7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) being exploited by …
Exam prep hacked: Study tips and tricks that really work
Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your …
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time. About CVE-2025-58034 …
Threat group reroutes software updates through hacked network gear
Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked …
The long conversations that reveal how scammers work
Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the …
Metis: Open-source, AI-driven tool for deep security code review
Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often …
How to cut security tool sprawl without losing control
In this Help Net Security video, Jon Taylor, Director and Principal of Security at Versa Networks, talks about how organizations can deal with security tool sprawl. He …
Product showcase: Proton Pass, a password manager with identity protection
Managing passwords can be a real headache, and it’s still common to fall back on reusing them or storing them in a browser without much protection. Proton Pass, built by the …
Internet slowly recovers after far-reaching Cloudflare outage
A currently undisclosed issue has crippled Cloudflare’s network and has rendered a large swathe of internet’s most popular sites and services temporily …
Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG). About …
What security pros should know about insurance coverage for AI chatbot wiretapping claims
AI-powered chatbots raise profound concerns under federal and state wiretapping and eavesdropping statutes that is being tested by recent litigation, creating greater exposure …
How attackers use patience to push past AI guardrails
Most CISOs already assume that prompt injection is a known risk. What may come as a surprise is how quickly those risks grow once an attacker is allowed to stay in the …
Featured news
Resources
Don't miss
- 7-Zip vulnerability is being actively exploited, NHS England warns (CVE-2025-11001)
- Exam prep hacked: Study tips and tricks that really work
- Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
- Threat group reroutes software updates through hacked network gear
- The long conversations that reveal how scammers work