Category: Help Net Security

Palo Alto Networks introduced today Prisma SASE 5G, delivering the functionality and capabilities customers need to stay protected for the future state of mobility and connectivity. The company also announced the expansion of its private 5G collaborations, working with seven…

Read more →

Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities, streamlining security assessments for researchers and ethical hackers. Commix features Easy to use: Commix simplifies the process of identifying and exploiting command…

Read more →

The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for Chief AI Officers (CAIOs), offering guidance on defining their role and executing AI-driven business strategies. About the author Jarrod…

Read more →

QR codes have become an integral part of our everyday life due to their simplicity. While they’ve been around for many years, their use exploded during the COVID-19 pandemic, when businesses turned to them for contactless menus, payments, and check-ins.…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Massive botnet hits Microsoft 365 accounts A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts.…

Read more →

Ransomware attacks against industrial organizations surged by 87% over the past year, while new malware families designed specifically for OT environments emerged. These findings highlight a troubling trend: OT systems are increasingly becoming mainstream targets, and even sophisticated threat actors…

Read more →

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE Caldera MITRE Caldera is a platform built on the MITRE ATT&CK…

Read more →

The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security Baseline (OSPS Baseline), a tiered framework of security practices that evolve with the maturity of open…

Read more →

In this Help Net Security interview, David Dumont, Partner at Hunton Andrews Kurth, discusses the implications of the EU AI Act and how organizations can leverage existing GDPR frameworks while addressing new obligations such as conformity assessments and transparency requirements.…

Read more →

In this Help Net Security video, Nathan Parks, Senior Research Specialist at Gartner, discusses their recent research, revealing that only 14% of security leaders effectively balance data security with business goals. 35% of leaders are focused on securing data, while…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo Alto Networks, Pangea, Privacera, Qualys, SafeBreach, Satori, Seal Security, Socure, and Veeam Software. Qualys TotalAppSec…

Read more →

Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024, according to risk advisory firm Kroll, which expects this trend to continue in 2025. But attackers have also increasingly been using…

Read more →

CalypsoAI launched the CalypsoAI Security Leaderboard, an index of all the major AI models based on their security performance. The CalypsoAI Security Leaderboard ranks all the major models on their ability to withstand advanced security attacks and presents a risk-to-performance (RTP)…

Read more →

Aviatrix launched Aviatrix Kubernetes Firewall, a new solution designed to tackle the pervasive security and application modernization challenges faced by enterprises operating Kubernetes at scale, particularly those in hybrid and multicloud environments. In an era where enterprises are increasingly adopting Kubernetes…

Read more →

Trustmi announced new Behavioral AI, anomaly detection, and risk-scoring capabilities to help enterprise customers combat social engineering attacks on their finance teams, payment systems, suppliers, and processes. The new wave of sophisticated AI-driven social engineering attacks generates highly personalized and…

Read more →

A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application. About CVE-2025-23363 Siemens Teamcenter is a suite of applications…

Read more →

F5 introduced the F5 Application Delivery and Security Platform, an Application Delivery Controller (ADC) solution that fully converges high-performance load balancing and traffic management with app and API security capabilities into a single platform. With this platform, F5 is delivering…

Read more →

Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat intelligence, and automation. While these systems present significant potential, they also introduce new risks that CISOs must address. This…

Read more →

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Kunai: Open-source threat hunting tool for Linux Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments.…

Read more →

The post Cybersecurity jobs available right now in Europe: February 27, 2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now in Europe: February 27,…

Read more →

Imagine you’re a network engineer at an enterprise. You already have your hands full with IT priorities, including managing bandwidth related to working from home, the company’s new data center, and, more recently, computing needs to support AI adoption. Additionally,…

Read more →

While cybersecurity pros spend much of their time immersed in technical reports, risk assessments, and policy documents, fiction offers a refreshing perspective on security and hacking. Great cyber-themed novels can teach lessons on human psychology, cyber warfare, and the ethics…

Read more →

Fortanix announced new capabilities to its data encryption and key management platform. Even as organizations struggle to manage the rising costs and complexity of data security, advances in AI and quantum computing will render current protections obsolete. Quantum computers will…

Read more →

For the second time since the start of 2025, a huge number of login credentials extracted from infostealer logs has been added to the database powering the HaveIBeenPwned (HIBP) site and breach notification service. In January 2025, HIBP’s creator Troy…

