Chinese cyber-espionage groups have once again demonstrated their determination and technical prowess in targeting U.S. organizations with ties to international policy-making, highlighting the persistent and evolving threat posed by state-linked cyber actors. Evidence indicates that the attackers sought to establish…
Tag: EN
Postman expands platform with features for building AI-ready APIs
Postman announced several updates bringing key enterprise features to its platform, so customers can build AI-ready APIs that meet the most critical enterprise specifications. As software increasingly shifts from applications to AI agents, the enterprise challenge has become clear: these…
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL?
October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116 CVEs…
Tufin Orchestration Suite R25-2 strengthens network, cloud, and SASE policy automation
Tufin announced Tufin Orchestration Suite (TOS) R25-2. The R25-2 release delivers expanded visibility, automation, and stronger security controls, enabling organizations to strengthen their security posture while simplifying operations across their hybrid environments. Security and network teams are forced to manage…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension with basic ransomware capabilities that appears to be created with the help of artificial intelligence – in other words, vibe-coded. Secure Annex researcher John Tuckner, who flagged the…
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story
In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations and why early collaboration between IT and security…
Cavalry Werewolf Launches Cyberattack on Government Agencies to Deploy Network Backdoor
In July 2025, Doctor Web’s anti-virus laboratory received a critical alert from a government-owned organization within the Russian Federation. The institution suspected a network compromise after discovering spam emails originating from one of their corporate email addresses. What began as…
Old privacy laws create new risks for businesses
Businesses are increasingly being pulled into lawsuits over how they collect and share user data online. What was once the domain of large tech firms is now a widespread legal risk for companies of all sizes. The latest analysis from…
What keeps phishing training from fading over time
When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely…
How Fast and Secure Customer Support Relies on Internet Privacy Tools
Discover how free VPNs enhance customer support speed, privacy, and trust by securing user connections and ensuring smooth, safe service interactions. The post How Fast and Secure Customer Support Relies on Internet Privacy Tools appeared first on Security Boulevard. This…
Elevating Customer Support with Smarter Access Solutions in an AI-Constrained World
Learn how unblocking AI tools enhances customer support speed, consistency, and reliability while maintaining strong security and compliance standards. The post Elevating Customer Support with Smarter Access Solutions in an AI-Constrained World appeared first on Security Boulevard. This article has…
Hospitals are running out of excuses for weak cyber hygiene
Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where…
Innovative Tools and Tactics in Cybersecurity
In this episode of ‘Cybersecurity Today,’ hosted by Jim Love, the focus is on recent developments and tactics in cybersecurity. The episode discusses Meter’s networking solutions, the innovative tactics of the ransomware group Killen using common Windows tools, and three…
Amazon WorkSpaces for Linux Vulnerability Exposes Valid Auth Tokens to Attackers
A recently disclosed vulnerability in the Amazon WorkSpaces client for Linux exposes a critical security flaw that could allow attackers to gain unauthorized access to user environments due to improper handling of authentication tokens. The issue, tracked as CVE-2025-12779, has…
Sandworm Hackers Target Ukrainian Organizations With Data-Wiping Malware
Russia-aligned threat actor Sandworm has intensified its destructive cyber operations against Ukrainian organizations, deploying data wiper malware to cripple critical infrastructure and weaken the nation’s economy. Unlike other Russia-aligned advanced persistent threat groups that primarily engage in cyberespionage activities, Sandworm’s…
Claude Desktop Hit by Critical RCE Flaws Allowing Remote Code Execution
Security researchers have uncovered severe remote code execution vulnerabilities in three official Claude Desktop extensions developed and published by Anthropic. The Chrome, iMessage, and Apple Notes connectors, which collectively boast over 350,000 downloads and occupy prominent positions in Claude Desktop’s…
New infosec products of the week: November 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor. Bitdefender GravityZone Security Data Lake unifies telemetry from multiple tools Security Data Lake empowers both in-house security teams…
Cisco Identity Services Engine Vulnerability Allows Attackers to Restart ISE Unexpectedly
A critical vulnerability in Cisco Identity Services Engine (ISE) could allow remote attackers to crash the system through a crafted sequence of RADIUS requests. The flaw CVE-2024-20399, lies in how ISE handles repeated authentication failures from rejected endpoints, creating a…
NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code
NVIDIA has patched a critical vulnerability in its App for Windows that could allow local attackers to execute arbitrary code and escalate privileges on affected systems. Tracked as CVE-2025-23358, the flaw exists in the installer component. It poses a significant…
What Are Passkeys and How Do They Work?
Discover passkeys, the next-generation authentication method replacing passwords. Learn how passkeys work, their security advantages, and how they’re shaping software development. The post What Are Passkeys and How Do They Work? appeared first on Security Boulevard. This article has been…