Tag: Help Net Security

A critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited Vulnerabilities catalog on Tuesday. According to the vulnerability’s entry in NIST’s National Vulnerability Database, the flaw has been leveraged in attacks…

Read more →

The OpenSSL Project has released version 3.5.0 of its widely used open-source cryptographic library, introducing new features and notable changes that signal its evolution toward future-ready cryptography. This feature release includes support for post-quantum cryptography (PQC), server-side QUIC, and tighter…

Read more →

Furl launched AI-powered remediation platform, designed to revolutionize how security teams tackle the ever-growing backlog of endpoint and server vulnerabilities. By leveraging automation and AI-driven remediation, Furl enables organizations to double their productivity while reducing manual workloads and operational complexity.…

Read more →

Fastly announced key updates to Fastly DDoS Protection that deliver visibility into attack mitigation. Fastly DDoS Protection can mitigate attacks in seconds. Now with Fastly DDoS Protection’s Attack Insights, security teams gain real-time insights into DDoS events, empowering them to…

Read more →

Fortinet has unveiled FortiAI innovations embedded across the Fortinet Security Fabric platform to enhance protection against new and emerging threats, simplify and automate security and network operations, and secure employee use of AI-enabled services. “Fortinet’s AI advantage stems from the breadth…

Read more →

Index Engines announced CyberSense 8.10, fully integrated with Dell PowerProtect Cyber Recovery, which provides new capabilities to enhance cyber resilience and streamline recovery from ransomware attacks. CyberSense’s highly-trained AI ensures data integrity, empowering organizations to detect corruption from cyber threats…

Read more →

Tufin releases Tufin Orchestration Suite (TOS) R25-1, bringing expanded device coverage, deeper visibility, and stronger cloud security to today’s modern hybrid and multi-cloud networks. As enterprises expand their networks across multiple cloud platforms and vendors, maintaining security, visibility, and compliance…

Read more →

Cyber threats aren’t going away, and CISOs know prevention isn’t enough. Being ready to respond is just as important. Cyber crisis simulations offer a way to test that readiness. They let teams walk through real-world scenarios in a controlled setting,…

Read more →

APTRS is an open-source reporting tool built with Python and Django. It’s made for penetration testers and security teams who want to save time on reports. Instead of writing reports by hand, users can create PDF and Excel files directly…

Read more →

In this Help Net Security interview, Kevin Serafin, CISO at Ecolab, discusses aligning security strategy with long-term business goals, building strong partnerships across the organization, and approaching third-party risk with agility. How do you define cyber risk within your organization’s…

Read more →

AI-powered cyberattacks are becoming powerful new weapons. Organizations need to act fast to close the gap between today’s defenses and tomorrow’s threats. These attacks are only going to grow. New data from Armis Labs shows that the threat of AI…

Read more →

April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. CVE-2025-29824 CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS) that can be –…

Read more →

Jit has launched its new AI agents to offload specific and tedious tasks from AppSec teams such as creating risk assessments, threat models, and compliance reports; while making it easy to take action on mitigating security risk. As a result,…

Read more →

Cybersecurity is inextricably tied to the technology it protects. Just as technology continues to grow in variety, quantity, and presence in all of our lives, so too does cybersecurity and our personal responsibility for it. You might be wondering how…

Read more →

Netskope announced Netskope One DLP On Demand, the newest component in its unified Netskope One Data Security service. Netskope One DLP On Demand enables new data protection integrations for Netskope technology alliance partners, on-premises support for customers, and significant enhancements…

Read more →

Ontinue announced ION for Enhanced Phishing Protection. This new add-on service extends phishing detection and response capabilities for ION MXDR customers, significantly reducing cyber risk by handling emails reported as suspicious by end users. ION for Enhanced Phishing Protection empowers…

Read more →

PowerDMARC, a leading provider of email authentication and domain security solutions, is excited to announce its participation at RSAC 2025 Conference (April 28 – May 1) at the Moscone Center in San Francisco. PowerDMARC will be exhibiting at Booth ESE-01,…