Read more →

Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first verifying whether it’s malicious. “Over the course of the GitVenom campaign, the threat actors behind…

Read more →

Pentera has unveiled Cyber Pulse, a new mechanism to update the Pentera platform with the latest vulnerabilities and attack techniques from the Pentera research team. Cyber Pulse delivers a continuous stream of new cyber exposure validation capabilities, enabling organizations to…

Read more →

Seal Security launched Seal OS, a solution designed to automatically fix vulnerabilities in both Linux operating systems and application code. Seal OS delivers long-term support for a wide range of Linux distributions, encompassing Red Hat Enterprise Linux, CentOS, Oracle Linux,…

Read more →

Red Hat announced Red Hat OpenShift 4.18, the latest version of the hybrid cloud application platform powered by Kubernetes. Red Hat OpenShift 4.18 introduces new features and capabilities designed to streamline operations and security across IT environments and deliver greater…

Read more →

DalFox is an open-source tool for automating the detection of XSS vulnerabilities. With powerful testing capabilities and a wide range of features, it makes scanning, analyzing parameters, and verifying vulnerabilities faster and easier. “The uniqueness of Dalfox lies in its…

Read more →

For many CISOs, compliance can feel like a necessary evil and a false sense of security. While frameworks like ISO 27001, SOC 2, and PCI DSS offer structured guidelines, they don’t automatically equate to strong cybersecurity. The challenge? Many organizations…

Read more →

In this Help Net Security video, Nataraj Nagaratnam, an IBM Fellow and CTO for Cloud Security, discusses enterprises’ steps to lay a secure foundation for agentic AI deployments. Recent research from IBM and Morning Consult shows that 99% of developers…

Read more →

DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise…

Read more →

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to…

Read more →

Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows…

Read more →

Halcyon announced Halcyon Ransomware Detection and Recovery (RDR), a no-cost integrated service that is now included with every deployment of the Halcyon Anti-Ransomware Platform. Most 24/7 threat monitoring and response services are not included with software platform purchases and are…

Read more →

Netskope announced enhancements to its Netskope One Enterprise Browser. By delivering Enterprise Browser fully integrated with the Netskope One platform’s Security Service Edge (SSE) capabilities, Netskope enables organizations to increase productivity and streamline the security of how unmanaged devices and…

Read more →

Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub 10, Nextcloud demonstrates that open source is…

Read more →

By providing full context around both the application and the development environment, Legit’s ASPM platform empowers CISOs and their team to find, fix, and prevent the application vulnerabilities driving the greatest business risk. The release of Legit context follows on…

Read more →

OwnID announced an addition to its platform: AI-native identity support for AI Agents. With browser-using AI Agents – such as ChatGPT Operator and other autonomous digital assistants becoming an integral part of customer interactions, businesses require a secure, scalable way…

Read more →

In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked…

Read more →

Application Security Engineer Binance | UAE | Remote – View job details As a Application Security Engineer, you will enhance and maintain the security postures of Binance’s affiliates specializing in DeFi and Web3. Serve as the first responder for security…

Read more →

CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud to support remote teams, security teams must secure data without slowing down productivity. Finding the…

Read more →

BigID announced BigID Next, a cloud-native, AI-powered Data Security Platform (DSP) designed to help enterprises discover, manage, and protect their data at scale. With a modular, AI-assisted architecture, BigID Next empowers organizations to take control of their most valuable asset—data—while…

Read more →

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials…

Read more →

A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud…

Read more →

Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at…

Read more →

In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts also…

Read more →

In this Help Net Security video, Lee Waskevich, VP of Security at ePlus, discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data. The recent ePlus AI Readiness survey revealed that the top data concerns among…

Read more →

Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in…

Read more →

For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds. Only 6% of respondents report having fully…

Read more →

OpenText announced OpenText Core Threat Detection and Response, a new AI-powered cybersecurity solution for threat detection to be generally available with Cloud Editions 25.2. OpenText has expanded its Cybersecurity portfolio in recent years, and its next generation of innovation is…

