Inside MITRE ATT&CK v17: Smarter defenses, sharper threat intel
In this Help Net Security video, Adam Pennington, MITRE ATT&CK Lead, breaks down what’s new in the ATT&CK v17 release. He highlights the addition of the ESXi …
Week in review: Microsoft patches 5 actively exploited 0-days, recently fixed Chrome vulnerability exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Patch Tuesday: Microsoft fixes 5 actively exploited zero-days On May 2025 …
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)
A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known …
Deepfake attacks could cost you more than money
In this Help Net Security interview, Camellia Chan, CEO at X-PHY, discusses the dangers of deepfakes in real-world incidents, including their use in financial fraud and …
Polymorphic phishing attacks flood inboxes
AI is transforming the phishing threat landscape at a pace many security teams are struggling to match, according to Cofense. In 2024, researchers tracked one malicious email …
Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed
The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps …
How working in a stressful environment affects cybersecurity
Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and …
New infosec products of the week: May 16, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Hunted Labs, McAfee, Obsidian Security, PentestPad, Resecurity, and SecuX. …
Coinbase suffers data breach, gets extorted (but won’t pay)
Cryptocurrency exchange platform Coinbase has suffered a breach, which resulted in attackers acquiring customers’ data that can help them mount social engineering …
Samsung patches MagicINFO 9 Server vulnerability exploited by attackers
Companies running Samsung MagicINFO, a platform for managing content on Samsung commercial digital displays, should upgrade to the latest available version of its v9 branch to …
Russia-linked hackers target webmail servers in Ukraine-related espionage operation
ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned …
Building cybersecurity culture in science-driven organizations
In this Help Net Security interview, Anne Sofie Roed Rasmussen, CISO at Novonesis, discusses how a science-driven organization approaches cybersecurity, aligning innovation …
Featured news
Resources
Don't miss
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)
- RIFT: New open-source tool from Microsoft helps analyze Rust malware