Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
ClickFix
Attackers upgrade ClickFix with tricks used by online stores

Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware …

trucks
Cybercriminals exploit RMM tools to steal real-world cargo

Cybercriminals are compromising logistics and trucking companies by tricking them into installing remote monitoring and management (RMM) tools, Proofpoint researchers warned. …

ransomware
Ransomware, extortion groups adapt as payment rates reach historic lows

Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, …

ClickFix
Researchers uncover ClickFix-themed phishing kit

Palo Alto Networks researchers have discovered and analyzed “IUAM ClickFix Generator”, a phishing kit that allows less skilled attackers to infect unsuspecting …

North Korea
North Korean hackers stole over $2 billion in cryptocurrency this year

North Korean hackers have stolen more than $2 billion in cryptocurrency in 2025, according to blockchain analytics firm Elliptic, and the year isn’t over yet. Though …

Salesforce
Hackers launch data leak site to extort 39 victims, or Salesforce

Scattered Lapsus$ Hunters launched a data leak site over the weekend, aiming to pressure organizations whose Salesforce databases they have plundered into paying to prevent …

cyber insurance
Ransomware remains the leading cause of costly cyber claims

Cyber threats are shifting in 2025, and while large companies are still targets, attackers are turning their attention to smaller and mid-sized firms. According to Allianz’s …

Malicious GitHub pages lure MacOS users into installing Atomic infostealer

MacOS users looking to download popular software such as LastPass, 1Password, After Effects, Gemini, and many others are in danger of getting saddled with the Atomic …

Doppel Simulation
What CISOs can learn from Doppel’s new AI-driven social engineering simulation

Doppel has introduced a new product called Doppel Simulation, which expands its platform for defending against social engineering. The tool uses autonomous AI agents to create …

ClickFix
Fake macOS help sites push Shamos infostealer via ClickFix technique

Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers …

social engineering
The new battleground for CISOs is human behavior

This article is no longer available. Check out our news from this week here: Week in review: Covertly connected and insecure Android VPN apps, Apple fixes exploited zero-day

lock
How Brandolini’s law informs our everyday infosec reality

Brandolini’s law, also known as the “bullshit asymmetry principle”, is simple but devastating: “The amount of energy needed to refute bullshit is an order of magnitude …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released for important security events and breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools