Category: Help Net Security

OffSec has released Kali Linux 2025.2, the most up-to-date version of the widely used penetration testing and digital forensics platform. KDE Plasma 6.3 in Kali Linux 2025.2 (Source: OffSec) New in Kali Linux 2025.2 As per usual, the newest Kali…

Read more →

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite mercenary spyware, Citizen Lab researchers have revealed on Thursday. The attacks happened in January and early February 2025. “We…

Read more →

StackHawk announced Sensitive Data Identification to give security teams visibility into high-risk APIs across thousands of code repositories within an organization. With most security teams only aware of approximately 10% of their API attack surface, StackHawk illuminates the complete API…

Read more →

GenAI has been the star of the show lately. Tools like ChatGPT impressed everyone with how well they can summarize, write, and respond. But something new is gaining ground: agentic AI. These systems don’t just answer questions. They make decisions,…

Read more →

In this Help Net Security interview, Amichai Shulman, CTO at Nokod Security, discusses how the abstraction layer in no-code environments complicates security by obscuring data flow, identity propagation, and control logic. Shulman also addresses why vulnerabilities in no-code applications go…

Read more →

78% of public sector organizations are operating with significant security debt, flaws left unaddressed for more than a year, according to Veracode. 55% are burdened with ‘critical’ security debt, representing long-standing vulnerabilities with severe risk potential. Public sector flaw remediation…

Read more →

The National Institute of Standards and Technology (NIST) has released a new guide that offers practical help for building zero trust architectures (ZTA). The guidance, titled Implementing a Zero Trust Architecture (SP 1800‑35), includes 19 example setups using off‑the‑shelf commercial…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Contrast Security, Cymulate, Lemony, SpecterOps, Thales, and Vanta. Lemony mitigates privacy and compliance risks associated with cloud-based AI With Lemony, different teams can run their…

Read more →

Attackers are using the TeamFiltration pentesting framework to brute-force their way into Microsoft Entra ID (formerly Azure AD) accounts, Proofpoint researchers have discovered. “Proofpoint’s research indicates that while simulated intrusions using TeamFiltration date back nearly to the tool’s initial release…

Read more →

The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate panel has revealed. From that sum, the operators took their 20% cut (approximately…

Read more →

Tamnoon launched Managed CDR (Cloud Detection and Response), a managed service designed to validate, contextualize, and respond to cloud security alerts. Built on AWS and launching with Wiz Defend, Amazon GuardDuty, CrowdStrike Falcon, and Orca Security, with more coming soon,…

Read more →

In this Help Net Security interview, Joni Klippert, CEO of StackHawk, discusses why API visibility is a major blind spot for security teams, how legacy tools fall short, and how StackHawk identifies risky APIs and sensitive data directly from code…

Read more →

Lemony announced its on-premise artificial intelligence solution that is redefining how organizations deploy generative AI. Lemony’s secure, hardware-based node offers enterprise-grade ‘AI in a Box,’ empowering companies to run advanced, end-to-end AI workflows privately, instantly, and without cloud dependence. Lemony’s…

Read more →

Cybercriminals are stealing data and running full-scale businesses around it. Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) report reveals how personal data is now a core currency in the underground economy. Data is the product Cybercriminals go after everything…

Read more →

Nudge Security announced today a new browser extension for its SaaS and AI security governance solution that detects identity risks and guides employees toward safe, compliant SaaS and AI use in real time. Modern work happens at theWorkforce Edge, where…

Read more →

CISOs understand that threat modeling helps teams identify risks early and build safer systems. But outside the security org, the value isn’t always clear. When competing for budget or board attention, threat modeling often loses out to more visible efforts…

Read more →

A cybersecurity hobbyist has built a compact, foldable mobile hacking rig that runs Kali NetHunter on a Google Pixel 3 XL. It’s called the NetHunter C-deck, and it packs serious functionality into a small, 3D-printed shell. NetHunter C-deck v2.1.0 The…

Read more →

98% of CISOs face challenges when using threat intelligence, according to Trellix. The biggest problems are keeping up with changing threats, integration difficulties, and regulatory rules. As a result, threat intelligence defaults to a reactive function within a workstream, rather…

