Tag: Help Net Security

One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers…

Read more →

Intel 471 launched Guided Threat Hunts, a new method-driven tool within the Hunt Management Module, part of our HUNTER solution. As threat hunting for advanced adversaries continues to be an increasingly complex, time-consuming and resource-heavy process, Intel 471 is empowering…

Read more →

The annual CISO New York summit will be held on September 9, 2025, uniting over 150 senior cybersecurity executives for a full day of insight, strategy, and collaboration at Convene, 601 Lexington Avenue. This highly curated summit is tailored for…

Read more →

Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. “While there is currently no evidence that this vulnerability is being actively exploited in the wild,”…

Read more →

Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises with mature security teams, and are especially dangerous because they can be exploited with little technical skill.…

Read more →

Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast Security. These attacks target the custom code, APIs, and logic that power applications, often slipping past detection…

Read more →

In this Help Net Security interview, Aleksandar Stančin, Board Member Adriatics, Exclusive Networks, discusses the state of cybersecurity in the Adriatic region. He talks about how local markets often lag behind EU regulations, despite facing threats comparable to those in…

Read more →

The Identity Theft Resource Center (ITRC) reports 1,732 publicly disclosed data breaches in H1 2025, marking a 5% increase over the same period in 2024. The ITRC could track a record number of compromises in 2025 if the current data…

Read more →

With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default for Home users. “For nearly four decades, the blue screen shown during an…

Read more →

The suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime forums, was arrested in Kyiv, Ukraine, on 22 July. The takedown followed a long-running investigation led by the French Police and Paris Prosecutor, in close cooperation with…

Read more →

Bitdefender expanded support for Facebook and Instagram for Bitdefender Security for Creators, a dedicated cybersecurity solution for digital content creators, social media influencers, and online creatives. With this expansion, the service delivers powerful, multi-platform protection across YouTube, Instagram, and Facebook,…

Read more →

PlexTrac launched enhanced Workflow Automation Engine, a major product update designed to standardize workflows across the vulnerability lifecycle, automate pentest findings delivery, accelerate time to remediation, and increase operational efficiency. By leveraging the unified security data already centralized in PlexTrac,…

Read more →

One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the flaws. About the vulnerabilities The three vulnerabilities affect Cisco’s Identity Services Engine (ISE) –…

Read more →

A new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal education funding. Threat researchers at BforeAI uncovered a cluster of lookalike domains…

Read more →

ManageEngine announced identity risk exposure management and local user MFA features in AD360, its converged identity and access management (IAM) platform. The release enables security teams to detect privilege escalation risks and secure unmanaged local accounts, two common identity attack…

Read more →

Akeyless launched NHI Federation, a solution that delivers Single Sign-On (SSO) for machines. As organizations increasingly operate workloads across on-premises and multi-cloud environments, platform and security teams face growing challenges in enabling secure and seamless access across these diverse ecosystems.…

Read more →

Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and reports, all in one place. By streamlining data organization and team coordination, it helps reduce the time…

Read more →

A new policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, responsible for 80 percent of global trade, is increasingly under attack by threat actors tied to Russia, Iran, and China. These ports…

Read more →

Phishing is one of the oldest and most effective scams used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy Hunt, who recently fell for a phishing email. Before…

Read more →

Fraud is growing faster than revenue in eCommerce. That’s one of the first things PwC and Forter point out in their new report, and it’s a wake-up call for online retailers. Fraud is rising faster than ever Right now, eCommerce…

Read more →

As Microsoft continues to update its customer guidance for protecting on-prem SharePoint servers against the latest in-the-wild attacks, more security firms have begun sharing details about the ones they have detected. Most intriguingly, Check Point Research says that they observed…

Read more →

CYE launched its new AI Agent, CYE AI. The addition of this conversational AI assistant enables organizations to understand, prioritize, and act on their unique cyber risk from day one. In the growing threat landscape, where threat actors can compromise organizations…

Read more →

Malwarebytes announced the expansion of its ThreatDown product family with the launch of a new email security module designed to combat email-based threats. ThreatDown Email Security, powered by IRONSCALES‘ adaptive AI technology, extends protection beyond the endpoint—enabling users to manage…

Read more →

BitRaser launched its Integrated Mac Eraser and Diagnostics Tool, a software designed to streamline IT asset disposition (ITAD) processes. The tool allows ITAD providers to simultaneously perform secure data erasure and comprehensive hardware diagnostics on macOS devices, including both Apple…

Read more →

Seemplicity unveiled a major product release packed with AI-powered capabilities to cut through noise, facilitate fixing teams, and reduce time to remediation. This latest release introduces AI Insights, Detailed Remediation Steps, and Smart Tagging and Scoping, three new capabilities that…

Read more →

Data breaches seem to pop up in the news every other week, so it’s no surprise that keeping sensitive information safe has jumped to the top of the priority list for just about every industry. Hardware-encrypted drives like the iStorage…

Read more →

In this Help Net Security video, Chad Humphries, Solution Consultant, Networks & Cyber Security at Rockwell Automation, explores how cyber risk quantification is becoming essential for modern organizations. He breaks down global legal frameworks, AI’s growing role in dispute resolution,…

Read more →

Printer platform security is often overlooked in enterprise security strategies, creating security gaps, according to HP Wolf Security. By addressing security at every stage, organizations can strengthen their defenses and ensure their print infrastructure remains a trusted part of their…

Read more →

CISO Kbrw | France | Hybrid – View job details As a CISO, you will develop risk management processes aligned with company goals and enforce cybersecurity policies compliant with ISO27001, NIS2, and SOC2. You will handle security-related RFPs, monitor security…

Read more →

A new survey from ISC2 shows that nearly a third of cybersecurity professionals are already using AI security tools, and many others are close behind. So far, 30 percent of professionals say they’ve already integrated AI into their operations, while…

Read more →

Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable deployments. It’s currently unclear what the attackers are using this access for, but data theft looks most likely. According to…

Read more →

In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during global health emergencies. These crises often lead to an increase in phishing scams,…

Read more →

According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder than ever for qualified candidates to stand out. The industry has become highly…

Read more →

Calico is an open-source unified platform that brings together networking, security, and observability for Kubernetes, whether you’re running in the cloud, on-premises, or at the edge. The solution uses the lowest amount of processing resources, which is especially important in…

Read more →

Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position updates or…

Read more →

Nearly one in 12 employees are using Chinese-developed generative AI tools at work, and they’re exposing sensitive data in the process. That’s according to new research from Harmonic Security, which analyzed the behavior of roughly 14,000 end users in the…

Read more →

Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, the company has confirmed on Saturday. CVE-2025-53770 is being leveraged to place a backdoor on vulnerable on-premises SharePoint Servers…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by…

Read more →

In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs do not encompass the full…

Read more →

Strata Identity introduced a new product, Identity Orchestration for AI Agents. Built on Strata’s Maverics vendor-agnostic identity fabric and hybrid air-gap architecture, it provides identity guardrails and observability for AI agents without limiting identity provider (IDP) choice. AI agents pose…

Read more →

In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. Drawing on experience in regulated industries such as finance, telecom, and critical infrastructure, he offers tips…

Read more →

96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its operations, according to F5. Only 2% of global organizations are highly ready to…

Read more →

Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. It’s quick and easy. But behind the convenience is a growing privacy…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from At-Bay, Immersive, NETSCOUT, Socure, and Stellar Cyber. Stellar Cyber 6.0.0 enhances automation, workflow intelligence, and user experience The 6.0.0 release builds on Stellar Cyber’s vision…

Read more →

At the upcoming Black Hat USA 2025 in Las Vegas, Stellar Cyber will debut its Identity Threat Detection & Response (ITDR) capabilities, fully embedded into its open, unified, AI-driven SecOps platform. See Identity Threat Detection & Response (ITDR) capabilities in…

Read more →

Over the years, the number of services we use has exploded, and so has the need to protect our credentials. Back in what I like to call “the age of innocence,” we scribbled passwords on paper or reused “password123” across…

Read more →

Machine learning models are everywhere now, from chatbots to credit scoring tools, and they carry traces of the data they were trained on. When someone asks to have their personal data erased under laws like the GDPR, their data also…

Read more →

In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program. She outlines the key differences between short-term fixes and long-term resilience, and discusses…

Read more →

Akeyless has launched Akeyless SecretlessAI, a solution purpose-built to secure AI agents and Model Context Protocol (MCP) servers. As enterprises accelerate AI adoption, these autonomous systems are increasingly entrusted with accessing sensitive data, APIs, and internal tools to fulfill their…

Read more →

Legit Security announced enhanced capabilities for significant code change and workflow orchestration within its platform. These capabilities provide insight into changes in code, configuration, or infrastructure that can impact an application’s security or compliance posture. With visibility into where everyday…

Read more →

Socure launched Workforce Verification solution to address the growing threat of employee fraud. Socure’s Workforce Verification adapts its enterprise-grade identity verification and fraud prevention specific to hiring workflows, detecting manipulated or fabricated identities before they enter organizations and addressing workforce…

Read more →

For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild. About CVE-2025-6558 CVE-2025-6558 is a high-severity vulnerability that stems from incorrect validation of untrusted input in ANGLE – the Almost…

Read more →

In a major blow to pro-Russian cybercrime, authorities across Europe and the United States launched a sweeping international crackdown on the hacking group NoName057(16) between 14 and 17 July. The coordinated operation, codenamed Eastwood and led by Europol and Eurojust,…

Read more →

Immersive announced its Immersive One AI-powered Lab Builder feature to give customers and partners new ways to improve cyber skills across teams through customized labs and learning experiences. With this new tool supporting Immersive’s Prove, Improve, Benchmark, and Report (PIBR)…

Read more →

At the end of Star Wars: A New Hope, Luke Skywalker races through the Death Star trench, hearing the ghostly voice of Obi-Wan Kenobi telling him to trust him. Luke places blind trust in an intangible energy that surrounds him,…

Read more →

2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to share the biggest surprises they’ve seen so far this year and…

Read more →

Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. In essence, it serves as an always-on sentinel for AD, preventing users from choosing compromised or…

Read more →

Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments. It monitors the system in real time to spot unusual activity and possible security threats. Falco is a graduated project from the Cloud Native Computing Foundation…

Read more →

A new report from Living Security and the Cyentia Institute sheds light on the real human element behind cybersecurity threats, and it’s not what most organizations expect. The Risky Business: Who Protects & Who Puts You at Risk report analyzes…

Read more →

NETSCOUT announced Adaptive Threat Analytics, a new enhancement to its Omnis Cyber Intelligence Network Detection and Response (NDR) solution, designed to improve incident response and reduce risk. Adaptive Threat Analytics enables security teams to investigate, hunt, and respond to cyber…

Read more →

F5 announced new tools to reduce the immense complexity cross-functional operations (XOps) teams face in managing hybrid, multicloud, and AI-driven application environments. F5 AI Assistant now provides a single natural language interface across F5 BIG-IP, F5 NGINX One, and F5…

Read more →

UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot process). “While AMI (the original firmware supplier) has…

Read more →

Fingerprint announced new Smart Signals and platform enhancements that detect malicious bots and AI agents, distinguishing them from legitimate automated traffic. As agentic commerce experiences explosive growth and autonomous AI agents become increasingly sophisticated, enterprises need advanced tools to protect…

Read more →

Pentera has introduced a capability to uncover and validate risk exposure from data in Git repositories. Pentera now discovers repositories linked to the organization, identifies embedded credentials, tokens, and other sensitive data, and utilizes them to execute safe-by-design test-attacks against…

Read more →

At-Bay launched its new Managed Extended Detection and Response (MXDR) platform, designed to give mid-market and small businesses access to enterprise-grade cybersecurity at an affordable cost. Spanning endpoint, cloud, identity, and email, At-Bay Stance MXDR provided by At-Bay Security, gives…

Read more →

AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more. Its simplicity and open-source design have made it a…

Read more →

For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the threats. Now,…

Read more →

In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet management cybersecurity. He points to growing risks like API breaches, tampering with onboard diagnostics,…

Read more →

A growing number of MSPs, MSSPs, and consultancies are moving beyond one-and-done engagements and transforming from tactical vendors into strategic advisors. They’re shifting toward recurring cybersecurity programs that not only improve client outcomes but also generate compounding business value. Each…

Read more →

After every breach, people ask: How did this happen if there were cybersecurity policies in place? The truth is, just having them doesn’t stop attacks. They only work if people know them and follow them when it matters. That’s where…

Read more →

Application Penetration Tester Tata Consultancy Services | Ireland | Hybrid – View job details As an Application Penetration Tester, you will perform in-depth manual testing of web applications and APIs. You’ll work with clients to define scope and understand application…

Read more →

MITRE has introduced AADAPT (Adversarial Actions in Digital Asset Payment Technologies), a new cybersecurity framework designed to tackle vulnerabilities in digital financial ecosystems, including cryptocurrency platforms. Modeled after the MITRE ATT&CK framework, AADAPT offers developers, policymakers, and financial institutions a…

Read more →

Stellar Cyber released version 6.0.0 of its award-winning open and unified SecOps Platform, introducing new AI-driven capabilities and workflow enhancements designed to propel organizations further along their journey to a human-augmented autonomous SOC. The 6.0.0 release builds on Stellar Cyber’s…

Read more →

Blumira launched new features and capabilities designed to help IT teams and managed service providers (MSPs) work smarter, reduce alert fatigue and simplify compliance reporting. With these updates, Blumira continues its mission to deliver security that adapts to the realities…

Read more →

With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon. About CVE-2025-25257 CVE-2025-25257 is found in FortiWeb’s…

Read more →

In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards. Hodges also explains…

Read more →

pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support. It saves the results in JSON files. You can turn one or more of these files…

Read more →

Discover how Bitdefender PHASR enables organizations to identify and remediate security misconfigurations before attackers can exploit them. This demo walks through PHASR’s proactive hardening capabilities, showing how it transforms visibility into actionable protection. The post Bitdefender PHASR: Proactive hardening demo…

