Tag: Help Net Security

February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which…

Read more →

Industrial Defender announced its latest platform, Industrial Defender 8.0. This release introduces a completely redesigned risk dashboard, helping critical infrastructure and industrial operators manage security and compliance risks by assessing and prioritizing them with enhanced intelligence and risk scoring. Industrial…

Read more →

The Thai police has arrested four individuals suspected of being the leaders of the 8Base ransomware group and of stealing approximately $16 million from 1,000+ victims they targeted with the Phobos ransomware. “Officers from Cyber Crime Investigation Bureau, led by…

Read more →

Users of iPhones and iPads that run iOS/iPadOS 18 and iPadOS 17 are urged to implement the latest updates to plug a security feature bypass vulnerability (CVE-2025-24200) exploited in the wild in “an extremely sophisticated” attack. The vulnerability (CVE-2025-24200) “A…

Read more →

In this Help Net Security interview, Mike Calvi, CISO at Arvest Bank, discusses building a strong cybersecurity culture within the banking sector. He explains how leadership, effective reporting, and proactive engagement with associates are key in strengthening security. Calvi also…

Read more →

Inside Cyber Warfare, 3rd Edition by Jeffrey Caruso explores how nation-states, corporations, and hackers engage in digital warfare. It offers insights into the intersection of cybersecurity, geopolitics, and emerging technology. About the author Jeffrey Caruso is a globally recognized cybersecurity…

Read more →

Apple’s AirTags are a convenient way to track personal items like keys and bags, but they also raise concerns about unwanted tracking and stalking. To help users stay safe, Apple has implemented several anti-stalking protections, including unwanted tracking alerts and…

Read more →

Application Offensive Security Consultant Sharp Decisions | USA | On-site – View job details As an Application Offensive Security Consultant, you will perform Offensive Security Testing against applications and APIs. Perform application threat hunting to evaluate risk to applications. Perform…

Read more →

Researchers have spotted two machine learning (ML) models containing malicious code on Hugging Face Hub, the popular online repository for datasets and pre-trained models. Once one of them is downloaded and executed on the developer’s machine, the malicious payload checks…

Read more →

Generative AI is fueling a new wave of identity fraud, making digital security more critical than ever. In response, Veridas has introduced an advanced injection attack detection capability to combat the growing threat of synthetic identities. This new feature strengthens…

Read more →

The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies were downloaded…

Read more →

Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the…

Read more →

In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and the…

Read more →

Tokenization replaces sensitive data, such as credit card numbers or personal identifiers, with unique, non-sensitive tokens with no exploitable value. This method helps protect sensitive information by ensuring that the actual data is never stored or transmitted, reducing the risk…

Read more →

Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot. “I created Beelzebub…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has…

Read more →

A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice…

Read more →

The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database,…

Read more →

NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to dissect and examine compiled code across multiple platforms, including Windows, macOS, and Linux. Ghidra 11.3 is fully…

Read more →

The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard. The research showed 91% of respondents report feeling concerned about cybersecurity…

Read more →