Read more →

Nearly half of of mobile users encounter mobile scams daily, with people in the US and UK more likely to be targeted than those in other regions, according to Malwarebytes. Most users say it’s hard to tell a scam from…

Read more →

92% of healthcare IT leaders say they’re confident in their ability to prevent email-based data breaches, but according to Paubox, they’re not. Healthcare compliance confidence gap Email remains one of the biggest security risks in healthcare. Outdated systems and frustrating…

Read more →

More than 20,000 malicious IP addresses and domains used by information-stealing malware were taken down during an international cybercrime crackdown led by INTERPOL. Called Operation Secure, the effort ran from January to April 2025 and involved law enforcement from 26…

Read more →

Connectwise customers who use the company’s ScreenConnect, Automate, and ConnectWise RMM solutions are urged to update all agents and/or validate that the update has been deployed by Friday, June 13 at 8:00 p.m. ET, or risk disruptions. The reason for…

Read more →

Trustwise introduced Harmony AI, a runtime trust layer and control tower designed for enterprises deploying fleets of generative and agentic AI systems. Harmony AI embeds “trust as code” directly into AI systems, empowering CISOs, developers, and AI leaders to shield…

Read more →

SpecterOps introduced Privilege Zones, a new addition to its flagship BloodHound Enterprise platform. Privilege Zones enable teams to define custom security boundaries around business-critical resources and enforce least privilege access continuously in on-prem, cloud and hybrid environments. IT and security…

Read more →

For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Also, Adobe Commerce and Magento Open Source users are urged to update quickly. About CVE-2025-33053 CVE-2025-33053 is a remote code execution…

Read more →

Sentra launched its DSAR automation capability, purpose-built to help large, complex organizations respond to Data Subject Access Requests (DSARs) under regulations such as GDPR, CCPA, and other global privacy mandates. This new capability extends Sentra’s platform value by eliminating manual,…

Read more →

Vanta announced the Vanta AI Agent, marking a major leap forward in how security and compliance teams leverage AI to minimize human error and maximize impact. The Vanta AI Agent autonomously handles end-to-end workflows across a company’s entire GRC program…

Read more →

Red Canary unveiled a new suite of expert AI agents. These specialized agents combine the speed and scalability of agentic AI with the quality and consistency of standard operating procedures derived from Red Canary’s elite team of security operators—bringing a…

Read more →

OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It…

Read more →

In cybersecurity, there’s an urge to collect as much data as possible. Logs, alerts, metrics, everything. But more data doesn’t necessarily translate to better security. SOCs deal with tens of thousands of alerts every day. It’s more than any person…

Read more →

AI is supposed to make businesses faster, smarter, and more competitive, but most projects fall short. The Cloud Security Alliance (CSA) says the real issue is companies cramming AI into old, rigid processes that just can’t keep up. “AI adoption…

Read more →

As AI assistants, agents, and data-driven workloads reshape how work gets done, they’re creating more latency-sensitive, and more complex network traffic, according to Cisco. Cisco research highlights Combined with the ubiquity of connected devices, 24/7 uptime demands, and security threats,…

Read more →

ChatGPT remains the most widely used LLM among New Relic customers, making up over 86% of all tokens processed. Developers and enterprises are shifting to OpenAI’s latest models, such as GPT-4o and GPT-4o mini, even when more affordable alternatives are…

Read more →

Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. Many security incidents involve smartphones, often…

Read more →

ArmorCode launched AI Code Insights, a new set of capabilities that leverages ArmorCode’s agentic AI, Anya, to provide enterprises with contextual understanding of their code repositories, empowering security and development teams to secure what matters most. AI Code Insights directly…

Read more →

AU10TIX is enhancing its product suite with the launch of AnyDoc Authentication, a capability that exposes forged, tampered, or synthetic non-ID documents that may bypass traditional identity verification methods. AnyDoc harnesses advanced AI, forensic forgery detection, and metadata analysis to…

