January 2025
GUI frontends for GnuPG, the free implementation of the OpenPGP standard
GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and …
Deepfakes force a new era in fraud detection, identity verification
The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula. With …
New infosec products of the week: January 24, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems. Lookout Mobile …
Juniper enterprise routers backdoored via “magic packet” malware
A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the …
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) …
Appdome Threat Dynamics analyzes and ranks mobile threats
Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI …
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly …
DigitalOcean Per-Bucket Access Keys boosts object storage security
DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, …
Bitsight Instant Insights accelerates vendor risk assessments
Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize …
Defense strategies to counter escalating hybrid attacks
In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and …
Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian …
CISOs are juggling security, responsibility, and burnout
This article gathers excerpts from multiple reports, presenting statistics and insights that may be valuable for CISOs, helping them with informed decision-making, risk …
Featured news
Resources
Don't miss
- State-backed phishing attacks targeting military officials and journalists on Signal
- Poland’s energy control systems were breached through exposed VPN access
- CISA orders US federal agencies to replace unsupported edge devices
- Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
- February 2026 Patch Tuesday forecast: Lots of OOB love this month