Apple offers $2 million for zero-click exploit chains
Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million. “Our bonus …
Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371)
CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by …
October 2025 Patch Tuesday forecast: The end of a decade with Microsoft
A lot of classic software is reaching end-of-life (EOL) this month. Windows 10, Office 2016 and Exchange Server 2016 have survived after nearly a decade of service. Not far …
From theory to training: Lessons in making NICE usable
SMBs may not have big budgets, but they are on the receiving end of many cyberattacks. A new study from Cleveland State University looked at how these companies could train …
Securing agentic AI with intent-based permissions
When seatbelts were first introduced, cars were relatively slow and a seatbelt was enough to keep drivers safe in most accidents. But as vehicles became more powerful, …
Nagios: Open-source monitoring solution
Nagios is an open-source monitoring solution, now included as part of the robust Nagios Core Services Platform (CSP). It delivers end-to-end visibility across the entire IT …
Your SOC is tired, AI isn’t
Security teams have discussed AI in the SOC for years, but solid evidence of its impact has been limited. A recent benchmark study by Dropzone puts measurable evidence behind …
New infosec products of the week: October 10, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Object First, OPSWAT, Radiflow, and Semperis. OPSWAT’s MetaDefender Drive delivers …
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the …
Attackers compromised ALL SonicWall firewall configuration backup files
The attackers who brute-forced their way into SonicWall’s firewall cloud backup service accessed configuration backup files of all customers who have used the service, …
Researchers develop AI system to detect scam websites in search results
Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent …
Behind the screens: Building security customers appreciate
In this Help Net Security interview, Jess Vachon, CISO at PRA Group, discusses the company’s multi-layered defense against fraud and its commitment to protecting customer …