enterprise
Why AI agents could be the next insider threat
In this Help Net Security video, Arun Shrestha, CEO of BeyondID, explains how AI agents, now embedded in daily operations, are often over-permissioned, under-monitored, and …
Windows 10: How to get security updates for free until 2026
Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates …
Critical Citrix NetScaler bug fixed, upgrade ASAP! (CVE-2025-5777)
Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The …
Android Enterprise update puts mobile security first
Google is rolling out new Android Enterprise features aimed at improving mobile security, IT management, and employee productivity. According to Zimperium’s 2025 Global Mobile …
Attackers fake IT support calls to steal Salesforce data
Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat …
Microsoft unveils “centralized” software update tool for Windows
Microsoft is looking to streamline the software updating process for IT admins and users by providing a Windows-native update orchestration platform, and to help organizations …
Unpatched Windows Server vulnerability allows full domain compromise
A privilege escalation vulnerability in Windows Server 2025 can be used by attackers to compromise any user in Active Directory (AD), including Domain Admins. “The …
Google strengthens secure enterprise access from BYOD Android devices
Google has introduced Device Trust from Android Enterprise, a new solution for making sure that private Android devices used for work are secure enough to access corporate …
Compromised SAP NetWeaver instances are ushering in opportunistic threat actors
A second wave of attacks against the hundreds of SAP NetWeaver platforms compromised via CVE-2025-31324 is underway. “[The] attacks [are] staged by follow-on, …
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind …
44% of the zero-days exploited in 2024 were in enterprise solutions
In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …
What’s worth automating in cyber hygiene, and what’s not
Cyber hygiene sounds simple. Patch your systems, remove old accounts, update your software. But for large organizations, this gets messy fast. Systems number in the thousands. …
Featured news
Resources
Don't miss
- Google fixes actively exploited Android vulnerability (CVE-2025-48595)
- Red Hat npm packages compromised in new Mini Shai-Hulud malware wave
- Zero trust physical security needs trust decisions at the edge
- Why you need BAS and autonomous pentesting together
- This AI model backdoor attack stays hidden until you customize the model