September 2024
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts
Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. …
Microsoft revised the controversial Copilot+ Recall feature
Microsoft has made changes to Recall – the screenshot-taking, AI-powered search feature for Copilot+ PCs running Windows 11 – to reassure users worried about …
Could APIs be the undoing of AI?
Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and …
SCCMSecrets: Open-source SCCM policies exploitation tool
SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active …
Open source maintainers: Key to software health and security
Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting …
Businesses turn to private AI for enhanced security and data management
In this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security. He explains how it helps …
The most common authentication method is also the least secure
Despite the rise in cyber threats, many people do not have a holistic view of security, according to Yubico. The results of the survey uncovered concerning patterns and …
Week in review: Windows Server 2025 gets hotpatching option, PoC for SolarWinds WHD flaw released
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Windows Server 2025 gets hotpatching option, without reboots Organizations …
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day …
SpyCloud Connect delivers automated remediation of compromised identities
SpyCloud released new hosted automation solution, SpyCloud Connect, which delivers custom-built automation workflows to Information Security (InfoSec) and Security Operations …
AuditBoard’s risk platform enhancements empower teams to boost efficiency
AuditBoard announced extensions to its modern connected risk platform to help teams improve efficiency, foster collaboration, and increase the rigor and intentionality of …
3 tips for securing IoT devices in a connected world
IoT devices have become integral to how many organizations operate. From Smart TVs in conference rooms to connected sensors and wireless security cameras, these connected …
Featured news
Resources
Don't miss
- Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)
- Stealthy attack serves poisoned web pages only to AI agents
- September 2025 Patch Tuesday forecast: The CVE matrix
- Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
- CyberFlex: Flexible Pen testing as a Service with EASM