Microsoft 365 users targeted in device code phishing attacks
Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses…
Category: HelpnetSecurity
More than half of public vulnerabilities bypass leading WAFs
Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs…
Group Policy abuse reveals China-aligned espionage group targeting governments
ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks.…
Push Security detects and blocks malicious copy-and-paste activity
Push Security announced the release of a new feature designed to tackle one of the fastest-growing cyber threats: ClickFix-style attacks. The company’s latest innovation, malicious…
Should AI access be treated as a civil right across generations?
AI use is expanding faster than the infrastructure that supports it, and that gap is starting to matter for security, resilience, and access. A new…
The soft underbelly of space isn’t in orbit, it’s on the ground
In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space…
Privacy risks sit inside the ads that fill your social media feed
Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private…
What cybersecurity leaders are reading to stay ahead
If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on…
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November…
XM Cyber bridges external attack surface management with validated internal attack paths
XM Cyber announced an update to its platform that connects External Attack Surface Management with internal risk validation, closing the gap between what’s exposed outside…
Trellix advances NDR to close the OT-IT threat detection-to-response gap
Trellix announced Trellix NDR innovations, strengthening OT-IT security with integrated visibility across complex environments, enhanced detection capabilities, and automated investigation and response to reduce the…
Banks built rules for yesterday’s crime and RegTech is trying to fix that
Criminals are moving money across borders faster, and financial institutions are feeling the squeeze. Compliance teams feel this strain every day as they try to…