August 2025 - Help Net Security
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch National Cyber Security Center (NCSC NL) has warned on Friday. Their alert seems to be based on a report by SecurityBridge’s Threat Research Labs, who professedly verified that the exploit for the flaw is being used in the wild. About CVE-2025-42957 CVE-2025-42957 is a code injection vulnerability affecting SAP S/4HANA’s functi...| Help Net Security
AI agents can be tricked into covertly performing malicious actions by websites that are hidden from regular users’ view, JFrog AI architect Shaked Zychlinski has found. This novel approach allows attackers to inject prompts / instructions into these autonomous AI-powered “assistants”, allowing them to hijack agent behavior for their own malicious goals. Indirect prompt-injection poisoning attacks where hidden harmful instructions are embedded inside the same page the human visitor sees...| Help Net Security
DigitalOcean has announced support for Single Sign-On. This integration is designed to provide digital native businesses with secure authentication to their DigitalOcean accounts. DigitalOcean Single Sign-On (SSO) helps to centralize user access and makes user onboarding and offboarding seamless. It’s built on the industry-standard OpenID Connect (OIDC) protocol, ensuring secure and reliable authentication. SSO connects your existing Identity Provider (IdP) to DigitalOcean, starting with Ok...| Help Net Security
Hirsch released Velocity 3.9, the latest advancement in its security management platform. Purpose-built for organizations that demand trust, compliance, and operational efficiency, Velocity 3.9 helps leaders safeguard people, assets, and data while simplifying operations at scale. Built for business impact Executives face a dual challenge: defending against threats while reducing complexity and cost. Velocity 3.9 addresses both with innovations that make security an enabler of resilience and ...| Help Net Security
We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE designator and associated parameters. It’s these parameters, type, severity, publicly disclosed, known exploited, CVSS, etc. that are used to determine the risk to our network and computing assets, and ultimately the priority to apply the security ...| Help Net Security
Online shopping is convenient, saves time, and everything is just a click away. But how often do we stop to think about what happens to the data we leave behind, or the risks that might come with it? Where shopping data goes Retailers often store purchase histories, addresses, and account details for years, sometimes longer, unless legal requirements or customer requests mandate deletion. They may also share customer information with third-party companies for marketing or … More → The pos...| Help Net Security
Breaches tied to file access are happening often, and the costs add up quickly. Many organizations have faced multiple file-related incidents over the last two years, with financial losses stretching into the millions. The fallout often includes stolen customer data, reduced productivity, and exposure of intellectual property. A new study from Ponemon Institute shows that data leakage from insiders is a huge threat. Both negligence and malicious intent drive this risk, leaving organizations e...| Help Net Security
In this Help Net Security video, Jill Knesek, CISO at BlackLine, shares practical strategies for CISOs navigating tighter budgets. From maximizing existing tools and vendor partnerships to leveraging AI and making smart investments, she offers actionable advice for maintaining strong security without overspending. Learn more: eBay CISO on managing long-term cybersecurity planning and ROI How CISOs can talk cybersecurity so it makes sense to executives Smart cybersecurity spending and how CISO...| Help Net Security
Consumers are concerned about vulnerabilities in their vehicles, which directly impacts purchasing behavior and brand loyalty, according to RunSafe Security. Vehicles now run on over 100 million lines of code, which is more than most fighter jets, but they often lack the cybersecurity measures needed to keep them safe. These innovations bring plenty of convenience, from over-the-air (OTA) updates to smartphone integration, but they also create new opportunities for cybercriminals to exploit. ...| Help Net Security
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed and no user interaction required.” The exploited vulnerabilities CVE-2025-48543 affects the Android Runtime – the applica...| Help Net Security
Everfox launched High Speed Verifier-Turnkey (HSV-T). This hardware-enforced secure data transfer solution enhances digital collaboration and interoperability between allied nations, safeguarding mission-critical data transfers from high threat networks. Designed for tactical field deployments, HSV-T offers customizable, built-in threat removal capabilities that protect data flows between classified and unclassified networks for government, defense and intelligence systems without compromisin...| Help Net Security
