Category: Help Net Security

Windows 10 users in the European Economic Area (EEA) will be able to receive extended security updates until October 14, 2026, without having to pay for them or to back up their settings, apps, or credentials to the Microsoft cloud.…

Read more →

Chainguard released Chainguard Libraries for JavaScript, a collection of trusted builds of thousands of common JavaScript dependencies that are malware-resistant and built from source on SLSA L2 infrastructure. By securely building every library and all of its dependencies from source,…

Read more →

Cybercriminals are increasingly using AI-powered tools and (malicious) large language models to create convincing, error-free emails, deepfakes, online personas, lookalike/fake websites, and malware. There’s even been a documented instance of an attacker using the agentic AI coding assistant Claude Code…

Read more →

Onapsis announced updates to its Onapsis Platform, including the launch of three new capabilities: the SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP Business Technology Platform (BTP). Together, these enhancements provide organizations with…

Read more →

Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About CVE-2025-20352 Cisco IOS software can be found on older models of Cisco Catalyst switches, Integrated…

Read more →

ESET Research has published new findings on DeceptiveDevelopment, also called Contagious Interview. This North Korea-aligned group has become more active in recent years and focuses on stealing cryptocurrency. It targets freelance developers working on Windows, Linux, and macOS systems. A…

Read more →

Secure Code Warrior has launched a beta program to expand the AI capabilities of its Trust Agent product. The new offering provides CISOs with security traceability, visibility, and governance over developers’ use of AI coding tools. This upgrade, collectively referred…

Read more →

Distributed denial-of-service (DDoS) attacks remain one of the most common and disruptive forms of cybercrime. Defenders have traditionally focused on detecting these attacks once they are underway. New research suggests that predicting DDoS attacks in advance may be possible, giving…

Read more →

Authorities around the world have recovered $439 million from criminals following a months-long operation led by INTERPOL. The effort, called HAECHI VI, ran from April through August 2025 and involved police in 40 countries and territories working together to track…

Read more →

Managing security across dozens or even hundreds of SaaS apps has become a major headache. Each tool has its own settings, permissions, and logs, and most third-party risk processes only look at the vendor’s overall security, not the app itself.…

Read more →

Drones have already shown their impact in military operations, and their influence is spreading across the agricultural and industrial sectors. Given their technological capabilities, we need to be aware of the risks they bring. Drones as a new attack vector…

Read more →

Sensitive data is everywhere and growing fast. A new report from Concentric AI highlights how unstructured data, duplicate files, and risky sharing practices are creating serious problems for security teams. The findings show how generative AI tools like Microsoft Copilot…

Read more →

Enterprise security teams are underprepared to detect new, adaptive AI-powered threats. The study, published by Lenovo, surveyed 600 IT leaders across major markets and shows widespread concern about external and internal risks, along with low confidence in current defenses. External…

Read more →

SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset management solution. While the vulnerability is currently not being leveraged by attackers, they might soon reverse-engineer the…

Read more →

Teleport released AI Session Summaries, a new capability in Teleport Identity Security that enables customers to summarize insights from thousands of hours of session recordings in minutes. Teleport generates session recordings of SSH, Kubernetes, and database access events, capturing a…

Read more →

Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company has confirmed. About CVE-2025-59689 CVE-2025-59689 is a command injection vulnerability caused by improper sanitization when removing active code from…

Read more →

A cross-border cryptocurrency scam has left investors across Europe with losses of more than €100 million. Authorities in several countries worked together to shut down the operation and arrest those behind it. How the scheme worked The fraudsters ran what…

Read more →

OffSec has released Kali Linux 2025.3, the most up-to-date version of its popular penetration testing and digital forensics platform. What’s new in Kali Linux 2025.3 Better virtual machine tooling The way Kali builds and ships its VM images has been…

Read more →

Sentry released the beta of AI code review, an AI-powered solution that identifies and fixes code issues before they reach production. Following its acquisitions of Codecov (2022) and Emerge Tools (2025), AI code review marks a step in Sentry’s expansion…

Read more →

Proofpoint announced four innovations designed to secure the agentic workspace, where people and AI agents collaborate side by side. Proofpoint’s new collaboration and data security capabilities address the risks of the agentic workspace by solving four challenges: protecting AI assistants…

Read more →