Read more →

Versa releases Versa Sovereign SASE, allowing enterprises, governments, and service providers to deploy customized networking and security services directly from their own infrastructure in a “do-it-yourself” model. This approach addresses the growing demand for greater control amidst evolving data privacy…

Read more →

Symbiotic Security announced updates to its application and integrated development environment (IDE) extension, further streamlining security for developers by improving usability, accessibility, and real-time security insights. The demand for real-time security solutions is growing as organizations seek to shift security…

Read more →

Apple allows you to lock your notes using your iPhone passcode or a separate password, ensuring your private information stays protected across all your Apple devices, including iOS and macOS. Whether you’re using your iPhone, iPad, or Mac, here’s how…

Read more →

In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response FortiAnalyzer offers a streamlined entry point to…

Read more →

Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create and deliver…

Read more →

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code…

Read more →

Runa launched Runa Assure, a security suite specifically built to fortify payout processes against threats of fraud, cyberattacks, and compliance risks. Runa Assure was purpose-built for instant payout methods, including gift cards, prepaid, and push-to-card, and now protects over two…

Read more →

A new, improved version of Darcula, a cat-themed phishing-as-a-service (PhaaS) platform aimed at serving Chinese-speaking criminals, will be released this month and will allow malicious users to create customized phishing kits to target a wider variety of brands than ever…

Read more →

Since early 2024, ESET researchers have been tracking DeceptiveDevelopment, a series of malicious campaigns linked to North Korea-aligned operators. Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded with…

Read more →

Norton is setting the standard for scam protection with a new range of AI-powered features fully integrated in Norton Cyber Safety products to help protect people from the most widespread cyberthreat of our time. Like the first domino tipping over…

Read more →

Privacera announced significant updates to its AI Governance (PAIG) platform, reinforcing its commitment to AI risk management and compliance. These additions align PAIG to the existing National Institute of Standards and Technology’s (NIST) AI Risk Management Framework, offering a comprehensive,…

Read more →

1Password introduced 1Password Enterprise Password Manager – MSP Edition, a dedicated solution that transforms how MSPs safeguard client data and helps them confront complex threat environments. With features tailored to MSPs’ unique needs, this comprehensive solution strengthens client security posture…

Read more →

Lumu announced Playback feature for Managed Service Providers (MSPs). Playback collects, analyzes and stores network metadata including network logs, and turns them into actionable threat intelligence. This enterprise-grade technology is widely adopted by the financial sector, healthcare, government, and education,…

Read more →

In this Help Net Security interview, Juliette Hudson, CTO of CybaVerse, discusses why asset visibility remains a critical cybersecurity challenge. She explains how to maintain security without slowing down operations, shares ways to improve visibility in OT environments, and explains…

Read more →

The third quarter of 2024 saw a dramatic shift in the types of malware detected at network perimeters, according to a new WatchGuard report. The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted…

Read more →

Enhancing your security and privacy on iOS 18 involves configuring various settings to control access to your personal data and device features. Here are 12 essential settings to consider. Enable two-factor authentication (2FA) Using 2FA authentication adds an extra layer…

Read more →

CardinalOps announced new enhancements to its Threat Exposure Management platform. The newly launched platform provides security teams with better visibility, smarter prioritization, and consistent workflows to address exposures and proactively reduce the risk of a breach. With this expansion, CardinalOps is…

Read more →

Fortinet announced significant enhancements to FortiAnalyzer, reinforcing its role in driving faster, smarter security operations (SecOps)—all from a single, turnkey hybrid platform tailored for mid-sized enterprises and teams impacted by the cyber skills shortage. FortiAnalyzer offers a powerful, streamlined entry…

Read more →

Echoworx has unveiled its “Manage Your Own Keys” (MYOK) feature, powered by AWS Key Management Service (AWS KMS), an Amazon Web Services (AWS) service. This solution gives businesses greater control over sensitive data by allowing them to generate, manage, and…

Read more →

Edge Delta announced its Security Data Pipelines. This solution empowers security teams to process, analyze, and act on security data faster and more efficiently than ever before. By enabling real-time data processing and enrichment, Edge Delta’s Security Data Pipelines transform…

Read more →

Pangea announced AI Guard and Prompt Guard to secure AI, defending against threats like prompt injection and sensitive information disclosure. Alongside the company’s existing AI Access Control and AI Visibility products, Pangea now offers comprehensive suite of guardrails to secure…

