Compromised Linux SSH servers engage in DDoS attacks, cryptomining
Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the …
Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)
Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 …
ChatGPT and data protection laws: Compliance challenges for businesses
In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that …
10 open-source recon tools worth your time
Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten …
Demand for STEM training skyrockets
The rapid pace of globalization, digital transformation, and AI advancements have created a renewed demand for digital and human skills among US learners, according to …
A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)
Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web …
Microsoft confirms DDoS attacks against M365, Azure Portal
The Microsoft 365 and Azure Portal outages users experienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against …
Three cybersecurity actions that make a difference
Organizations that closely align their cybersecurity programs to business objectives are 18% more likely to achieve target revenue growth and market share and improve customer …
Untangling the web of supply chain security with Tony Turner
Decades ago, Tony Turner, CEO of Opswright and author of Software Transparency: Supply Chain Security in an Era of a Software-Driven Society, faced an SQL Slammer worm. Having …
Week in review: Fortinet patches pre-auth RCE, Switzerland under cyberattack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building a culture of security awareness in healthcare begins with leadership …
Photos: BSidesLjubljana 0x7E7
BSidesLjubljana 0x7E7 is taking place today at the Computer History Museum, and Help Net Security is on site. Here’s a look at the event featuring Solar Designer …
New infosec products of the week: June 16, 2023
Here’s a look at the most interesting products from the past week, featuring releases from NETSCOUT, Okta, Quantinuum, Seceon, and Zilla Security. Okta Device Access enables …
Featured news
Resources
Don't miss
- CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
- Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
- Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
- Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
- Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)