Read more →

This webinar is designed for leadership and management professionals looking to enhance their organization’s security posture in the cloud. The authors explore CIS Hardened Images: how they work, the security benefits they offer, and why they’re especially valuable for public…

Read more →

Two Mirai botnets are exploiting a critical remote code execution vulnerability (CVE-2025-24016) in the open-source Wazuh XDR/SIEM platform, Akamai researchers have warned. What is Wazuh? Wazuh is a popular open-source security information and event management (SIEM) and extended detection and…

Read more →

Thales launched Thales File Activity Monitoring, a new capability within the Thales CipherTrust Data Security Platform that enhances enterprise visibility and control over unstructured data, enabling organizations to monitor file activity in real time, detect misuse, and ensure regulatory compliance…

Read more →

Cymulate releaseed AI-powered detection engineering assistant for security information and event management (SIEM) rule threat coverage validation. Now, the Cymulate Platform automates and streamlines the detection engineering process for blue teams and SecOps, allowing them to build, test and optimize…

Read more →

Security teams are leaning hard into AI, and fast. A recent survey of 500 senior cybersecurity pros at big U.S. companies found that 86% have ramped up their AI use in the past year. The main reason? They’re trying to…

Read more →

At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate quickly,…

Read more →

AI adoption is increasing, with 84% of organizations now using AI in the cloud, according to Orca Security. But this innovation comes with new risks: 62% of organizations have at least one vulnerable AI package, and some of the most…

Read more →

In this Help Net Security video, Eoin Wickens, Director of Threat Intelligence at HiddenLayer, explores the security risks posed by agentic AI. He breaks down how agentic AI functions, its potential to revolutionize business operations, and the vulnerabilities it introduces,…

Read more →

The post Cybersecurity jobs available right now: June 10, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now: June 10, 2025

Read more →

Contrast Security announced Northstar, a major release for the company that redefines how businesses see cyberattacks, stop breaches, and protect their applications and APIs. Contrast pairs runtime data and contextual analysis with AI-powered auto-remediation to cut response times and eliminate…

Read more →

DNS4EU, an EU-based DNS resolution service created to strengthen European Union’s digital sovereignty, has become reality. What is DNS? The Domain Name System (DNS) “translates” human-readable domain names into IP addresses and back, and is essential for accessing websites. Most…

Read more →

With an exploit for a critical Roundcube vulnerability (CVE-2025-49113) being offered for sale on underground forums and a PoC exploit having been made public, attacks exploiting the flaw are incoming and possibly already happening. According to the Shadowserver Foundation, there…

Read more →

In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to…

Read more →

The threat landscape in the bioeconomy is different from what most CISOs are used to. It includes traditional risks like data breaches, but the consequences are more complex. A compromise of genomic databases, for example, does not just expose personal…

Read more →

fiddleitm is an open-source tool built on top of mitmproxy that helps find malicious web traffic. It works by checking HTTP requests and responses for known patterns that might point to malware, phishing, or other threats. fiddleitm features “I created…

Read more →

In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a previous attack, according to Abnormal AI. Vendor email compromise risks increase…

Read more →

Using the MITRE ATT&CK framework as a baseline, organizations are generally improving year-over-year in understanding security information and event management (SIEM) detection coverage and quality, but plenty of room for improvement remains, according to CardinalOps. MITRE ATT&CK enhances SOC visibility…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm? Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. Google fixes…

Read more →

Millions of Internet-of-Things (IoT) devices running the open-source version of the Android operating system are part of the Badbox 2.0 botnet, the FBI has warned. Cyber criminals are using the botnet to perform ad fraud and click fraud, but access…

Read more →

Approximately 145 darknet and conventional internet domains, along with cryptocurrency funds linked to the BidenCash marketplace, have been seized by the U.S. Attorney’s Office for the Eastern District of Virginia. The operators of the BidenCash marketplace use the platform to…

Read more →

Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May. The May Patch Tuesday release of updates was typical in number of vulnerabilities addressed with 41 in both Windows 10 and 11, and their associated servers. They…

