Category: EN

The SOC files: Chasing the web shell

Kaspersky SOC analysts discuss a recent incident where the well-known Behinder web shell was used as a post-exploitation backdoor, showing how web shells have evolved. This article has been indexed from Securelist Read the original article: The SOC files: Chasing…

Understanding the AI Act and its compliance challenges

In this Help Net Security interview, David Dumont, Partner at Hunton Andrews Kurth, discusses the implications of the EU AI Act and how organizations can leverage existing GDPR frameworks while addressing new obligations such as conformity assessments and transparency requirements.…

The First International AI Safety Report: A Call to Action

The inaugural International AI Safety Report provides a comprehensive insight into General-purpose AI’s current state, future potential, and associated risks. General-purpose AI refers to AI models or systems that can perform a wide variety of tasks, as opposed to Specialized…

Windows CE and ICS Security: A Ticking Time Bomb?

Windows CE, a decades-old operating system originally designed for embedded systems, remains a crucial component of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) environments.  However, despite its widespread use in human-machine interfaces (HMI), kiosks, and even…

DeepSeek Data Leak Exposes 12,000 Hardcoded API Keys and Passwords

A sweeping analysis of the Common Crawl dataset—a cornerstone of training data for large language models (LLMs) like DeepSeek—has uncovered 11,908 live API keys, passwords, and credentials embedded in publicly accessible web pages.  The leaked secrets, which authenticate successfully with…

Winos4.0 Malware Targets Windows Users Through Malicious PDF Files

A new wave of cyberattacks leveraging the Winos4.0 malware framework has targeted organizations in Taiwan through malicious PDF attachments disguised as tax inspection alerts, according to a January 2025 threat analysis by FortiGuard Labs.  The campaign employs multi-stage payload delivery,…

The art of balancing data security with business goals

In this Help Net Security video, Nathan Parks, Senior Research Specialist at Gartner, discusses their recent research, revealing that only 14% of security leaders effectively balance data security with business goals. 35% of leaders are focused on securing data, while…

Infosec products of the month: February 2025

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo Alto Networks, Pangea, Privacera, Qualys, SafeBreach, Satori, Seal Security, Socure, and Veeam Software. Qualys TotalAppSec…

PayPal’s “no-code checkout” abused by scammers

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers’ phone numbers. This article has been indexed from Malwarebytes Read the original article: PayPal’s “no-code checkout” abused by scammers

Spyzie – 518,643 breached accounts

In February 2025, the spyware service Spyzie suffered a data breach along with sibling spyware services, Spyic and Cocospy. The Spyzie breach alone exposed almost 519k customer email addresses which were provided to HIBP, and reportedly also enabled unauthorised access…

Morpheus: Building Dynamic, Context-Specific Response Playbooks with AI

How Morpheus revolutionizes security automation with dynamically generated, context-aware workflows. The post Morpheus: Building Dynamic, Context-Specific Response Playbooks with AI appeared first on D3 Security. The post Morpheus: Building Dynamic, Context-Specific Response Playbooks with AI appeared first on Security Boulevard.…

Do Powerful Tools Enhance Your Data Security?

How Can Powerful Security Tools Impact Your Data Protection Strategy? Has it ever occurred to you how critical it is to have a robust data protection framework in massive digitalization? The need for advanced cybersecurity measures becomes more critical. One…