Tag: Help Net Security

Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device…

Read more →

US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks around the world. According to court documents, 22-year-old Ethan Foltz of Eugene, Oregon, is accused…

Read more →

Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. Technical details about the vulnerabilities have been published on Wednesday by researchers at watchTowr Labs, who also proved…

Read more →

StackHawk releaseed LLM-Driven OpenAPI Specifications, a powerful new capability that creates API documentation directly from source code, empowering security teams to expand their API testing coverage without relying on developers. This automation delivers faster, more accurate vulnerability scanning while enabling…

Read more →

LastPass announced passkey support, giving users and businesses a simpler, more secure way to log in across a variety of devices, browsers, and operating systems. Starting now, passkeys can be created, stored, and managed directly in the LastPass vault, alongside…

Read more →

In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one significant security incident over the last year. More than half of responders (52%)…

Read more →

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has allegedly been released on a Telegram…

Read more →

Javelin announced MCP Security, a defense-in-depth solution for the Model Context Protocol (MCP), the connective tissue between AI assistants, tools, and enterprise data. The release combines Javelin Ramparts, an MCP scanner, with Javelin MCP Runtime Guardrails for real-time policy enforcement…

Read more →

LudusHound is an open-source tool that takes BloodHound data and uses it to set up a working Ludus Range for safe testing. It creates a copy of an Active Directory environment using previously gathered BloodHound data. Red teams can use…

Read more →

Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps addresses this critical gap in security perimeters by combining AI and ML…

Read more →

In this Help Net Security interview, Jacob Ideskog, CTO of Curity, discusses the risks AI agents pose to organizations. As these agents become embedded in enterprise systems, the potential for misuse, data leakage, and unauthorized access grows. Ideskog warns that…

Read more →

Cloud adoption is speeding ahead in the business services sector, but security for remote and edge environments is falling behind. At the same time, generative AI is moving into daily workflows faster than most IT teams are prepared for. Those…

Read more →

iOS 18 comes with several privacy and security features that many iPhone users overlook. Knowing how to use them can help you protect your personal information and control which apps can access your data. USB Accessories Lock iOS 18 allows…

Read more →

Google used its Cloud Security Summit 2025 today to introduce a wide range of updates aimed at securing AI innovation and strengthening enterprise defenses. The announcements span protections for AI agents, new tools for security operations centers, enhancements in cloud…

Read more →

The lines between SaaS and AI are vanishing. AI agents are now first-class citizens in your SaaS universe: accessing sensitive data, triggering workflows, and introducing new risks that legacy SaaS security posture management tools (SSPM) miss. Security teams are discovering…

Read more →

Three families of Android VPN apps, with a combined 700 million-plus Google Play downloads, are secretly linked, according to a group of researchers from Arizona State University and Citizen Lab. Finding the secret links Virtual private networks (VPNs) are widely…

Read more →

Cofense launched Vision 3.0, the latest advancement to its Phishing Threat Detection and Response (PDR) platform. Vision 3.0 delivers faster, smarter incident response by giving security teams visibility into exactly how users interacted with phishing emails that slipped past perimeter…

Read more →

Git 2.51 is out, and the release continues the long process of modernizing the version control system. The update includes several technical changes, but one of the most important areas of work is Git’s move toward stronger cryptographic security through…

Read more →

Cybersecurity training often struggles to match the complexity of threats. A new approach combining digital twins and LLMs aims to close that gap. Researchers from the University of Bari Aldo Moro propose using Cyber Digital Twins (CDTs) and generative AI…

Read more →

Cybersecurity myths are like digital weeds: pull one out, and another quickly sprouts in its place. You’ve probably heard them before: Macs don’t get viruses, we’re too small to be a target, or changing passwords often keeps us safer. Experts…

Read more →