Cisco released its 2025 Data Privacy Benchmark Study. The report looks at global trends in data privacy and how they affect businesses. The study gathered responses from 2,600 privacy and security experts in 12 countries. It highlights the need for…
Category: Help Net Security
New infosec products of the week: April 4, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam. Exabeam Nova accelerates threat detection and response By correlating multiple detections within a case and using a proprietary threat…
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability…
Bitsight Identity Intelligence provides visibility into compromised accounts
Bitsight launched Bitsight Identity Intelligence, a new, standalone threat intelligence module designed to help security teams detect compromised credentials, prevent unauthorized access, and proactively mitigate risk across their extended attack surface. Approximately 77% of web application breaches involved stolen credentials1,…
Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up with a…
Phishers are increasingly impersonating electronic toll collection companies
Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta,…
Corgea BLAST uncovers hidden vulnerabilities in code
Corgea launches BLAST (Business Logic Application Testing), its AI-driven cybersecurity platform designed to address the risks associated with hidden code vulnerabilities, human error, and security flaws introduced by AI-assisted coding tools. Traditional Static Application Security Testing (SAST) scanners and manual…
1touch.io helps organizations safeguard sensitive data
1touch.io launched the next-generation Enterprise Data Security Posture Management (DSPM) platform, a solution designed specifically for hybrid, multi-cloud, on-premises, and mainframe environments. By integrating continuous data discovery, real-time access intelligence, AI-powered risk prioritization, and policy-driven orchestration into a unified platform,…
Bluefin simplifies network tokenization access and management for merchants
Bluefin announced the addition of network tokenization capabilities to its ShieldConex Tokenization as a Service and Orchestration platforms, enabling merchants to directly provision network-issued payment tokens from card brands such as Visa, Mastercard, American Express, and Discover. Network tokenization replaces…
CyberQP launches Zero Trust Helpdesk Security Platform
CyberQP has launched its Zero Trust Helpdesk Security Platform—combining QGuard for Privileged Access Management (PAM) and QDesk for End-User Access Management (EUAM). This unified solution helps IT teams reduce risk, improve efficiency, and eliminate standing privileges across the organization. A…