AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as …
Using lightweight LLMs to cut incident response times and reduce hallucinations
Researchers from the University of Melbourne and Imperial College London have developed a method for using LLMs to improve incident response planning with a focus on reducing …
Fractional vs. full-time CISO: Finding the right fit for your company
In this Help Net Security interview, Nikoloz Kokhreidze, Fractional CISO at Mandos, discusses why many early- and growth-stage B2B companies hire full-time CISOs before it’s …
Product showcase: iStorage datAshur PRO+C encrypted USB flash drive
The iStorage datAshur PRO+C is a USB-C flash drive featuring AES-XTS 256-bit hardware encryption. Available in capacities from 32 GB to 512 GB, the drive holds FIPS 140-3 …
URL-based threats become a go-to tactic for cybercriminals
Cybercriminals are using advanced social engineering and AI-generated content to make malicious URLs difficult for users to identify, according to Proofpoint. Whether through …
CISOs need to think about risks before rushing into AI
Organizations are increasing investments in cloud, AI, and emerging technologies, but their infrastructure and security strategies often lag behind. A recent Unisys survey of …
Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)
Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific …
Alleged Rapper Bot DDoS botnet master arrested, charged
US federal prosecutors have charged a man with running Rapper Bot, a powerful botnet that was rented out to launch large-scale distributed denial-of-service (DDoS) attacks …
Commvault plugs holes in backup suite that allow remote code execution
Commvault has fixed four security vulnerabilities that may allow unauthenticated attackers to compromise on-premises deployments of its flagship backup and replication suite. …
Password crisis in healthcare: Meeting and exceeding HIPAA requirements
In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one …
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)
A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made …
The 6 challenges your business will face in implementing MLSecOps
Organizations that don’t adapt their security programs as they implement AI run the risk of being exposed to a variety of threats, both old and emerging ones. MLSecOps …