
Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last …

North Korean IT workers are extorting employers, FBI warns
The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage …

Nearly half of CISOs now report to CEOs, showing their rising influence
The CISO’s rise to the C-suite comes with more engagement with the boardroom, an audience with the CEO, and the power to make strategic decisions for the business, …

GUI frontends for GnuPG, the free implementation of the OpenPGP standard
GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and …

Deepfakes force a new era in fraud detection, identity verification
The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula. With …

New infosec products of the week: January 24, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems. Lookout Mobile …

Juniper enterprise routers backdoored via “magic packet” malware
A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the …

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) …

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly …

Defense strategies to counter escalating hybrid attacks
In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and …

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning
The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian …

CISOs are juggling security, responsibility, and burnout
This article gathers excerpts from multiple reports, presenting statistics and insights that may be valuable for CISOs, helping them with informed decision-making, risk …
Featured news
Resources
Don't miss
- It’s time to secure the extended digital supply chain
- SysReptor: Open-source penetration testing reporting platform
- Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
- 8Base ransomware group leaders arrested, leak site seized
- Apple fixes zero-day flaw exploited in “extremely sophisticated” attack (CVE-2025-24200)