Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
TotalRecall
TotalRecall shows how easily data collected by Windows Recall can be stolen

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …

North Korea
Moonstone Sleet: A new North Korean threat actor

Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of …

cyber threat
US retailers under attack by gift card-thieving cyber gang

Earlier this month, the FBI published a private industry notification about Storm-0539 (aka Atlas Lion), a Morocco-based cyber criminal group that specializes in compromising …

Microsoft Recall
Windows’ new Recall feature: A privacy and security nightmare?

Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts …

Patch Tuesday
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by …

patch tuesday
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

The updates have been released: May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) The thunderstorms of April patches have passed, …

passkeys
Microsoft, Google widen passkey support for its users

Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out …

LSA Whisperer
LSA Whisperer: Open-source tools for interacting with authentication packages

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the …

Cisco
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day …

printer
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print …

Patch Tuesday
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked …

patch Tuesday
April 2024 Patch Tuesday forecast: New and old from Microsoft

April 2024 Patch Tuesday is now live: Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) This month, we have a new product preview …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools