Akira, LockBit actively searching for vulnerable Cisco ASA devices
Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. …
10 tips for creating your security hackathon playbook
For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These …
Choosing the right partner when outsourcing cybersecurity
In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing …
SOAPHound: Open-source tool to collect Active Directory data via ADWS
SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound …
As-a-Service tools empower criminals with limited tech skills
As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious …
Chinese hackers breached Dutch Ministry of Defense
Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. …
The fight against commercial spyware misuse is heating up
Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market …
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About …
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)
CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being …
Common cloud security mistakes and how to avoid them
According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud …
Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure
Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous …
Enhancing adversary simulations: Learn the business to attack the business
In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, …
Featured news
Resources
Don't miss
- January 2026 Patch Tuesday forecast: And so it continues
- How AI agents are turning security inside-out
- Security teams are paying more attention to the energy cost of detection
- Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
- PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)