Week in review: Microsoft patches exploited Windows CLFS 0-day, WinRAR MotW bypass flaw fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) …
Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices
A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected …
Why security culture is crypto’s strongest asset
In this Help Net Security interview, Norah Beers, CISO at Grayscale, discusses key security challenges in managing crypto assets, adversary tactics, private key management, …
Ransomware groups push negotiations to new levels of uncertainty
Ransomware attacks increased by nearly 20% in 2024, and the severity rose by 13%, according to At-Bay. The blast radius of ransomware continues to grow as businesses impacted …
Why remote work is a security minefield (and what you can do about it)
Remote work is seen as more than a temporary solution, it’s a long-term strategy for many organizations. Remote work cybersecurity challenges Unsecured networks: Workers …
iOS devices face twice the phishing attacks of Android
2024 brought about countless new cybersecurity challenges including significant growth of the mobile threat landscape, according to Lookout. Threat actors, ranging from …
New infosec products of the week: April 11, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Index Engines, Jit, RunSafe Security, and Seal Security. Jit launches AI …
Trump orders revocation of security clearances for Chris Krebs, SentinelOne
Update: April 17, 09:56 AM – Chris Krebs stepped away from his position at SentinelOne. US President Donald Trump has signed an Executive Order on Wednesday to revoke …
FortiSwitch vulnerability may give attackers control over vulnerable devices (CVE-2024-48887)
Fortinet has released patches for flaws affecting many of its products, among them a critical vulnerability (CVE-2024-48887) in its FortiSwitch appliances that could allow …
How to find out if your AI vendor is a security risk
One of the most pressing concerns with AI adoption is data leakage. Consider this: An employee logs into their favorite AI chatbot, pastes sensitive corporate data, and asks …
From likes to leaks: How social media presence impacts corporate security
From a psychological standpoint, we all crave attention, and likes and comments fuel that need, encouraging us to share even more on social media. In the corporate world, this …
Review: The Ultimate Kali Linux Book, Third Edition
Packed with real-world scenarios, hands-on techniques, and insights into widely used tools, the third edition of the bestselling Ultimate Kali Linux Book offers a practical …
Featured news
Resources
Don't miss
- Google agrees to pay $135 million over Android data harvesting claims
- SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
- Open-source malware zeroes in on developer environments
- Hottest cybersecurity open-source tools of the month: January 2026
- A practical take on cyber resilience for CISOs