In this Help Net Security interview, Tim Grieveson, CSO at ThingsRecon, breaks down the first steps security teams should take to regain visibility, the most common blind spots in asset discovery, and why context should drive risk prioritization. What are…
Category: Help Net Security
CTM360 report: Ransomware exploits trust more than tech
A recent wave of ransomware attacks has disrupted major retailers across the UK. According to a new report from CTM360, the attackers didn’t need to break down the door, they were invited in through misplaced trust and weak identity safeguards.…
Many rush into GenAI deployments, frequently without a security net
70% percent of organizations view the pace of AI development, particularly in GenAI, as the leading security concern related to its adoption, followed by lack of data integrity (64%) and trustworthiness (57%), according to Thales. GenAI becomes a top spending…
Review: CompTIA Network+ Study Guide, 6th Edition
If you’re planning to tackle the CompTIA Network+ certification (N10-009), chances are you’ve already come across the name Todd Lammle. A long-established authority in the networking and certification world, Lammle, along with co-author Jon Buhagiar, returns with the sixth edition…
Be careful what you share with GenAI tools at work
We use GenAI at work to make tasks easier, but are we aware of the risks? According to Netskope, the average organization now shares more than 7.7GB of data with AI tools per month, and 75% of enterprise users are…
Lumma Stealer Malware-as-a-Service operation disrupted
A coordinated action by US, European and Japanese authorities and tech companies like Microsoft and Cloudflare has disrupted the infrastructure behind Lumma Stealer, the most significant infostealer threat at the moment. What is Lumma Stealer? Lumma Stealer is Malware-as-a-Service offering…
Data-stealing VS Code extensions removed from official Marketplace
Developers who specialize in writing smart (primarily Ethereum) contracts using the Solidity programming language have been targeted via malicious VS Code extensions that install malware that steals cryptocurrency wallet credentials. “Based on shared infrastructure and obfuscation characteristics, we attribute all…
Anchore SBOM tracks software supply chain issues
Anchore announced the next phase of its SBOM strategy with the release of Anchore SBOM. With the addition of Anchore SBOM, Anchore Enterprise now provides a centralized platform for viewing, managing and analyzing Software Bill of Materials (SBOMs), including the…
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)
A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. The privileges thus acquired…
Strider Spark protects organizations from state-sponsored threats
Strider announced new capabilities for Spark, the company’s proprietary AI-powered intelligence engine that is transforming how organizations identify and mitigate risks associated with state-sponsored threats. Industry, government, and academic organizations are vulnerable to ongoing nation-state operations that target and compromise…