89% of AI-powered APIs rely on insecure authentication mechanisms
APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, …
How to use Hide My Email to protect your inbox from spam
Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward …
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, …
DeepSeek’s popularity exploited by malware peddlers, scammers
As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of …
How Lazarus Group built a cyber espionage empire
Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite …
Preparing financial institutions for the next generation of cyber threats
In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the …
Cybersecurity crisis in numbers
The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, …
Only 13% of organizations fully recover data after a ransomware attack
Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of …
Europeans targeted with new Tor-using backdoor and infostealers
A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that …
Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)
Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use …
BloodyAD: Open-source Active Directory privilege escalation framework
BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege …
74% of CISOs are increasing crisis simulation budgets
In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their …
Featured news
Resources
Don't miss
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324)
- Threat actors are scanning your environment, even if you’re not
- GoSearch: Open-source OSINT tool for uncovering digital footprints
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
- Top must-visit companies at RSAC 2025