Read more →

Claroty announced new capabilities in its SaaS-based Claroty xDome platform that provide organizations with an impact-centric view of their CPS environment. The new additions, Device Purpose and Risk Benchmarking, allow users to see how the overall risk of an environment…

Read more →

Pathlock announced a major expansion of its SAP cybersecurity offerings, introducing a new portfolio of value-driven and easy-to-deploy SAP cybersecurity solutions, including a Free Edition. Designed to deliver maximum value and fast time-to-protection, the launch marks a significant step toward…

Read more →

Patient data is often stored or processed outside the country where it was collected. When that happens, the data falls under the laws of the country where it resides. Depending on those laws, local governments may have legal access to…

Read more →

In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions. He explains why identity and access management (IAM) is the ideal starting point for both augmentation and automation, and shares advice…

Read more →

Ransomware, trojans, and malware delivered through USB devices are putting growing pressure on industrial systems, according to the Honeywell 2025 Cyber Threat Report, which draws on data from monitoring tools deployed across industrial sites around the world. The findings highlight…

Read more →

Ransomware breaches continue to rise even as fewer victims pay, according to a Delinea report. 69% of organizations globally have fallen victim to ransomware, with 27% being hit more than once. While only 57% of organizations paid ransoms, down from…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and Varonis. Bitdefender unifies security, risk management, and compliance in a single platform Bitdefender announced GravityZone Compliance Manager,…

Read more →

Dynatrace is accelerating the generational shift in enterprise software development by extending the Dynatrace platform with agentic AI capabilities. Designed to predict and prevent disruptions, protect systems and data, and optimize operations autonomously, these advancements mark a new era of…

Read more →

Bitdefender announced GravityZone Compliance Manager, a new addition to its GravityZone platform that helps organizations reduce the burden of compliance and streamline audit readiness. Designed specifically for today’s complex regulatory landscape, the solution provides real-time visibility, automated remediation, audit-ready reports,…

Read more →

Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically. The tool uses customizable classification rules…

Read more →

Fortinet has enhanced its data and productivity security portfolio, expanding FortiMail with the launch of the FortiMail Workspace Security suite. These new capabilities extend protection not only to email but also to browser and collaboration security. These advancements, combined with new…

Read more →

Security teams are overwhelmed by a flood of alerts, most of which lack the context needed to accurately assess and espond to threats, according to ARMO. Respondents report receiving an average of 4,080 security alerts per month – or 136…

Read more →

If it seems like scams are popping up everywhere lately, you’re not wrong. A new survey from Google shows most Americans feel the same, and they’re starting to change how they handle things online because of it. But different age…

Read more →

32% of healthcare executives say their organization suffered a breach in the past 12 months, and 46% say they are experiencing a higher volume of attacks, according to LevelBlue. AI brings hope and concern As AI promises healthcare organizations efficiency,…

Read more →

In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises. From highly customized, interconnected environments to the pressure of real-time patching, Strauss highlights why keeping SAP…

Read more →

Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned. The attackers in question – currently tracked as UNC6040 – are masters…

Read more →

Cobalt announced a set of product enhancements within the Cobalt Offensive Security Platform aimed at helping customers scale security testing with greater clarity, automation, and control. These innovations further the company’s commitment to deliver expert-driven, fast-to-launch pentesting, now with even…

Read more →

Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit. About CVE-2025-5419 CVE-2025-5419 is a high-severity out of bounds read and write vulnerability in V8, the JavaScript and WebAssembly engine developed by Google for the…

Read more →

Salt Security unveiled Salt Illuminate, a platform that redefines how organizations adopt API security. With its self-service onboarding and cloud-native connect capabilities, Salt reduces deployment time from months to minutes requiring no architecture knowledge and manual integrations, leading to zero…

Read more →

TXOne Networks announced an expanded new version of its SageOne OT Cybersecurity Governance Platform. Already relied upon by many industrial leaders across sectors with exacting cybersecurity requirements, TXOne SageOne has been enhanced to deliver a novel capability for intelligent vulnerability…

