government
Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
CVE-2025-31324, a critical vulnerability in the SAP NetWeaver platform, is being actively exploited by attackers to upload malicious webshells to enable unauthorized file …
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting …
Trump orders revocation of security clearances for Chris Krebs, SentinelOne
Update: April 17, 09:56 AM – Chris Krebs stepped away from his position at SentinelOne. US President Donald Trump has signed an Executive Order on Wednesday to revoke …
Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK
Advanced Data Protection (ADP) secures iCloud data with end-to-end encryption. This ensures that no one, not even Apple, can access the encrypted data, which remains secure …
Threat actors are using legitimate Microsoft feature to compromise M365 accounts
Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) …
The UK’s secret iCloud backdoor request: A dangerous step toward Orwellian mass surveillance
The United Kingdom government has secretly requested that Apple build a backdoor into its iCloud service, granting the government unrestricted access to users’ private data. …
What you can do to prevent workforce fraud
In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated …
EU takes decisive action on healthcare cybersecurity
The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers. The initiative is an essential step in shielding …
A humble proposal: The InfoSec CIA triad should be expanded
The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may …
2025 is going to be a bumpy year for IoT
In the Internet of Things (IoT) sector, 2025 is shaping up to be a politically charged year. Major global jurisdictions are set to implement device security regulations, …
CISA orders federal agencies to secure their Microsoft cloud environments
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their …
Ukrainian hacker gets prison for infostealer operations
Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he …
Featured news
Resources
Don't miss
- The CISO selling confidence in a market full of breach headlines
- Frontier AI models collapse under multi-turn AI attacks, Cisco finds
- Fake ChatGPT and Claude installers on GitHub are dropping Deno RAT malware
- Coinflow CISO on crypto payments security under AI pressure
- Vigolium: Open-source vulnerability scanner