Zeljka Zorz
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
What’s stopping consumers from acting on a data breach notice?
Only three percent of consumers implemented a credit freeze after receiving a data breach notice, 11 percent enrolled in credit/data monitoring, and only 22 percent changed …
Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Emotet stages a comeback via Trickbot and spam
Emotet is back – a number of researchers have confirmed. About Emotet Emotet is a modular banking trojan that also functions as a downloader of other trojans and …
The latest trends in online cybersecurity learning and training
In this interview with Help Net Security, Mike Hendrickson, VP of Technology & Developer Solutions at educational technology company Skillsoft, talks about the trends in …
How to achieve permanent server hardening through automation
Information security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber …
Critical RCE in Palo Alto Networks (PAN) firewalls revealed, patch ASAP! (CVE-2021-3064)
The existence of a critical RCE vulnerability (CVE-2021-3064) affecting certain versions of Palo Alto Networks (PAN) firewalls using the GlobalProtect Portal VPN has been …
Vulnerabilities in Nucleus NET TCP/IP stack could lead to real-world damage
Researchers have unearthed 13 vulnerabilities affecting the Nucleus NET TCP/IP stack and have demonstrated how attackers could exploit them to cause serious real-world damage. …
Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, …
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
Rooting malware discovered on Google Play, Samsung Galaxy Store
Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. …
Featured news
Resources
Don't miss
- Banshee Stealer variant targets Russian-speaking macOS users
- Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
- GitLab CISO on proactive monitoring and metrics for DevSecOps success
- Sara: Open-source RouterOS security inspector
- Cybersecurity in 2025: Global conflict, grown-up AI, and the wisdom of the crowd