30% of phishing threats involve newly registered domains
Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by …
Federal agencies gear up for zero trust executive order deadline
Federal agencies are prepared to meet the zero trust executive order requirements from the Biden Administration with just over a year until the deadline, according to …
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden …
Phishers use QR codes to target companies in various industries
A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major …
The road ahead for ecommerce fraud prevention
Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo …
Heavy workloads driving IT professionals to resign
A quarter of IT professionals are seriously contemplating leaving their current jobs within the next six months, potentially costing US companies upwards of 145 billion …
Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries
Findlargedir is a tool written to help quickly identify “black hole” directories on any filesystem having more than 100k entries in a single flat structure. When a …
LinkedIn users targeted in account hijacking campaign
LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing …
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …
Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer …
How CISOs break down complex security challenges
The role of the CISO has evolved into a critical position that encompasses many responsibilities aimed at safeguarding digital assets, preserving data integrity, and …
Passwordless is more than a buzzword among cybersecurity pros
Password security remains highly relevant even as cybersecurity strategies move toward a passwordless future. Of the 100 Black Hat USA 2023 attendees Delinea polled, 54% said …
Featured news
Resources
Don't miss
- Microsoft introduces protection against email bombing
- Sudo local privilege escalation vulnerabilities fixed (CVE-2025-32462, CVE-2025-32463)
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it