![China](https://img.helpnetsecurity.com/wp-content/uploads/2024/07/09132937/china-400x200.webp)
Chinese APT40 group swifly leverages public PoC exploits
Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …
![AI](https://img.helpnetsecurity.com/wp-content/uploads/2024/03/07095552/ai-artificial_intelligence-1500-400x200.webp)
Unpacking CISA’s AI guidelines
CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both …
![Check Point](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/31132654/check-point-1500-400x200.webp)
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …
![healthcare](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/22171106/healthcare-1500-400x200.webp)
HHS pledges $50M for autonomous vulnerability management solution for hospitals
As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific …
![social engineering](https://img.helpnetsecurity.com/wp-content/uploads/2023/09/06130307/social_engineering-400x200.jpg)
Black Basta target orgs with new social engineering campaign
Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access …
![vulnerability](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12090833/vulnerability-bug-400x200.jpg)
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed …
![CVE](https://img.helpnetsecurity.com/wp-content/uploads/2024/02/23122922/cve-1400-400x200.jpg)
CISA starts CVE “vulnrichment” program
The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created …
![Cisco](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12084248/cisco-neon1-400x200.jpg)
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day …
![Protobom](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/17075010/protobom-1500-400x200.png)
Protobom: Open-source software supply chain tool
Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and …
![open source](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/16103725/open-source_1500-400x200.webp)
New open-source project takeover attacks spotted, stymied
The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils …
![Sisense](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/11084130/sisense-1500-400x200.webp)
CISA warns about Sisense data breach
Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure …
![Patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2024/03/12195711/patch_tuesday_2024-400x200.webp)
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked …
Featured news
Sponsored
Don't miss
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD
- Realm: Open-source adversary emulation framework
- Discover the growing threats to data security
- Encrypted traffic: A double-edged sword for network defenders