Read more →

Varonis announced Varonis Identity Protection, the latest enhancement to its Data Security Platform that gives organizations visibility and control of data and identities. Most identity security tools operate in a vacuum — with no understanding of the critical data each…

Read more →

Zscaler announced a new suite of solutions that enable customers to adopt zero trust everywhere. These innovations extend the reach of true zero trust and enable businesses to modernize and scale securely by providing end-to-end segmentation between and inside branches…

Read more →

According to research, 62% of organizations said their attack surface grew over the past year. It’s no coincidence that 76% of organizations also reported a cyberattack due to an exposed asset in 2024, as expanding digital footprints often outpace security…

Read more →

Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact…

Read more →

Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system…

Read more →

In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems. He explains why conventional threat modeling needs to adapt to address autonomous decision-making…

Read more →

Many organizations are overwhelmed by the complexity of their IT systems, making it difficult to manage cybersecurity risks, according to a new Ivanti report. The “Exposure Management: From Subjective to Objective Cybersecurity” report points out that as companies keep adding…

Read more →

Malwarebytes launched Scam Guard, an AI-powered digital safety companion that provides real-time feedback on scams, threats and malware alongside digital safety recommendations. Whether it’s a suspicious text, DM, email, image or link, Scam Guard offers judgment-free, personalized advice to help…

Read more →

Silobreaker released AI Summarise for dashboards and email alerting. This latest enhancement brings the power of customisable AI directly into the core of the analyst workflow – enabling threat intelligence teams to generate stakeholder-ready summaries from across their trusted sources…

Read more →

AttackIQ releaseed AttackIQ Ready3. With expanded discovery capabilities, Ready3 maps both internal and external attack surfaces. By correlating asset discovery with vulnerability context, attack paths and compensating controls, the platform helps security teams identify which vulnerabilities are truly exposed because…

Read more →

Infosecurity Europe 2025 is a cybersecurity event taking place from June 3 to 5 in London. Help Net Security is on-site and here’s a closer look at the conference. The featured vendors are: Okta, PlexTrac, ISC2, Insight, EasyDMARC, Defense.com, Tines,…

Read more →

RSA announced a new Identity Security Posture Management (ISPM) and enhancements to its passwordless identity platform. These innovations will help enterprises proactively find and resolve security risks across hybrid and cloud environments and simplify users’ log-in processes with advanced, phishing-resistant…

Read more →

Akamai Technologies has introduced Akamai DNS Posture Management, a solution that offers unified, multicloud visibility over all DNS assets. The agentless solution provides real-time monitoring and guided remediation across all major DNS providers. Security teams can quickly detect and respond…

Read more →

Interactive Brokers is warning customers to be on high alert due to a wave of scams involving fraudsters posing as company representatives. Interactive Brokers (IBKR) is a global brokerage firm that lets investors trade stocks, options, futures, and other assets…

Read more →

In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables. He explains how cybercrime is becoming more accessible and fragmented. Lyne also talks about key trends,…

Read more →

A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity…

Read more →

Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages. Vet supports several ecosystems, including…

Read more →

Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds. 61% of developers said that it’s critical that security doesn’t block or decelerate the development process or become a…

Read more →

The post Cybersecurity jobs available right now: June 3, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now: June 3, 2025

Read more →

A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday. “We have not observed any additional suspicious activity in ScreenConnect cloud instances since the patch…

Read more →

Barracuda Networks unveiled the BarracudaONE AI-powered cybersecurity platform. BarracudaONE maximizes threat protection and cyber resilience by unifying layered security defenses and providing deep, intelligent threat detection and response for managed service providers (MSPs), other channel partners and end users. BarracudaONE…

Read more →

DoControl announced expanded capabilities that further support organizations in enforcing zero trust security strategies – without compromising business agility or user productivity. Zero trust principles dictate that no user, device, or location is inherently trusted. While this approach is essential…

Read more →

The threat landscape is evolving faster than ever. Staying ahead means going beyond automated scans and check-the-box assessments. It demands continuous, hands-on testing through a security approach that proactively identifies, prioritizes, and mitigates threats in real time. To manage these…

Read more →