Storm-2603 spotted deploying ransomware on exploited SharePoint servers
One of the groups that, in the past few weeks, has been exploiting vulnerabilities in on-prem SharePoint installation has been observed deploying Warlock ransomware, Microsoft …
Sonicwall fixes critical flaw in SMA appliances, urges customers to check for compromise (CVE-2025-40599)
Sonicwall is asking customers running specific Secure Mobile Access (SMA) 100 Series devices to patch a newly uncovered vulnerability (CVE-2025-40599) as soon as possible. …
Autoswagger: Open-source tool to expose hidden API authorization flaws
Autoswagger is a free, open-source tool that scans OpenAPI-documented APIs for broken authorization vulnerabilities. These flaws are still common, even at large enterprises …
Why outsourcing cybersecurity is rising in the Adriatic region
In this Help Net Security interview, Aleksandar Stančin, Board Member Adriatics, Exclusive Networks, discusses the state of cybersecurity in the Adriatic region. He talks …
Your app is under attack every 3 minutes
Application-layer attacks have become one of the most common and consequential methods adversaries use to gain access and compromise organizations, according to Contrast …
Most data breaches have unknown causes as transparency continues to fall
The Identity Theft Resource Center (ITRC) reports 1,732 publicly disclosed data breaches in H1 2025, marking a 5% increase over the same period in 2024. The ITRC could track a …
Microsoft rolls out Windows 11 “quick recovery” feature
With the latest Windows 11 update, Microsoft is saying goodbye to the infamous “Blue Screen of Death” and has enabled the quick machine recovery feature by default …
Mastermind behind Russian-speaking cybercrime hub arrested in Ukraine
The suspected administrator of xss.is, one of the world’s most influential Russian-speaking cybercrime forums, was arrested in Kyiv, Ukraine, on 22 July. The takedown followed …
Maximum severity Cisco ISE vulnerabilities exploited by attackers
One or more vulnerabilities affecting Cisco Identity Services Engine (ISE) are being exploited in the wild, Cisco has confirmed by updating the security advisory for the …
Phishing campaign targets U.S. Department of Education’s G5 portal
A new phishing campaign is targeting users of the U.S. Department of Education’s G5 portal, a site used by educational institutions and vendors to manage grants and federal …
Cervantes: Open-source, collaborative platform for pentesters and red teams
Cervantes is an open-source collaborative platform built for pentesters and red teams. It offers a centralized workspace to manage projects, clients, vulnerabilities, and …
Phishing simulations: What works and what doesn’t
Phishing is one of the oldest and most effective technique used by cybercriminals. No one is immune to them, not even internet security experts, as seen in the case of Troy …
Featured news
Resources
Don't miss
- A new approach to blockchain spam: Local reputation over global rules
- SAP zero-day wake-up call: Why ERP systems need a unified defense
- “Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
- When trusted AI connections turn hostile
- Identifying risky candidates: Practical steps for security leaders