Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
White House
White House launches AI Cyber Challenge to make software more secure

The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the …

intel
Downfall attacks can gather passwords, encryption keys from Intel processors

A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables …

ransomware
Data exfiltration is now the go-to cyber extortion strategy

The abuse of zero-day and one-day vulnerabilities in the past six months led to a 143% increase in victims when comparing Q1 2022 with Q1 2023, according to Akamai. Ransomware …

PaperCut
PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be …

vulnerabilities
Top 12 vulnerabilities routinely exploited in 2022

Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have released a list of the top 12 vulnerabilities routinely exploited in 2022, plus 30 …

VPN
VPNs remain a risky gamble for remote access

Organizations are expressing deep concerns about their network security due to the risks from VPNs, according to a new Zscaler report. The report stresses the need for …

Ivanti
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)

Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been …

Salesforce
Salesforce and Meta suffer phishing campaign that evades typical detection methods

The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email …

Android
Android n-day bugs pose zero-day threat

In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days …

Stremio
CyFox disclose Stremio vulnerability, developers don’t agree on findings

UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …

Ivanti
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …

Barracuda
New persistent backdoor used in attacks on Barracuda ESG appliances

The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools