Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Western Digital
Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)

Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has …

SonicWall
Akira ransomware: From SonicWall VPN login to encryption in under four hours

Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have …

Cisco
Cisco fixes IOS/IOS XE zero-day exploited by attackers (CVE-2025-20352)

Cisco has fixed 14 vulnerabilities in IOS and IOS XE software, among them CVE-2025-20352, a high-severity vulnerability that has been exploited in zero-day attacks. About …

Fortra GoAnywhere
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)

If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting …

wireless router
Many networking devices are still vulnerable to pixie dust attack

Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, …

magnify
Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make. The latest Akira …

GitHub
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers

Researchers have spotted a malvertising (and clever malware delivery) campaign targeting IT workers in the European Union with fake GitHub Desktop installers. “We …

Sitecore
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)

A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several …

Trend Micro
Trend Micro Apex One flaws exploted in the wild (CVE-2025-54948, CVE-2025-54987)

Unauthenticated command injection vulnerabilities (CVE-2025-54948, CVE-2025-54987) affecting the on-premise version of Trend Micro’s Apex One endpoint security platform …

Aayush Choudhury
Security tooling pitfalls for small teams: Cost, complexity, and low ROI

In this Help Net Security interview, Aayush Choudhury, CEO at Scrut Automation, discusses why many security tools built for large enterprises don’t work well for leaner, …

vCISO
AI is changing the vCISO game

Virtual CISO (vCISO) services have moved from niche to mainstream, with vCISO services adoption 2025 data showing a more than threefold increase in just one year. According to …

Microsoft Windows
Microsoft rolls out Windows 11 “quick recovery” feature

With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools