SolarWinds fixes critical Web Help Desk RCE vulnerability (CVE-2025-26399)
SolarWinds has fixed yet another unauthenticated remote code execution vulnerability (CVE-2025-26399) in Web Help Desk (WHD), its popular web-based IT ticketing and asset …
Libraesva ESG zero-day vulnerability exploited by attackers (CVE-2025-59689)
Suspected state-sponsored attackers have exploited a zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway (ESG), the Italian email security company …
€100M crypto scam busted: Five arrested in Europe-wide operation
A cross-border cryptocurrency scam has left investors across Europe with losses of more than €100 million. Authorities in several countries worked together to shut down the …
Kali Linux 2025.3 brings improved virtual machine tooling, 10 new tools
OffSec has released Kali Linux 2025.3, the most up-to-date version of its popular penetration testing and digital forensics platform. What’s new in Kali Linux 2025.3 Better …
Building a stronger SOC through AI augmentation
In this Help Net Security interview, Tim Bramble, Director of Threat Detection and Response at OpenText, discusses how SOC teams are gaining value from AI in detecting and …
APIs and hardware are under attack, and the numbers don’t look good
Attackers have a new favorite playground, and it’s not where many security teams are looking. According to fresh data from Bugcrowd, vulnerabilities in hardware and APIs are …
Nosey Parker: Open-source tool finds sensitive information in textual data and Git history
Nosey Parker is an open-source command-line tool that helps find secrets and sensitive information hidden in text files. It works like a specialized version of grep, focused …
Building AI responsibly from day one
In this Help Net Security video, David Hardoon, Global Head of AI Enablement at Standard Chartered, discusses the role of ethics and safety in AI development. He explains why …
A look inside 1,000 cyber range events and what they reveal about AppSec
Software powers almost every part of business, which means attackers have more chances than ever to exploit insecure code. A new report from CMD+CTRL Security looks at how …
After Shai-Hulud, GitHub tightens npm publishing security
Attackers are constantly finding ways to take over accounts and push malicious packages to the npm registry, the (GitHub-operated) online repository for JavaScript and Node.js …
U.S. Secret Service takes down network of devices threatening government officials
The U.S. Secret Service has broken up a network of electronic devices spread across the New York tristate area that officials say posed an imminent threat to national …
SonicWall adds rootkit removal capabilities to the SMA 100 series
SonicWall has released new firmware for its Secure Mobile Access (SMA) 100 series appliances, adding file-checking capabilities that help users remove known rootkit malware. …
Featured news
Resources
Don't miss
- OPNsense 26.1 brings updates to open-source firewall management
- WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
- CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
- Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
- Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)