Taiwan NSB Alerts Public on Data Risks from TikTok, Weibo...
Taiwan's National Security Bureau (NSB) has warned that China-developed applications like RedNote (aka Xiaohongshu), Weibo, TikTok, WeChat, and Baidu Cloud p...

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpi...
Threat actors are weaponizing exposed Java Debug Wire Protocol (JDWP) interfaces to obtain code execution capabilities and deploy cryptocurrency miners on co...

NightEagle APT Exploits Microsoft Exchange Flaw to Target...
Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microso...

How to get into cybersecurity | Unlocked 403 cybersecurit...
Cracking the code of a successful cybersecurity career starts here. Hear from ESET's Robert Lipovsky as he reveals how to break into and thrive in this fast-...

Your AI Agents Might Be Leaking Data — Watch this Webinar...
Generative AI is changing how businesses work, learn, and innovate. But beneath the surface, something dangerous is happening. AI agents and custom GenAI wor...

Critical Sudo Vulnerabilities Let Local Users Gain Root A...
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable loca...

Task scams: Why you should never pay to get paid
Some schemes might sound unbelievable, but they’re easier to fall for than you think. Here’s how to avoid getting played by gamified job scams.

Google Ordered to Pay $314M for Misusing Android Users' C...
Google has been ordered by a court in the U.S. state of California to pay $314 million over charges that it misused Android device users' cellular data when ...

NTLM relay attacks are back from the dead
NTLM relay attacks are the easiest way for an attacker to compromise domain-joined hosts. While many security practitioners think NTLM relay is a solved prob...

New hires, new targets: Why attackers love your onboardin...
In this Help Net Security video, Ozan Ucar, CEO of Keepnet Labs, highlights a critical cybersecurity blind spot: the vulnerability of new hires during onboar...

Africa’s cybersecurity crisis and the push to mobilizing ...
While Africa hosts some of the fastest-growing digital economies globally, it also faces persistent challenges in cybersecurity preparedness. Many organizati...

Exposed and unaware? Smart buildings need smarter risk co...
75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and un...

Internet outages are costing companies millions every month
To ensure resilience across the internet stack, organizations need to protect and manage four key areas: reachability, availability, reliability, and perform...

New infosec products of the week: July 4, 2025
Here’s a look at the most interesting products from the past week, featuring releases from DigitalOcean, Scamnetic, StealthCores, and Tracer AI. Scamnetic Kn...

Massive Android Fraud Operations Uncovered: IconAds, Kale...
A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps w...

Google open-sources privacy tech for age verification
Age verification is becoming more common across websites and online services. But many current methods require users to share personal data, like a full ID o...

Best travel apps: maps, taxis, food, internet | Kaspersky...
Discover which apps help you avoid getting lost, find great food, explore new places, and stay connected — even far from home.

You can’t trust AI chatbots not to serve you phishing pag...
Popular AI chatbots powered by large language models (LLMs) often fail to provide accurate information on any topic, but researchers expect threat actors to ...

Cisco fixes maximum-severity flaw in enterprise unified c...
Cisco has found a backdoor account in yet another of its software solutions: CVE-2025-20309, stemming from default credentials for the root account, could al...

Over 40 Malicious Firefox Extensions Target Cryptocurrenc...
Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, p...

The Hidden Weaknesses in AI SOC Tools that No One Talks A...
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not al...

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks o...
The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sector...

How government cyber cuts will affect you and your business
Deep cuts in cybersecurity spending risk creating ripple effects that will put many organizations at a higher risk of falling victim to cyberattacks

GitPhish: Open-source GitHub device code flow security as...
GitPhish is an open-source security research tool built to replicate GitHub’s device code authentication flow. It features three core operating modes: an aut...

StealthMACsec strengthens Ethernet network security
StealthCores launched StealthMACsec, a comprehensive IEEE 802.1AE compliant MACsec engine that brings advanced side-channel countermeasures to Ethernet netwo...

