Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. The vulnerabilities have been privately disclosed and there is no indication that they are under active exploitation. Nevertheless,…
Tag: Help Net Security
Stealthy backdoor found hiding in SOHO devices running Linux
SecurityScorecard’s STRIKE team has uncovered a network of compromised small office and home office (SOHO) devices they’re calling LapDogs. The threat is part of a broader shift in how China-Nexus threat actors are using Operational Relay Box (ORB) networks to…
How CISOs can justify security investments in financial terms
In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. He also shows how framing cyber risk in business terms can strengthen investment cases and…
Quantum risk is already changing cybersecurity
A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. The report, Approaching Quantum Dawn: Closing the Cybersecurity Readiness…
Review: Redefining Hacking
Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. About the authors Omar Santos is a Distinguished Engineer at Cisco focusing on…
Medical device cyberattacks push hospitals into crisis mode
22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Three-quarters of these incidents disrupted patient care, including 24% that required patient transfers to other facilities. The survey reveals that healthcare cybersecurity has evolved…
71% of new hires click on phishing emails within 3 months
New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Why new hires are easy targets for phishing attacks Based on data from 237 companies…
Week in review: Keyloggers found on Outlook login pages, police shut down dark web drug market
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Researchers unearth keyloggers on Outlook login pages Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and…
Microsoft boosts default security of Windows 365 Cloud PCs
Windows 365 Cloud PCs now come with new default settings aimed at preventing / minimizing data exfiltration and malicious exploits, Microsoft has announced. Windows 365 Cloud PCs are Azure (i.e., Windows 365 service)-hosted virtual Windows PCs the company offers as…
DuckDuckGo’s Scam Blocker now blocks more types of scams
Online scams are getting worse and more varied. DuckDuckGo knows that, so they’ve made changes. Their built-in Scam Blocker now stops more kinds of scam sites, all without tracking you. How Scam Blocker works (Source: DuckDuckGo) “If you accidentally click…