Read more →

In this Help Net Security interview, Esteban Gutierrez, CISO and VP of Information Security at New Relic, discusses how the adoption of cloud infrastructure is outpacing security readiness. He shares strategies for overcoming common misconfigurations and optimizing access controls in…

Read more →

The financial sector is under growing pressure from advanced phishing attacks and fraud, causing major financial losses and eroding customer trust. Escalation of phishing attacks While traditional phishing relied on generic emails to steal sensitive data, cybercriminals now use targeted…

Read more →

For an AI agent to “think” and act autonomously, it must be granted agency; that is, it must be allowed to integrate with other systems, read and analyze data, and have permissions to execute commands. However, as these systems gain…

Read more →

Application Security Engineer (DevSecOps & VAPT) Derisk360 | India | On-site – View job details As an Application Security Engineer (DevSecOps & VAPT), you will integrate security into CI/CD pipelines, conduct vulnerability assessments and penetration testing, and use tools like…

Read more →

62% of utility operators were targeted by cyberattacks in the past year, and of those, 80% were attacked multiple times, according to Semperis. 54% suffered permanent corruption or destruction of data and systems. (Source: Semperis) Utilities face rising cyber threats…

Read more →

Immuta announced enhancements to its Data Marketplace solution to help organizations that are increasingly focusing on data-driven decision making and artificial intelligence address the increase in volume of data access requests while minimizing data risk. Upcoming new features such as…

Read more →

RunSafe Security launched the RunSafe Risk Reduction Analysis, which analyzes total exposure to Common Vulnerabilities and Exposures (CVEs) and memory-based zero days in software. Designed for cybersecurity professionals and embedded systems developers, the solution provides much-needed insight into system vulnerabilities…

Read more →

WinRAR users, upgrade your software as soon as possible: a vulnerability (CVE-2025-31334) that could allow attackers to bypass Windows’ Mark of the Web (MotW) security warning and execute arbitrary code on your machine has been fixed in version 7.11. About…

Read more →

N-able announced the upcoming launch of its Vulnerability Management feature for their UEM (Unified Endpoint Management) products, N-central and N-sight. The new built-in feature will allow organizations to identify, prioritize, remediate, and report on vulnerabilities across all major operating systems…

Read more →

It starts with good intentions. A tool to stop phishing. Another to monitor endpoints. One more for cloud workloads. Soon, a well-meaning CISO finds themselves managing dozens of products across teams, each with its own dashboard, alerts, and licensing headaches.…

Read more →

In this Help Net Security interview, Arun Shrestha, CEO at BeyondID, discusses how AI is transforming secure access management for both attackers and defenders. He discusses the shift toward identity-first security, and the role of contextual and continuous authentication in…

Read more →

YES3 Scanner is an open-source tool that scans and analyzes 10+ different configuration items for your S3 buckets in AWS. This includes access such as public access via ACLs and bucket policies – including the complex combinations of account and…

Read more →

In this Help Net Security video, Sohrob Kazerounian, Distinguished AI Researcher at Vectra AI, discusses how the ongoing rapid adoption of LLM-based applications has already introduced new cybersecurity risks. These vulnerabilities will not be in the LLM itself, but rather…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are probing Palo Alto Networks GlobalProtect portals Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks…

Read more →

In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks of shadow IT. Rather than focusing on restrictive policies, fostering proactive partnerships with…

Read more →

Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management,…

Read more →

Technology has entered all areas of life, and our cars are no exception. They have become computers on wheels, equipped with sensors, software, and connectivity that provide safety and comfort. However, like all technological innovations, this one also brings risks,…

Read more →

In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers. With the adoption of generative AI,…

Read more →

Cisco released its 2025 Data Privacy Benchmark Study. The report looks at global trends in data privacy and how they affect businesses. The study gathered responses from 2,600 privacy and security experts in 12 countries. It highlights the need for…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam. Exabeam Nova accelerates threat detection and response By correlating multiple detections within a case and using a proprietary threat…

