Industry regulations and standards are driving OT security priorities
When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. In Claroty’s previous survey …
Guide: Application security posture management deep dive
Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm …
December 2023 Patch Tuesday: 33 fixes to wind the year down
Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D …
Recruiters, beware of cybercrooks posing as job applicants!
Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of …
“Pool Party” process injection techniques evade EDRs
SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool …
Many popular websites still cling to password creation policies from 1985
A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. …
eIDAS: EU’s internet reforms will undermine a decade of advances in online security
The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave …
Balancing AI advantages and risks in cybersecurity strategies
In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity …
Nemesis: Open-source offensive data enrichment and analytic pipeline
Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration …
WhatsApp, Slack, Teams, and other messaging platforms face constant security risks
42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. …
Why are IT professionals not automating?
As an IT professional, you understand the value of automation, and like many IT experts, you may approach it with a mix of excitement and apprehension. Automation is a …
Featured news
Resources
Don't miss
- RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
- Exploited: Vulnerability in software for managing Samsung digital displays (CVE-2024-7399)
- What a future without CVEs means for cyber defense
- What it really takes to build a resilient cyber program
- How cybercriminals exploit psychological triggers in social engineering attacks