New infosec products of the week: May 9, 2025
Here’s a look at the most interesting products from the past week, featuring releases from ProcessUnity, Searchlight Cyber, ServiceNow, and Verosint. ServiceNow unveils AI …
The many variants of the ClickFix social engineering tactic
As new malware delivery campaigns using the ClickFix social engineering tactic are spotted nearly every month, it’s interesting to see how the various attackers are …
Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)
SonicWall has fixed multiple vulnerabilities affecting its SMA100 Series devices, one of which (CVE-2025-32819) appears to be a patch bypass for an arbitrary file delete …
Cisco’s new chip wants to scale quantum computing faster
Cisco is making significant strides in quantum computing by focusing on quantum networking, aiming to bring practical applications closer to reality. The company recently …
How agentic AI and non-human identities are transforming cybersecurity
Within the average enterprise, non-human identities (NHIs) now outnumber employees, contractors, and customers by anything between 10-to-1 and 92-to-1. Add to this the …
Even the best safeguards can’t stop LLMs from being fooled
In this Help Net Security interview, Michael Pound, Associate Professor at the University of Nottingham shares his insights on the cybersecurity risks associated with LLMs. He …
Wave of tech layoffs leads to more job scams
The tech industry is experiencing significant layoffs, leaving thousands of IT and cybersecurity professionals in search of new employment opportunities. Unfortunately, as …
Global cybersecurity readiness remains critically low
Only 4% of organizations worldwide have achieved the ‘mature’ level of readiness required to withstand cybersecurity threats, according to Cisco’s 2025 …
Healthcare workers regularly upload sensitive data to GenAI, cloud accounts
Healthcare organizations are facing a growing data security challenge from within, according to a new report from Netskope Threat Labs. The analysis reveals that employees in …
PoC exploit for SysAid pre-auth RCE released, upgrade quickly!
WatchTowr researchers have released a proof-of-concept (PoC) exploit that chains two vulnerabilities in SysAid On-Prem – the self-hosted version of the platform behind …
Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted …
Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable
A new report from bot defense firm Kasada has exposed the growing threat of ALTSRUS, a fraud syndicate targeting some of the most vulnerable corners of the digital economy. …
Featured news
Resources
Don't miss
- Roundcube RCE: Dark web activity signals imminent attacks (CVE-2025-49113)
- Balancing cybersecurity and client experience for high-net-worth clients
- CISOs, are you ready for cyber threats in biotech?
- fiddleitm: Open-source mitmproxy add-on identifies malicious web traffic
- Millions of Android devices roped into Badbox 2.0 botnet. Is yours among them?