
Critical CrushFTP vulnerability exploited. Have you been targeted? (CVE-2025-54309)
Unknown attackers have exploited a vulnerability (CVE-2025‑54309) in the CrushFTP enterprise file-transfer server solution to gain administrative access to vulnerable …

How to land your first job in cybersecurity
According to LinkedIn, job applications have surged over 45% in the past year, with 11,000 applications submitted every minute. This flood of applications is making it harder …

World Health Organization CISO on securing global health emergencies
In this Help Net Security interview, Flavio Aggio, CISO at the World Health Organization (WHO), explains how the organization prepares for and responds to cyber threats during …

Calico: Open-source solution for Kubernetes networking, security, and observability
Calico is an open-source unified platform that brings together networking, security, and observability for Kubernetes, whether you’re running in the cloud, on-premises, …

Cyber turbulence ahead as airlines strap in for a security crisis
Aircraft systems are getting more connected and ground operations increasingly integrated, and attackers are taking notice. They’re shifting from minor disruptions to …

Are your employees using Chinese GenAI tools at work?
Nearly one in 12 employees are using Chinese-developed generative AI tools at work, and they’re exposing sensitive data in the process. That’s according to new research …

Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770)
This is a developing story, new update here: Microsoft pins on-prem SharePoint attacks on Chinese threat actors Attackers are exploiting a zero-day variant (CVE-2025-53770) of …

Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For …

Why we must go beyond tooling and CVEs to illuminate security blind spots
In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an …

Making security and development co-owners of DevSecOps
In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale. …

AI adoption is booming but secure scaling not so much
96% of organizations are deploying AI models, and virtually no organization can move into the future without considering how ML and intelligent apps might soon affect its …

Buy Now, Pay Later… with your data
Buy Now, Pay Later (BNPL) apps are everywhere these days. Whether you’re buying sneakers or groceries, chances are you’ve seen the option to split your payments over time. …
Featured news
Resources
Don't miss
- Digital sovereignty becomes a matter of resilience for Europe
- Storm-2603 spotted deploying ransomware on exploited SharePoint servers
- CISO New York 2025 brings together top cybersecurity leaders
- Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
- Autoswagger: Open-source tool to expose hidden API authorization flaws