Veeam Software announced its fully pre-built, pre-harden ed software appliance: the new Veeam Software Appliance. Built to give IT teams instant protection without complexity, the appliance eliminates the friction of manual setup, OS patching, and Windows licensing. Delivered as a bootable ISO or virtual appliance, it runs on a hardened, Veeam-managed Linux OS, giving customers a secure, always-up-to-date foundation. Unlike rigid hardware appliances, Veeam’s new solution is hardware-agnosti...| Help Net Security
Cloudflare has also been affected by the Salesloft Drift breach, the US web infrastructure and security company confirmed on Tuesday, and the attackers got their hands on 104 Cloudflare API tokens. “We have identified no suspicious activity associated with those tokens, but all of these have been rotated in an abundance of caution,” Sourov Zaman (Head of Security Response), Craig Strubhart (Senior Director of Threat Detection and Response), and Grant Bourzikas (Chief Information Security ...| Help Net Security
Nucleus Security introduced Nucleus Insights, AI-powered threat intelligence built to solve one of the most painful problems in vulnerability management: knowing which CVEs matter and why. Unlike traditional threat intelligence feeds made for SOCs and CTI teams, Nucleus Insights is built to automate and scale the day-to-day decisions vulnerability teams make. “Security leaders don’t need more tools; they need the right signal inside the workflows their teams already use,” said Steve Car...| Help Net Security
BruteForceAI is a penetration testing tool that uses LLMs to improve the way brute-force attacks are carried out. Instead of relying on manual setup, the tool can analyze HTML content, detect login form selectors, and prepare the attack process automatically. It is built to mimic realistic human behavior while running multi-threaded attacks, which makes testing more effective and accurate. How BruteForceAI works The process starts with the AI analyzing the page to identify login fields. … M...| Help Net Security
Many people might not think that playing video games could help build a career in cybersecurity. Yet the skills gained through gaming, even if they don’t seem relevant at first, can be useful in the field. An overlooked pool of skills worth exploring There are more than 3 billion gamers worldwide, representing a large group of people companies could recruit for cybersecurity roles. Organizations facing critical or hard-to-fill positions might benefit from exploring this talent. … More →...| Help Net Security
In today’s complex threat environment, the challenge for security professionals isn’t just defeating threats, it’s finding your vulnerabilities in the first place. That’s where External Attack Surface Management (EASM) tools come in. EASM can identify the many weaknesses that attackers use to target your organization. Effective solutions provide crucial information on the vulnerabilities of organizational assets and cloud services that are visible in the public domain. In practice, EA...| Help Net Security
In this Help Net Security video, Brendon Collins, Principal Consultant at Optiv, explores how organizations can embed security and privacy into the software development lifecycle (SDLC) from the very start. He outlines five proactive principles, including default-deny architecture, privacy in the definition of done, privacy threat modeling, infrastructure-as-code scanning, and CI/CD security gates, showing how teams can innovate quickly while reducing risk and protecting users. The goal is to...| Help Net Security
AI is moving into security operations, but CISOs are approaching it with a mix of optimism and realism. A new report from Arctic Wolf shows that most organizations are exploring or adopting AI-driven tools, yet many still see risks that need management. Adoption trends The report found that 73 percent of organizations have already introduced some form of AI into their cybersecurity programs. Financial services leads adoption, with more than 80 percent using AI, while … More → The post AI ...| Help Net Security
In the wake of last week’s revelation of a breach at Salesloft by a group tracked by Google as UNC6395, several companies – including Zscaler, Palo Alto Networks, PagerDuty, Tanium, and SpyCloud – have confirmed their Salesforce instances were accessed. The companies noted that attackers had only limited access to Salesforce databases, not to other systems or resources. They warned, however, that the stolen customer data could be used for convincing phishing and social engineering … M...| Help Net Security
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms| Help Net Security
ScamAgent study reveals how AI agents simulate scam calls, bypass safety guardrails, adapt across conversations, exploit text-to-speech.| Help Net Security
Cybersecurity news with a focus on enterprise security. Discover what matters in the world of information security today.| Help Net Security
This video discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers.| Help Net Security
Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report.| Help Net Security
The Chief AI Officer’s Handbook is a comprehensive resource for professionals navigating AI implementation and strategy. It is particularly valuable for| Help Net Security
Chris Denbigh-White discusses how AI and emerging technologies pose new GDPR challenges, requiring a balance of deployment and legality.| Help Net Security
Shadow AI includes AI products and platforms used within your organization without department knowledge, posing risks.| Help Net Security
As the AI threat landscape evolves daily, certain LLM vulnerabilities pose significant risks to enterprise operations.| Help Net Security
Adversaries can intentionally mislead or "poison" AI systems, causing them to malfunction, and developers have yet to find an infallible defense against| Help Net Security
AI security researchers have designed a technique that can speedily jailbreak large language models (LLMs) in an automated fashion.| Help Net Security
Businesses have a growing need for greater relevance in the intelligence they use to inform critical decision-making.| Help Net Security
As businesses adopt AI-enabled interfaces, ransomware actors use them to expand, increase profits, and enhance successful attacks.| Help Net Security
85% of phishing emails utilized malicious links in the content of the email, and spam emails increased by 30% from Q1 to Q2 2023.| Help Net Security
The emergence of new AI technology and large language models have made it easier for cybercriminals to generate phishing campaigns.| Help Net Security
The top 50 most impersonated brands by phishing URLs come from finance, tech, and telecom industries, providing valuable access to attackers.| Help Net Security
Virtual patching is a security technique that uses rules on WAF to block known vulnerabilities in an app or system without modifying code.| Help Net Security
Security issues in the cloud can be avoided. By employing the necessary systems at the same time as cloud adoption, enterprises can reap the benefits.| Help Net Security
Matter 1.4.2 strengthens the standard by adding improvements in security, certification, infrastructure.| Help Net Security
Why privacy in blockchain must start with open source| Help Net Security
Researchers have witnessed an increase in ransomware attacks occurring when criminals know IT staff won’t be around, mostly night time.| Help Net Security
Companies must expand their “assume breach” mindset to prepare for multiple and even simultaneous attacks.| Help Net Security
Major regional and global events – such as military exercises, political or economic summits, and elections – drove cyber threat activities.| Help Net Security
Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts| Help Net Security
In this Help Net Security video, Michael Crandell, CEO of Bitwarden, discusses the future of passwords and authentication.| Help Net Security
Security awareness goes by other names: security culture, training, education, etc. But they are all involve managing human risk.| Help Net Security
Organizations should consider three-factor authentication (3FA), but the new device can't be used to authenticate from a foreign device.| Help Net Security
In this video for Help Net Security, Dan Lohrmann talks about MFA and how everyone should consider it to protect their identity and accounts.| Help Net Security
Keyavi Data issued a set of best practices for keeping personal and business data out of criminal hands using MFA.| Help Net Security
Selfie spoofing entails taking a picture of an image from a screen, from a piece of paper or even of a headshot on an identity document.| Help Net Security
Learn more about AI data regulations, their implications for public and private sectors, and their role in shaping future privacy practices.| Help Net Security
Companies are struggling to get visibility into the operations of their AI programs, potentially reducing productivity while creating risks.| Help Net Security
In this video, Peter Violaris, Head of Legal, Compliance and Risk for OCR Labs, discusses generative AI’s impact on identity verification.| Help Net Security
In this Help Net Security video, Bogdan Botezatu discusses the growing trend of celebrity audio deepfakes.| Help Net Security
In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%, according to Cofense.| Help Net Security
There has been a 44% increase in organized ID fraud in North America. This upsurge is believed to be driven by the ongoing economic recovery.| Help Net Security
AI advancements give malicious groups access to tools that will allow them to create more elaborate social engineering attacks in the future.| Help Net Security
A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released.| Help Net Security
Organizations face increased vulnerability to cyber-attacks due to a longer timeframe for addressing low employee cybersecurity awareness.| Help Net Security
In this video, Adam Marrè explains how state and local governments must focus on cybersecurity as the 2024 election approaches in the US.| Help Net Security
AI, post-quantum cryptography, zero trust, and ongoing cryptography research will shape cybersecurity strategies in the present and for 2024.| Help Net Security
The 2023 Verizon DBIR has confirmed FBI's findings: BEC scammers are ramping up their social engineering efforts to great success.| Help Net Security