Read more →

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the threat…

Read more →

Veeam Software announced it’s bringing recovery orchestrator to Microsoft Hyper-V customers as part of the Veeam Data Platform. Veeam Recovery Orchestrator simplifies and automates the disaster recovery planning, testing, and execution process. It allows organizations to create, manage, and test…

Read more →

Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking,…

Read more →

The cybersecurity startup landscape is at a crossroads. As venture-backed companies strive for successful exits, the bar has risen dramatically, requiring more funding, higher revenue, and faster growth than ever before. In this Help Net Security video, Mark Kraynak, Founding…

Read more →

Cybersecurity advice is everywhere. We’re constantly reminded to update our passwords, enable two-factor authentication, and avoid clicking suspicious links. Yet, beneath these practical steps lie deeper cyber hygiene habits that, despite their importance, are frequently overlooked. These underlying mindsets and…

Read more →

Cybersecurity professionals may be concerned about the constantly shifting threat landscape. From the increased use of artificial intelligence (AI) by malicious actors to the expanding attack surface, cybersecurity risks evolve, and defenders need to mitigate them. Despite a period of…

Read more →

A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The risk of encountering…

Read more →

BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their aggressive recruiting…

Read more →

Unit21 launched its new scams solution that helps financial institutions and fintechs detect and stop scams before they cause financial harm. Using AI automation, the new solution can be integrated into a fraud team’s workflow to accelerate investigations and response…

Read more →

Boomi unveiled its API Management (APIM) solution, delivering cloud-scale APIM alongside integration and automation, data management, and AI capabilities as part of the Boomi Enterprise Platform. Comprised of Boomi’s existing API Management offering along with assets recently acquired from both…

Read more →

ProcessUnity announced the next generation of the Global Risk Exchange. This platform transforms the third-party assessment process, reducing friction for both organizations and their third parties while streamlining vendor onboarding and accelerating assessment cycles. “The Global Risk Exchange makes the…

Read more →

In this Help Net Security, Oded Hareven, CEO of Akeyless Security, discusses how enterprises should adapt their cybersecurity strategies to address the growing need for machine-to-machine (M2M) security. According to Hareven, machine identities must be secured and governed similarly to…

Read more →

Your business can’t realize the many benefits of cloud computing without ensuring performance and availability in its cloud environments. Let’s look at some examples. Scalability: To scale your business’s cloud computing services, you need those services to be available and…

Read more →

Airport Cybersecurity Engineer II Salt Lake City Corporation | USA | On-site – View job details As an Airport Cybersecurity Engineer II, you will develop and implement policies, procedures, and training plans for security and network administration. Assess and mitigate…

Read more →

A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It’s usually distributed via infected Xcode projects – a…

Read more →

Discover the top Open-Source Intelligence (OSINT) books in this curated list. From investigative techniques to digital footprint analysis, these titles offer insights for security professionals, journalists, and researchers looking to master the art of gathering and analyzing publicly available data.…

Read more →

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the Treasury’s BeyondTrust…

Read more →

Two Estonian nationals may spend the next 20 years in prison for stealing hundreds of millions of dollars through a massive cryptocurrency Ponzi scheme, the US Department of Justice announced last week. The fraudulent operation “According to court documents, Sergei…

Read more →

In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating cloud-native security…

Read more →

Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I…

Read more →

In this Help Net Security video, Bart Koek, Field CTO at Immuta, discusses their 2025 State of Data Security Report, highlighting emerging challenges for IT and data security leaders. Key takeaways from the report: GenAI is causing significant change management…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days…

Read more →

Regardless of job title, 92% of executives stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles, according to…

Read more →

MetricStream has unveiled its annual forecast of key trends shaping the future of GRC and Cyber GRC. These 2025 predictions offer a roadmap for building resilience strategies, addressing emerging risks, and seizing new opportunities. AI comes of age: risks, rewards,…

Read more →

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code Authentication attacks are not new, they appear to have been rarely…

Read more →

Grip Security has unveiled its SaaS Security Posture Management (SSPM) solution, which proactively identifies misconfigurations, enforces best practices and strengthens SaaS security posture against emerging risks. Unlike traditional SSPM products, Grip SSPM is built on a foundation of visibility and…

Read more →