Net
Storm-2603 spotted deploying ransomware on exploited SharePoint servers – Help Net Security
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have been spotted exploiting a zero-day variant (CVE-2025-53770) of a SharePoint vulnerability (CVE-2025-49706) that the…
Cyber turbulence ahead as airlines strap in for a security crisis – Help Net Security
Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position updates or maintenance alerts, it is vulnerable to interception by third parties. In several recent cases, cyber…
Product showcase: Enzoic for Active Directory – Help Net Security
Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. In essence, it serves as an always-on sentinel for AD, preventing users from choosing compromised or weak passwords and alerting administrators if any existing credentials become exposed in a breach. By…
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. Google…
Tracer AI combats fraud, counterfeits and narrative attacks in ChatGPT – Help Net Security
Tracer AI launched Tracer Protect for ChatGPT, a solution that protects brands from the reputational harm being propagated at machine scale via AI chatbots by bad actors. The rising popularity of generative AI (genAI) engines is driving the urgent and rapidly evolving brand security threat vector faced by enterprises. Tracer Protect for ChatGPT actively monitors…
Money mule networks evolve into hierarchical, business-like criminal enterprises – Help Net Security
In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping to catch fraud. Tresner also shares practical tips for CISOs trying to stop mule activity…
How CISOs can justify security investments in financial terms – Help Net Security
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and elevate cybersecurity as a strategic driver. What should CISOs know about how insurers and financial…
Why AI code assistants need a security reality check – Help Net Security
In this Help Net Security interview, Silviu Asandei, Security Specialist and Security Governance at Sonar, discusses how AI code assistants are transforming development workflows and impacting security. He explains how these tools can boost productivity but may also propagate vulnerabilities if not properly reviewed. What security risks do AI code assistants pose that developers and…
Week in review: Microsoft fixes exploited zero-day, Mirai botnets target unpatched Wazuh servers – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes zero-day exploited for cyber espionage (CVE-2025-33053)For June 2025 Patch Tuesday, Microsoft has fixed 66 new CVEs, including a zero-day exploited in the wild (CVE-2025-33053). Unpatched Wazuh servers targeted by Mirai botnets (CVE-2025-24016)Two Mirai botnets are exploiting a critical…
The legal questions to ask when your systems go dark – Help Net Security
At Span Cyber Security Arena, I sat down with Iva Mišković, Partner at the ISO-certified Mišković & Mišković law firm, to discuss the role of legal teams during cyber incidents. She shared why lawyers should assume the worst, coordinate quickly, and ask the right questions to support IT. Mišković explained that a legal strategy, built…