Infostealer malware remains widely available to buy through underground forums, while Russian Market remains the top seller.| Help Net Security
Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site| Help Net Security
Most organizations reported that they have cybersecurity workforce shortages to prevent and troubleshoot security issues.| Help Net Security
SOC teams identified three clear challenges they face each day: too much data; too many tedious tasks; and, too many reporting requirements.| Help Net Security
Across all BEC attacks seen over the past year, 57% relied on language as the main attack vector to get BEC attacks in front of employees.| Help Net Security
Incognia raises $31 million to help organizations combat fraud| Help Net Security
Phishing attacks using open redirect flaws have increased again, orgs should consider refreshing employees' knowledge on how to spot them.| Help Net Security
A phishing campaign using QR codes has been detected targeting various industries to acquire Microsoft credentials.| Help Net Security
QR scan scams trick users into scanning QR codes from their PCs using their mobile devices to take advantage of weaker phishing protection.| Help Net Security
Ivanti research finds 83% of respondents used QR codes to process payments in the last year, but many are unaware of the risks.| Help Net Security
Ukraine’s top security official to keynote IRISSCON 2023 conference| Help Net Security
CEOs cite generative AI adoption as being critical to success. 40% of CEOs plan to hire additional staff because of generative AI.| Help Net Security
The rise of AI complicates the CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity.| Help Net Security
GenAI provides organizations with new opportunities to streamline processes, boost productivity, and reduce staff burnout.| Help Net Security
Disruptive technologies like AI are heightening the longstanding tension between organizational security and employee productivity.| Help Net Security
AI integration into cybersecurity is not just a concept but also a practical reality for many, according to CSA and Google Cloud.| Help Net Security
Data loss from insiders continues to pose a threat to security, with emerging technologies such as AI and GenAI only compounding the issue.| Help Net Security
Organizations see GenAI as a fundamentally different technology with novel challenges to consider, and many are banning it.| Help Net Security
To achieve the full potential of AI, organizations must reinvent work, reshape the workforce and prepare workers, according to Accenture.| Help Net Security
With growing AI app usage, employees are more likely to expose sensitive data like credentials or personal information.| Help Net Security
In this article, you will find excerpts from various reports that offer statistics and insights about the current phishing landscape.| Help Net Security
Businesses reported a growth in synthetic identity fraud, while biometric spoofs and counterfeit ID fraud attempts also increased.| Help Net Security
In late 2022, OpenAI's GPT-3.5 series announcement captured the world’s attention and triggered a surge of investment in generative AI.| Help Net Security
This Help Net Security video brings attention to what deepfakes are, how to spot them, and what steps you can take to protect yourself.| Help Net Security
Excerpts from DDoS attack surveys conducted in 2023 will provide your organization with statistics to bolster its cybersecurity strategy.| Help Net Security
There has been an increase in the volume of DDoS attacks over the last two years, and in H1 of 2023, we see a capacity of about 800 Gbps.| Help Net Security
CrowdStrike outlines the causes of the recent massive IT outage, hires outside security vendors to review security and QA of its sensor code.| Help Net Security
Digitalization has evolved into a systemic risk for organizations, so cyber insurance needs to better prepare them to manage it.| Help Net Security
CDK Global, a SaaS provider for car dealers and auto equipment manufacturers, has suffered a disruptive cyberattack.| Help Net Security
This article includes excerpts from various reports that offer statistics and insights into the current cyber threat landscape.| Help Net Security
Learn what C-suite can expect from SEC's cyber disclosure rules in 6-12 months based on feedback, effectiveness, and peer guidance.| Help Net Security
In this Help Net Security video round-up, security experts discuss various aspects of identity verification and security.| Help Net Security
No matter the method of intrusion, business leaders face higher stakes, as most ransomware attacks involve data exfiltration.| Help Net Security
In this Help Net Security interview, Eric Demers, CEO of Madaket Health, discusses healthcare cyber resilience, and the prevalent threats.| Help Net Security
Lockbit 3.0 is currently the most active ransomware group, but new ransomware groups like 8Base and Akira are rising in prominence.| Help Net Security
Cyber insurance policy requirements are shifting targets, and even with robust coverage, there's no guarantee all incidents are covered.| Help Net Security
