In 2025, cybercriminals are raising the stakes by deploying sophisticated malware that bypasses traditional security measures, using advanced malware evasion techniques. Recent data shows that over 2,500 ransomware attacks were reported in just the first half of 2024, averaging more…
Category: EN
Malicious PyPI Packages Exploit Instagram and TikTok APIs to Validate User Accounts
Cybersecurity researchers have uncovered malicious packages uploaded to the Python Package Index (PyPI) repository that act as checker tools to validate stolen email addresses against TikTok and Instagram APIs. All three packages are no longer available on PyPI. The names…
Honeypots become a strategic layer in cyber defence
J2 Software has introduced ‘Honeypot as a Service’, a plug-and-play solution designed to deceive attackers, gather critical threat intelligence, and ultimately strengthen an organisation’s cyber resilience. This new approach is particularly crucial as cyberattacks become more complex and targeted. A…
Microsoft 365 Users Targeted by Tycoon2FA Linked Phishing Attack to Steal Credentials
A new wave of targeted phishing campaigns, linked to the Tycoon2FA group, has been identified specifically targeting Microsoft 365 users. Security researchers have observed that these campaigns are leveraging an innovative tactic: the use of malformed URLs containing backslash characters,…
Closing security gaps in multi-cloud and SaaS environments
In this Help Net Security interview, Kunal Modasiya, SVP, Product Management, GTM, and Growth at Qualys, discusses recent Qualys research on the state of cloud and SaaS security. He talks about how siloed visibility, fragmented tools, and a lack of…
UK Cyber Crime takes a new turn towards TV show the Blacklist
Cybercriminals in the UK have recently shifted their attention to a new, high-profile target: UK retailers. This marks a significant escalation in the threat landscape, where digital criminals are now turning their focus on disrupting major businesses. In a bizarre…
How a Turing Test Can Curb AI-Based Cyber Attacks
In recent years, artificial intelligence (AI) has emerged as a powerful tool, revolutionizing industries from healthcare to finance. However, as AI’s capabilities continue to grow, so does its potential for misuse—especially in the realm of cybersecurity. One of the most…
Chinese APT Hackers Attacking Orgs via Korplug Loaders and Malicious USB Drives
In a concerning development for cybersecurity professionals worldwide, a sophisticated Chinese advanced persistent threat (APT) group known as Mustang Panda has intensified its espionage campaigns across Europe, primarily targeting governmental institutions and maritime transportation companies. The group has been leveraging…
Containers are just processes: The illusion of namespace security
In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and faster security improvements, making OSS often more secure than proprietary code. Today,…
New Hannibal Stealer With Stealth & Obfuscation Evades Detection
A sophisticated new variant of information-stealing malware has been identified in the wild, representing an evolution of the previously documented Sharp Stealer. The Hannibal Stealer, as researchers have dubbed it, demonstrates advanced evasion capabilities and comprehensive data theft functionality, presenting…
AI voice hijacking: How well can you trust your ears?
How sure are you that you can recognize an AI-cloned voice? If you think you’re completely certain, you might be wrong. Why it’s a growing threat With only three seconds of audio, criminals can now clone a person’s voice, which…
Why legal must lead on AI governance before it’s too late
In this Help Net Security interview, Brooke Johnson, Chief Legal Counsel and SVP of HR and Security, Ivanti, explores the legal responsibilities in AI governance, highlighting how cross-functional collaboration enables safe, ethical AI use while mitigating risk and ensuring compliance.…
Protecting Against Info-Stealers – A Practical Resource
Recent cybersecurity reports reveal a significant rise in infostealer malware attacks, with these stealthy threats now accounting for nearly a quarter of all cyber incidents, highlighting the importance of protecting against infostealers. As organizations struggle to defend against this growing…
ChatGPT Vulnerability Lets Attackers Embed Malicious SVGs & Images in Shared Chats
A critical security vulnerability in ChatGPT has been discovered that allows attackers to embed malicious SVG (Scalable Vector Graphics) and image files directly into shared conversations, potentially exposing users to sophisticated phishing attacks and harmful content. The flaw, recently documented…
Cybersecurity jobs available right now: May 20, 2025
The post Cybersecurity jobs available right now: May 20, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now: May 20, 2025
Recent Evolution of Browser-based Cyber Threats, and What to Expect Next
In 2024, browser security faced some of the most advanced cyber threats to-date. As enterprises continue to transition to and from remote work environments, relying on SaaS platforms, cloud-based applications, hybrid work setups, and BYOD policies, attackers have become hyperfocused…
Ransomware’s Next Target: Strengthening Critical Infrastructure Against Emerging Cyber Threats
Ransomware increasingly targets critical infrastructure, threatening essential services and national security. Over 66% of critical infrastructure organizations in the US have faced attacks in the past 12 months, some experiencing over 100. As these attacks grow more frequent and sophisticated,…
Cybercrime-as-a-Service – Countering Accessible Hacking Tools
In today’s digital landscape, cybercrime has undergone a dramatic transformation. No longer limited to skilled hackers, cyberattacks are now available to anyone with internet access and cryptocurrency, thanks to the rise of Cybercrime-as-a-Service (CaaS). This model has democratized cybercrime, creating…
ISC Stormcast For Tuesday, May 20th, 2025 https://isc.sans.edu/podcastdetail/9458, (Tue, May 20th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, May 20th, 2025…
CISA has a new No. 2 … but still no official top dog
Brain drain, budget cuts, constant cyberthreats – who wouldn’t want this job? The US Cybersecurity and Infrastructure Security Agency (CISA) has a new No. 2: Madhu Gottumukkala, stepping in as the nation’s lead civilian cyber agency faces budget cuts, a…