Security
Storm-2603 spotted deploying ransomware on exploited SharePoint servers – Help Net Security
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft shared on Wednesday. First attack spotted on July 7th On Saturday, Microsoft announced that attackers have been spotted exploiting a zero-day variant (CVE-2025-53770) of a SharePoint vulnerability (CVE-2025-49706) that the…
Cyber turbulence ahead as airlines strap in for a security crisis – Help Net Security
Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to targeting critical systems with serious intent. Any time an aircraft transmits data, whether it’s flight position updates or maintenance alerts, it is vulnerable to interception by third parties. In several recent cases, cyber…
Poor Passwords Tattle on AI Hiring Bot Maker Paradox.ai – Krebs on Security
Security researchers recently revealed that the personal information of millions of people who applied for jobs at McDonald’s was exposed after they guessed the password (“123456”) for the fast food chain’s account at Paradox.ai, a company that makes artificial intelligence based hiring chatbots used by many Fortune 500 firms. Paradox.ai said the security oversight was…
Product showcase: Enzoic for Active Directory – Help Net Security
Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials. In essence, it serves as an always-on sentinel for AD, preventing users from choosing compromised or weak passwords and alerting administrators if any existing credentials become exposed in a breach. By…
Senator Chides FBI for Weak Advice on Mobile Security – Krebs on Security
Agents with the Federal Bureau of Investigation (FBI) briefed Capitol Hill staff recently on hardening the security of their mobile devices, after a contacts list stolen from the personal phone of the White House Chief of Staff Susie Wiles was reportedly used to fuel a series of text messages and phone calls impersonating her to…
Why CISOs are making the SASE switch: Fewer vendors, smarter security, better AI guardrails
Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now Investors, including venture capitalists (VCs), are betting $359 million that secure access service edge (SASE) will become a primary consolidator of enterprise security tech stacks. Cato Network’s oversubscribed Series…
Week in review: Sudo local privilege escalation flaws fixed, Google patches actively exploited Chrome – Help Net Security
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)If you haven’t recently updated the Sudo utility on your Linux box(es), you should do so now, to patch two local privilege escalation vulnerabilities (CVE-2025-32462, CVE-2025-32463) that have been disclosed on Monday. Google…
Big Tech’s Mixed Response to U.S. Treasury Sanctions – Krebs on Security
In May 2025, the U.S. government sanctioned a Chinese national for operating a cloud provider linked to the majority of virtual currency investment scam websites reported to the FBI. But a new report finds the accused continues to operate a slew of established accounts at American tech companies — including Facebook, Github, PayPal and Twitter/X….
Tracer AI combats fraud, counterfeits and narrative attacks in ChatGPT – Help Net Security
Tracer AI launched Tracer Protect for ChatGPT, a solution that protects brands from the reputational harm being propagated at machine scale via AI chatbots by bad actors. The rising popularity of generative AI (genAI) engines is driving the urgent and rapidly evolving brand security threat vector faced by enterprises. Tracer Protect for ChatGPT actively monitors…
Money mule networks evolve into hierarchical, business-like criminal enterprises – Help Net Security
In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. He looks at how these networks have changed and how behavioral intelligence is helping to catch fraud. Tresner also shares practical tips for CISOs trying to stop mule activity…