Read more →

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability…

Read more →

Bitsight launched Bitsight Identity Intelligence, a new, standalone threat intelligence module designed to help security teams detect compromised credentials, prevent unauthorized access, and proactively mitigate risk across their extended attack surface. Approximately 77% of web application breaches involved stolen credentials1,…

Read more →

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up with a…

Read more →

Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta,…

Read more →

Corgea launches BLAST (Business Logic Application Testing), its AI-driven cybersecurity platform designed to address the risks associated with hidden code vulnerabilities, human error, and security flaws introduced by AI-assisted coding tools. Traditional Static Application Security Testing (SAST) scanners and manual…

Read more →

1touch.io launched the next-generation Enterprise Data Security Posture Management (DSPM) platform, a solution designed specifically for hybrid, multi-cloud, on-premises, and mainframe environments. By integrating continuous data discovery, real-time access intelligence, AI-powered risk prioritization, and policy-driven orchestration into a unified platform,…

Read more →

Bluefin announced the addition of network tokenization capabilities to its ShieldConex Tokenization as a Service and Orchestration platforms, enabling merchants to directly provision network-issued payment tokens from card brands such as Visa, Mastercard, American Express, and Discover. Network tokenization replaces…

Read more →

CyberQP has launched its Zero Trust Helpdesk Security Platform—combining QGuard for Privileged Access Management (PAM) and QDesk for End-User Access Management (EUAM). This unified solution helps IT teams reduce risk, improve efficiency, and eliminate standing privileges across the organization. A…

Read more →

Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer legitimate software for download, Kaspersky researchers have warned. Malicious websites (Source: Kaspersky) The list of…

Read more →

You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save countless hours chasing…

Read more →

In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. Compromised credentials…

Read more →

Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting…

Read more →

Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree. The book draws from the author’s unlikely journey – from being expelled from high school to earning six…

Read more →

There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease…

Read more →

The Travelers Companies announced Travelers Cyber Risk Services, a suite of capabilities added to all cyber liability policies designed to help lower both the risk of a cyberattack and the cost to recover from one. In addition to always-on threat…

Read more →

In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article, we will be…

Read more →

Utimaco launched Quantum Protect, the Post Quantum Cryptography application package for its u.trust General Purpose HSM (Hardware Security Modules) Se-Series. The advent of quantum computers poses a threat to today’s cryptographic landscape. A cryptanalytically relevant quantum computer that could break…

Read more →

Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE…

Read more →

North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to extort…

Read more →

Exabeam unveiled Exabeam Nova, an autonomous AI agent delivering actionable intelligence that enables security teams to respond faster to incidents, reduce investigation times by over 50%, and mitigate threats more effectively. Exabeam delivers a multi-agent experience where specialized AI components…

Read more →

In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. He explains the difficulties of protecting patient information, securing legacy systems, and…

Read more →

BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, it includes 43 different exploits. Some are public, and others were…

Read more →

The Internet of Things (IoT) has become a major part of daily life. Smartphones, smart thermostats, security cameras, and other connected devices make tasks easier and improve comfort, efficiency, and productivity. But as the number of devices grows, so do…

Read more →

99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common pre-delivery email…

Read more →

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can be done? CVE-2025-2825, affecting CrushFTP versions 10.0.0 through…

Read more →

If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable”…

Read more →

Stellar Cyber launched its Open Cybersecurity Alliance based on its award-winning Open XDR platform. This initiative streamlines security operations, improves interoperability, and enhances threat detection and response for enterprises and MSSPs. The new alliance challenges the idea that in order…

Read more →

ExaGrid announced three new models: the EX20, EX81, and EX135 to its line of Tiered Backup Storage appliances, as well as the release of ExaGrid software version 7.2.0. ExaGrid tiered backup storage appliance models ExaGrid’s line of 2U appliances now…

Read more →

LoftLabs launched vNode to redefine secure tenant isolation in Kubernetes. By introducing a new layer of virtualization on the node level, vNode ensures workloads remain fully isolated, allowing platform teams to enforce stricter security boundaries while optimizing shared infrastructure. On…