Read more →

60% of organizations rate their Microsoft 365 security as “established” or “advanced”, according to CoreView. Yet, 60% of those same organizations have experienced account compromise attacks. The Microsoft 365 attack surface is wide and unpredictable. Risks can come from any…

Read more →

A new report from Zendesk outlines a growing problem for companies rolling out AI tools: many aren’t ready to manage the risks. The AI Trust Report 2025 finds that while AI is moving into customer service and support, only 23%…

Read more →

WatchGuard has released its latest Internet Security Report, covering malware, network, and endpoint threats spotted by its Threat Lab in the first quarter of 2025. The report shows a 171% jump in unique malware detections compared to the previous quarter,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes critical wormable Windows flaw (CVE-2025-47981) For July 2025 Patch Tuesday, Microsoft has released patches for 130 vulnerabilities, among them one that’s publicly disclosed…

Read more →

Threat actors are actively exploiting a recently fixed remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server, security researchers have warned. Wing FTP Server and CVE-2025-47812 Wing FTP Server is a commercial file transfer server solution used by businesses, MSPs…

Read more →

How are developers working in 2025? Docker surveyed over 4,500 people to find out, and the answers are a mix of progress and ongoing pain points. AI is gaining ground but still unevenly used. Security is now baked into everyday…

Read more →

Token Security announced two transformative innovations that redefine how enterprises discover, govern, and secure expanding universe of AI agents and machine identities. The company has launched an AI Discovery Engine for NHIs and introduced the Token AI Agent, a powerful…

Read more →

Bitwarden launched a new Model Context Protocol (MCP) server, enabling secure integration between AI agents and credential workflows. This release positions Bitwarden at the forefront of empowering AI assistants to access, generate, retrieve, and manage credentials while preserving zero-knowledge, end-to-end…

Read more →

In this Help Net Security interview, Thijs Povel, Managing Partner at Ventures.eu, discusses how the firm evaluates emerging technologies through the lens of defense and resilience. He explains how founders from both defense and adjacent sectors are addressing policy shifts,…

Read more →

While IT departments race to implement AI governance frameworks, many employees have already opened a backdoor for AI, according to ManageEngine. The rise of unauthorized AI use Shadow AI has quietly infiltrated organizations across North America, creating blind spots that…

Read more →

Financial institutions are building stronger defenses against direct cyberattacks, but they may be overlooking a growing problem: their vendors. According to Black Kite’s new report, third-party risk has become one of the biggest cybersecurity threats facing the financial sector. Ransomware…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Barracuda Networks, Cynomi, Lepide, Tosibox, and Zenni Optical. Cynomi’s platform updates enable service providers to prioritize their security efforts Cynomi has launched new business impact…

Read more →

Four individuals suspected of having been involved in the ransomware attacks that hit UK-based retailers earlier this year have been arrested by the UK National Crime Agency. “Two males aged 19, another aged 17, and a 20-year-old female were apprehended…

Read more →

Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities…

Read more →

Sigma360 launched AI Investigator Agent, an autonomous GenAI agent that transforms how compliance teams handle risk alerts. This innovation leverages advanced AI and entity resolution models to clear easily identifiable false positives, reducing manual match reviews by up to 90%…

Read more →

Cynomi has launched new business impact analysis (BIA) and business continuity planning (BCP) features. Designed to help cybersecurity professionals identify and protect mission-critical business processes, these new capabilities enable service providers to prioritize security efforts effectively, streamline continuity planning, and…

Read more →

In a move set to redefine the way organizations manage data access and implement zero trust, Lepide launched Lepide Protect, an AI-powered permissions management solution designed to help organizations move beyond visibility and into action. Part of the 25.1 release of…

Read more →

Shopping on a fake online store can lead to more than a bad purchase. It could mean losing money, having your identity stolen, or even getting malware on your device. E-shop scams rose by 790% in the first quarter of…

Read more →

In this Help Net Security interview, David Warburton, Director at F5 Labs, discusses how the EU’s Post-Quantum Cryptography (PQC) roadmap aligns with global efforts and addresses both the technical and regulatory challenges of migrating to PQC. Warburton also outlines practical…

Read more →

Sonatype has published its Q2 2025 Open Source Malware Index, identifying 16,279 malicious open source packages across major ecosystems such as npm and PyPI. This brings the total number of malware packages discovered by the company to 845,204. Compared to…

Read more →

There has been a significant increase in the global trend of corporations planning to integrate cybersecurity under the CISO or other executives, according to Fortinet. Growing maturity in OT cybersecurity processes and solutions (Source: Fortinet) OT security moves up the…

Read more →

Only 23% of organizations are confident that they have very high visibility of their software supply chain, according to LevelBlue’s Data Accelerator. The limited visibility reported by organizations significantly impacts their cyber resilience. Poor risk visibility leaves software supply chains…

Read more →