Patient monitors with backdoor are sending info to China, CISA warns
Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a …
Deploying AI at the edge: The security trade-offs and how to manage them
Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could …
Platformization is key to reduce cybersecurity complexity
Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo …
Nine out of ten emails are spam
Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys …
Infosec products of the month: January 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, …
Cybercrime forums Cracked and Nulled seized, operators arrested
Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in …
SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs
Attackers may have exploited vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the …
Zscaler CISO on balancing security and user convenience in hybrid work environments
In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses …
ExtensionHound: Open-source tool for Chrome extension DNS forensics
Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. …
89% of AI-powered APIs rely on insecure authentication mechanisms
APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, …
How to use Hide My Email to protect your inbox from spam
Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward …
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, …
Featured news
Resources
Don't miss
- Building trust in AI: How to keep humans in control of cybersecurity
- Researchers expose large-scale YouTube malware distribution network
- Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
- Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
- Faster LLM tool routing comes with new security considerations