Read more →

Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise.…

Read more →

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling into…

Read more →

While cybercriminals are often in the spotlight, one of the most dangerous threats to your company might be hiding in plain sight, within your own team. Employees, contractors, or business partners who have access to sensitive information can use that…

Read more →

Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test…

Read more →

In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay ahead.…

Read more →

Cloud Security Engineer Fexco | Ireland | Hybrid – View job details As a Cloud Security Engineer, you will design and implement security frameworks for cloud environments. Enforce secure access policies, MFA, and least privilege principles. Develop automated security solutions…

Read more →

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day. The…

Read more →

The European Commission has approved the 2025-2027 Digital Europe Programme (DIGITAL) work program, allocating €1.3 billion to advance key technologies essential for the EU’s future and technological sovereignty. DIGITAL is an EU funding initiative designed to bring digital technology closer…

Read more →

Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators to…

Read more →

senhasegura, a globally recognized leader in Privileged Access Management (PAM), announces its evolution into Segura, marking a new chapter for the company and its mission to deliver futureproof identity security. Founded in Brazil in 2009, senhasegura quickly earned international recognition…

Read more →

Privacy Commissioner of Canada Philippe Dufresne has launched a new online tool that will help businesses and federal institutions that experience a privacy breach to assess whether the breach is likely to create a real risk of significant harm to…

Read more →

Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy AI may…

Read more →

The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million application…

Read more →

Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project…

Read more →

The amount of data being shared by businesses with GenAI apps has exploded, increasing 30x in one year, according to Netskope. The average organization now shares more than 7.7GB of data with AI tools per month, a massive jump from…

Read more →

Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened. These altered clips spread…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft’s new AI agents take on phishing, patching, alert fatigue Microsoft is rolling out a new generation of AI agents in Security Copilot, built to…

Read more →

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OpenID Connect (OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access. By tightly integrating with identity providers (IdPs) and avoiding any…

Read more →

Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)…

Read more →

The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates the global smartphone market. According to…

Read more →

Global cybersecurity spending is expected to grow by 12.2% in 2025, according to the latest forecast from the IDC Worldwide Security Spending Guide. The rise in cyber threats is pushing organizations to invest more in their defenses. AI tools are…

Read more →

89% of healthcare organizations have the top 1% of riskiest Internet of Medical Things (IoMT) devices – which contain known exploitable vulnerabilities (KEVs) linked to active ransomware campaigns as well as an insecure connection to the internet – on their…

Read more →

Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, and TXOne Networks. Outpost24…

Read more →

In this Help Net Security video, Rebecca Krauthamer, CEO of QuSecure, explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare. She breaks down the so-called “quantum threat” and explains why it’s not just theoretical.…

Read more →

Biometric data refers to unique physical or behavioral characteristics that are used to verify a person’s identity. Revoking or changing biometric data is more complicated than changing passwords. Unlike passwords, biometric identifiers like fingerprints or retina scans are unique and…

Read more →

In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and…

Read more →

The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says. They…

Read more →

Legit Security launched a new Legit AppSec risk prevention dashboard. The new dashboard helps reduce the time, costs, and effort of fixing vulnerabilities by preventing issues in the first place. Legit’s prevention dashboard allows companies to go beyond “shift left”…

Read more →

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant…

Read more →

runZero releases new product capabilities, welcomes executive leadership with deep industry expertise, and gains channel momentum. runZero’s expanded platform offers a new approach to effectively manage the risk lifecycle, enabling security teams to find, prioritize, and remediate broad classes of…

Read more →

GetReal Security launched unified platform to help enterprises, government agencies and media organizations manage risk and mitigate threats from the growing presence of AI-fueled attacks. The platform brings together GetReal’s products and service offerings into a unified digital experience for…

Read more →

Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber…

Read more →

In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security stacks. Buckley shares insights on how deep observability…

Read more →

This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. Hetty: Open-source HTTP toolkit for security research Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to…

Read more →