Hundreds of GitHub repos served up malware for years
Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first…
Category: HelpnetSecurity
Background check, drug testing provider DISA suffers data breach
DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered…
China-based Silver Fox spoofs healthcare app to deliver malware
Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting…
Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy
Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance…
Legit context turns raw data into actionable insights
By providing full context around both the application and the development environment, Legit’s ASPM platform empowers CISOs and their team to find, fix, and prevent…
Avoiding vendor lock-in when using managed cloud security services
In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud…
The CISO’s dilemma of protecting the enterprise while driving innovation
CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud…
Massive botnet hits Microsoft 365 accounts
A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining…
Account takeover detection: There’s no single tell
Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were…
Man vs. machine: Striking the perfect balance in threat intelligence
In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools…
Misconfig Mapper: Open-source tool to uncover security misconfigurations
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection…
Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack…