Commvault is extending its Kubernetes protection to support virtual machines (VMs) running on Red Hat OpenShift Virtualization. This new capability enhances cyber resilience for organizations moving to modern application environments. Containerized workload adoption is rapidly growing: Gartner predicts 90% of…
Category: EN
Legal Aid breached, patients at risk from cyberattacks, 23andMe buyer
UK’s Legal Aid Agency breached NHS patients put at risk from cyberattacks 23andMe has a buyer Huge thanks to our sponsor, Conveyor Ever spent an hour in a clunky portal questionnaire with UI from 1999 just to lose your work…
Critical pfSense Firewall Flaws Enable Attackers to Inject Malicious Code
Security researchers have uncovered three critical vulnerabilities in pfSense firewall software that could allow attackers to inject malicious code, corrupt configurations, and potentially gain unauthorized access to systems. These vulnerabilities were responsibly disclosed to Netgate, the company behind pfSense, between…
CISA Adds Actively Exploited Ivanti EPMM Zero-Day to KEV Catalog
Cybersecurity and Infrastructure Security Agency (CISA) has added two critical zero-day vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The flaws CVE-2025-4427 and CVE-2025-4428 enable authentication…
Accenture Files Leaked – New Investigation Exposed Dark Side of Accenture Projects Controlling Billion of Users Data
A secrete investigation by Progressive International, Expose Accenture, and the Movement Research Unit, dubbed the “Accenture Files,” has unveiled the pivotal role of Accenture, the world’s largest consultancy firm, in fueling a global surge toward surveillance, exclusion, and authoritarianism. The…
New Phishing Attack Mimic as Zoom Meeting Invites to Steal Login Details
A sophisticated phishing campaign exploiting the popularity of Zoom meetings has emerged, targeting corporate users with fake meeting invitations that appear to come from colleagues. The attack uses social engineering tactics to create a sense of urgency, prompting victims to…
Malware Evasion Techniques – What Defenders Need to Know
In 2025, cybercriminals are raising the stakes by deploying sophisticated malware that bypasses traditional security measures, using advanced malware evasion techniques. Recent data shows that over 2,500 ransomware attacks were reported in just the first half of 2024, averaging more…
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names…
Honeypots become a strategic layer in cyber defence
J2 Software has introduced ‘Honeypot as a Service’, a plug-and-play solution designed to deceive attackers, gather critical threat intelligence, and ultimately strengthen an organisation’s cyber resilience. This new approach is particularly crucial as cyberattacks become more complex and targeted. A…
Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been identified specifically targeting Microsoft 365 users. Security researchers have observed that these campaigns are leveraging an innovative tactic: the use of malformed URLs containing backslash characters,…
Closing security gaps in multi-cloud and SaaS environments
In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research on the state of cloud and SaaS security. He talks about how siloed visibility, fragmented tools, and a lack of…
UK Cyber Crime takes a new turn towards TV show the Blacklist
Cybercriminals in the UK have recently shifted their attention to a new, high-profile target: UK retailers. This marks a significant escalation in the threat landscape, where digital criminals are now turning their focus on disrupting major businesses. In a bizarre…
How a Turing Test Can Curb AI-Based Cyber Attacks
In recent years, artificial intelligence (AI) has emerged as a powerful tool, revolutionizing industries from healthcare to finance. However, as AI’s capabilities continue to grow, so does its potential for misuse—especially in the realm of cybersecurity. One of the most…
Chinese APT Hackers Attacking Orgs via Korplug Loaders and Malicious USB Drives
In a concerning development for cybersecurity professionals worldwide, a sophisticated Chinese advanced persistent threat (APT) group known as Mustang Panda has intensified its espionage campaigns across Europe, primarily targeting governmental institutions and maritime transportation companies. The group has been leveraging…
Containers are just processes: The illusion of namespace security
In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code. Today,…
New Hannibal Stealer With Stealth & Obfuscation Evades Detection
A sophisticated new variant of information-stealing malware has been identified in the wild, representing an evolution of the previously documented Sharp Stealer. The Hannibal Stealer, as researchers have dubbed it, demonstrates advanced evasion capabilities and comprehensive data theft functionality, presenting…
AI voice hijacking: How well can you trust your ears?
How sure are you that you can recognize an AI-cloned voice? If you think you’re completely certain, you might be wrong. Why it’s a growing threat With only three seconds of audio, criminals can now clone a person’s voice, which…
Why legal must lead on AI governance before it’s too late
In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal responsibilities in AI governance, highlighting how cross-functional collaboration enables safe, ethical AI use while mitigating risk and ensuring compliance.…
Protecting Against Info-Stealers – A Practical Resource
Recent cybersecurity reports reveal a significant rise in infostealer malware attacks, with these stealthy threats now accounting for nearly a quarter of all cyber incidents, highlighting the importance of protecting against infostealers. As organizations struggle to defend against this growing…
ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats
A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented…