Cloud-audit: Fast, open-source AWS security scanner
Running AWS security audits without a dedicated security team typically means choosing between enterprise platforms with per-check billing and generic open-source scanners that produce findings…
Category: HelpnetSecurity
Software vulnerabilities push credential abuse aside in cloud intrusions
Cloud intrusions are unfolding on shorter timelines, with attackers leaning more on unpatched software and compromised identities. H2 2025 distribution of initial access vectors exploited…
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page,…
Microsoft flips Windows Autopatch to default hotpatch security updates
Microsoft is changing the default behavior in Windows Autopatch so that hotpatch security updates are enabled automatically for eligible devices managed through Microsoft Intune or…
Messenger can warn you about sketchy links without knowing what you clicked
Meta’s Advanced browsing protection (ABP) helps Messenger identify and warn users about potentially harmful websites they open from a chat. Malicious sites can try to…
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a…
This spy tool has been quietly stealing data for years
ESET researchers have traced the resurgence of Sednit through a modern toolkit built around two complementary implants, BeardShell and Covenant, each relying on a separate…
Teen crew caught selling DDoS attack tools
Seven minors who distributed online programs designed to facilitate DDoS attacks have been identified by Poland’s Central Bureau for Combating Cybercrime (CBZC). They were between…
Phishing campaign spoofs local officials to steal permit fees
The FBI is warning about a phishing scheme in which cybercriminals impersonate city and county officials to solicit fraudulent payments for planning and zoning permits.…
New Claude tool uses AI agents to find bugs in pull requests
Anthropic’s Claude Code Review is a new tool, available as a research preview beta for Team and Enterprise plans, that sends a team of AI…
The people behind cyber extortion are often in their forties
Many cybercrime investigations end with arrests or indictments that reveal little about the people behind the operations. When authorities do disclose demographic details, the pattern…
Airbus CSO on supply chain blind spots, space threats, and the limits of AI red-teaming
Pascal Andrei, CSO at Airbus, knows that the aerospace and defense sector is facing a threat environment that is evolving faster than most organizations can…