Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Ivanti …
Job-seeking devs targeted with fake CrowdStrike offer via email
Cryptojackers are impersonating Crowdstrike via email to get developers to unwittingly install the XMRig cryptocurrency miner on their Windows PC, the company has warned. The …
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
January 2025 Patch Tuesday is now live: Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Welcome to 2025 and a new year of patch excitement! In my December …
The SBI fake banking app shows that SMS authentication has had its day
As a company fortunate enough to have and maintain our own pentesting team, we often do outreach with other organizations to assist with or provide our expertise in offensive …
Preventing the next ransomware attack with help from AI
In this Help Net Security interview, Dr. Darren Williams, CEO at BlackFog, talks about how employee training plays a crucial role in preventing ransomware attacks. He points …
New infosec products of the week: January 10, 2025
Here’s a look at the most interesting products from the past week, featuring releases from BioConnect, BreachLock, McAfee, Netgear, and Swimlane. NETGEAR Armor, powered by …
Banshee Stealer variant targets Russian-speaking macOS users
The Banshee Stealer is a stealthy threat to the rising number of macOS users around the world, including those in Russian-speaking countries, according to Check Point …
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant …
Wireshark 4.4.3 released: Updated protocol support, bug fixes
Wireshark, the popular network protocol analyzer, has reached version 4.4.3. Wireshark offers deep inspection across hundreds of protocols, live and offline analysis, and …
The ongoing evolution of the CIS Critical Security Controls
For decades, the CIS Critical Security Controls (CIS Controls) have simplified enterprises’ efforts to strengthen their cybersecurity posture by prescribing prioritized …
GitLab CISO on proactive monitoring and metrics for DevSecOps success
In this Help Net Security interview, Josh Lemos, CISO at GitLab, talks about the shift from DevOps to DevSecOps, focusing on the complexity of building systems and integrating …
Sara: Open-source RouterOS security inspector
Sara is an open-source tool designed to analyze RouterOS configurations and identify security vulnerabilities on MikroTik hardware. Sara’s main feature is using regular …