Automated Emulation: Open-source breach and attack simulation lab
Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs …
CISOs’ role in identifying tech components and managing supply chains
In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains …
45% of critical CVEs left unpatched in 2023
Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs …
PoC for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers …
The effect of omission bias on vulnerability management
Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has …
10 USA cybersecurity conferences you should visit in 2024
Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with …
Prioritizing CIS Controls for effective cybersecurity across organizations
In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations …
Organizations invest more in data protection but recover less
92% of organizations will increase 2024 data protection spend, to achieve cyber resilience amidst continued threats of ransomware and cyberattacks, according to Veeam …
Software supply chain attacks are getting easier
ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an …
Whitepaper: MFA misconceptions
While a valuable tool in the cybersecurity toolkit, MFA is not immune to weaknesses. Read the “MFA Misconceptions” whitepaper to understand its limitations and how …
Apple debuts new feature to frustrate iPhone thieves
Besides fixing an actively exploited zero-day vulnerability, the latest update for the iOS 17 branch offers a new feature to help you protect your accounts and sensitive …
Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)
Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type …
Featured news
Resources
Don't miss
- Google agrees to pay $135 million over Android data harvesting claims
- SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
- Open-source malware zeroes in on developer environments
- Hottest cybersecurity open-source tools of the month: January 2026
- A practical take on cyber resilience for CISOs