Healthcare CISOs must secure more than what’s regulated
In this Help Net Security interview, Henry Jiang, CISO at Ensora Health, discusses what it really takes to make DevSecOps work in healthcare. He explains how...

Cyberattacks are draining millions from the hospitality i...
Every day, millions of travelers share sensitive information like passports, credit card numbers, and personal details with hotels, restaurants, and travel s...

AI tools are everywhere, and most are off your radar
80% of AI tools used by employees go unmanaged by IT or security teams, according to Zluri’s The State of AI in the Workplace 2025 report. AI is popping up a...

90% aren’t ready for AI attacks, are you?
As AI reshapes business, 90% of organizations are not adequately prepared to secure their AI-driven future, according to a new report from Accenture. Globall...

Critical Cisco Vulnerability in Unified CM Grants Root Ac...
Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Man...

Industrial security is on shaky ground and leaders need t...
44% of industrial organizations claim to have strong real-time cyber visibility, but nearly 60% have low to no confidence in their OT and IoT threat detectio...

North Korean Hackers Target Web3 with Nim Malware and Use...
Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming la...

Friday Squid Blogging: How Squid Skin Distorts Light
New research . As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.

Surveillance Used by a Drug Cartel
Once you build a surveillance system, you can’t control who will use it: A hacker working for the Sinaloa drug cartel was able to obtain an FBI officia...

That Network Traffic Looks Legit, But it Could be Hiding ...
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dange...

Qantas data breach could affect 6 million customers
Qantas has suffered a cyber incident that has lead to a data breach. “The incident occurred when a cyber criminal targeted a call centre and gained acc...

Hackers Using PDFs to Impersonate Microsoft, DocuSign, an...
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated b...

Gamaredon in 2024: Cranking out spearphishing campaigns a...
ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughou...

U.S. Sanctions Russian Bulletproof Hosting Provider for S...
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service pro...

Exabeam Nova Advisor Agent equips security leaders with a...
Exabeam announced a major expansion of its integrated multi-agent AI system Exabeam Nova that now equips security leaders with a real-time strategic planning...

Scamnetic KnowScam 2.0 helps consumers detect every type ...
Scamnetic releaseed KnowScam 2.0, its flagship product for scam protection and digital identity verification. KnowScam 2.0 builds on everything users already...

Cybersecurity essentials for the future: From hype to wha...
Cybersecurity never stands still. One week it’s AI-powered attacks, the next it’s a new data breach, regulation, or budget cut. With all that noise, it’s eas...

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapid...
Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impers...

How FinTechs are turning GRC into a strategic enabler
In this Help Net Security interview, Alexander Clemm, Corp GRC Lead, Group CISO, and BCO at Riverty, shares how the GRC landscape for FinTechs has matured in...

Secretless Broker: Open-source tool connects apps securel...
Secretless Broker is an open-source connection broker that eliminates the need for client applications to manage secrets when accessing target services like ...

Product showcase: Protect your data with Apricorn Aegis S...
The Apricorn Aegis Secure Key 3NXC is a 256-bit AES XTS hardware-encrypted flash drive with a USB-C connector. It is available in storage capacities ranging ...

Scammers are tricking travelers into booking trips that ...
Not long ago, travelers worried about bad weather. Now, they’re worried the rental they booked doesn’t even exist. With AI-generated photos and fake reviews,...

Critical Vulnerability in Anthropic's MCP Exposes Develop...
Cybersecurity researchers have discovered a critical security vulnerability in artificial intelligence (AI) company Anthropic's Model Context Protocol (MCP) ...

TA829 and UNK_GreenSec Share Tactics and Infrastructure i...
Cybersecurity researchers have flagged the tactical similarities between the threat actors behind the RomCom RAT and a cluster that has been observed deliver...

Ubuntu Disables Spectre/Meltdown Protections
A whole class of speculative execution attacks against CPUs were published in 2018. They seemed pretty catastrophic at the time. But the fixes were as well. ...