PoC for Ivanti Endpoint Manager vulnerabilities released - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently

28/02 OT/ICS cyber threats escalate as geopolitical conflicts intensify - Help Net Security

The Dragos 2025 OT/ICS Cybersecurity Report comprehensively analyzes the evolving cyber threats facing industrial organizations.

28/02 MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) - Help Net Security

MITRE Caldera users have been urged to plug CVE-2025–27364, a critical security vulnerability that may lead to unauthenticated RCE.

28/02 OSPS Baseline: Practical security best practices for open source software projects - Help Net Security

The Open Source Project Security Baseline outlines "practical and impactful" security best practices for open source projects.

28/02 Understanding the AI Act and its compliance challenges - Help Net Security

David Dumont explains how organizations can leverage GDPR compliance to meet AI Act obligations on transparency and risk mitigation.

28/02 The art of balancing data security with business goals - Help Net Security

Gartner advises security leaders to take five actions to align business needs with data security and achieve protection and enablement goals.

28/02 Infosec products of the month: February 2025 - Help Net Security

The featured infosec products this month are from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, and more.

27/02 Debunking 5 myths about network automation - Help Net Security

Learn how network automation solutions can streamline your IT processes, improve efficiency, and reduce manual tasks in complex environments.

27/02 2024 phishing trends tell us what to expect in 2025 - Help Net Security

Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024.

27/02 Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363) - Help Net Security

A vulnerability (CVE-2025-23363) in the Siemens Teamcenter PLM software could allow an attacker to steal users' valid session data.

27/02 Is Agentic AI too smart for your own good? - Help Net Security

Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat

27/02 Hottest cybersecurity open-source tools of the month: February 2025 - Help Net Security

This article features open-source cybersecurity tools that are gaining attention for strengthening security across various environments.