Tag: infosec
-
New infosec products of the week: January 23, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from cside, Obsidian Security, Rubrik, SEON, and Vectra AI. cside targets hidden website … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/23/new-infosec-products-of-the-week-january-23-2026/
-
Ransomware gang’s slip-up led to data recovery for 12 US firms
Tags: access, attack, backup, breach, business, citrix, cloud, corporate, cyber, data, data-breach, detection, encryption, endpoint, exploit, finance, group, incident response, infosec, infrastructure, law, linux, network, phishing, powershell, ransom, ransomware, risk, software, spear-phishing, sql, threat, tool, veeam, vulnerabilityscrutinize and audit your backups. If you have a regular backup schedule, is there unexpected or unexplained activity? Von Ramin Mapp notes that crooks are known to time data exfiltration to match corporate off-site backups as a way to hide their work;monitor for encrypted data leaving your environments and see where it goes. Does this…
-
Best of British: UK’s infosec envoys include Cisco, Palo Alto, and Accenture
Minister unwraps ambassadors of the Software Security Code of Practice First seen on theregister.com Jump to article: www.theregister.com/2026/01/21/uk_security_code_practice/
-
Three vulnerabilities in Anthropic Git MCP Server could let attackers tamper with LLMs
mcp-server-git versions prior to 2025-12.18.The three vulnerabilities are·CVE-2025-68143, an unrestricted git_init.·CVE-2025-68145, a path validation bypass.·CVE-2025-68144, an argument injection in git_diff.Unlike other vulnerabilities in MCP servers that required specific configurations, these work on any configuration of Anthropic’s official server, out of the box, Cyata says.Model Context Protocol (MCP) is an open standard introduced by Anthropic in 2024 to…
-
New infosec products of the week: January 16, 2026
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Acronis, JumpCloud, Noction, and SpyCloud. Acronis Archival Storage brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/16/new-infosec-products-of-the-week-january-16-2026/
-
Possible software supply chain attack through AWS CodeBuild service blunted
Developers shouldn’t expose build environments: CSOs should ensure developers don’t expose build environments, Meghu said. “Using public hosted services like GitHub is not appropriate for enterprise code management and deployment,” he added. “Having a private GitLab/GitHub, service, or even your own git repository server, should be the default for business, making this attack impossible if…
-
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Tags: access, ai, authentication, breach, business, communications, compliance, credentials, cybercrime, cybersecurity, dark-web, data, data-breach, defense, government, grc, group, identity, incident response, infosec, infrastructure, malware, monitoring, phishing, ransomware, risk, risk-management, service, supply-chain, technology, theft, threat, toolFor government agencies and critical infrastructure operators, supply chain threats present national security risks that demand heightened vigilance. Public sector organizations managing sensitive data and critical services increasingly rely on contractors and technology vendors whose compromised credentials could provide adversaries with pathways into classified systems or essential infrastructure. Last year alone, the top 98 Defense…
-
Week in review: WatchGuard Firebox firewalls attacked, infosec enthusiasts targeted with fake PoCs
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Building cyber talent through competition, residency, and real-world … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/28/week-in-review-watchguard-firebox-firewalls-attacked-infosec-enthusiasts-targeted-with-fake-pocs/
-
Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits
Malware peddlers are targeting infosec enthusiasts, budding security professionals, and aspiring hackers with the Webrat malware, masquerading the threat as proof-of-concept … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/23/fake-poc-exploits-webrat-malware/
-
CISA flags ASUS Live Update CVE, but the attack is years old
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-asus-live-update-cve-but-the-attack-is-years-old/
-
Not all CISA-linked alerts are urgent: ASUS Live Update CVE-2025-59374
An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/not-all-cisa-linked-alerts-are-urgent-asus-live-update-cve-2025-59374/
-
There’s so much stolen data in the world, South Korea will require face scans to buy a SIM
SK Telecom’s epic infosec faill will cost it another $1.5 billion First seen on theregister.com Jump to article: www.theregister.com/2025/12/22/south_korea_facial_verification/
-
New infosec products of the week: December 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/new-infosec-products-of-the-week-december-19-2025/
-
New infosec products of the week: December 19, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Apiiro, Astra Security, Push Security, Trellix, and XM Cyber. Apiiro unveils AI SAST … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/19/new-infosec-products-of-the-week-december-19-2025/
-
InfoSec Impact Award 2026 – Gesucht: IT-Sicherheitslösungen für die Verwaltung
Tags: infosecFirst seen on security-insider.de Jump to article: www.security-insider.de/gesucht-it-sicherheitsloesungen-fuer-die-verwaltung-a-c623c37a709c5307e358e0f5a3017c1c/
-
Block all AI browsers for the foreseeable future: Gartner
Analysts worry lazy users could have agents complete mandatory infosec training, and attackers could do far nastier things First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/gartner_recommends_ai_browser_ban/
-
Warning: React2Shell vulnerability already being exploited by threat actors
Tags: ai, application-security, attack, china, cloud, communications, credentials, data, data-breach, exploit, firewall, framework, group, infosec, intelligence, linux, malicious, malware, open-source, service, software, threat, tool, update, vulnerability, wafSystem.Management.Automation.AmsiUtils.amsiInitFailed = true (a standard AMSI bypass), and iex executes the next stage.JFrog’s security research team also today reported finding a working proof of concept that leads to code execution, and they and others have also reported finding fake PoCs containing malicious code on GitHub. “Security teams must verify sources before testing [these PoCs],” warns JFrog.Amitai Cohen, attack…
-
New infosec products of the week: December 5, 2025
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/new-infosec-products-of-the-week-december-5-2025/
-
Your year-end infosec wrapped
Tags: infosecBill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/your-year-end-infosec-wrapped/
-
Developers urged to immediately upgrade React, Next.js
create-next-app and built for production is vulnerable without any specific code modifications by the developer,” Wiz also warns.The problem in React’s server package, designated CVE-2025-55182, is a logical deserialization vulnerability allowing the server to processes RSC payloads in an unsafe way. When a server receives a specially crafted, malformed payload, say Wiz researchers, it fails to validate the…
-
CSO 30 Awards 2025: Celebrating Excellence, Innovation and Leadership in Cybersecurity
Tags: advisory, ai, automation, awareness, backup, business, ceo, cio, cyber, cybersecurity, data, endpoint, finance, google, governance, healthcare, incident response, infosec, jobs, office, phishing, ransomware, resilience, risk, service, strategy, technology, threatUK CSO 30 2025 winner Greg Emmerson (right) with judge Andrew Barber (left) CSO UK / FoundryGreg Emmerson stood out for transforming both the culture and capability of Applegreen’s security organization. Emmerson established regional Centres of Excellence to strengthen collaboration and skill development across global teams, modernizing operations through Continuous Threat Exposure Management and enterprise-wide canary tooling. By unifying identities and embedding advanced…
-
CSO 30 Awards 2025: Celebrating Excellence, Innovation and Leadership in Cybersecurity
Tags: advisory, ai, automation, awareness, backup, business, ceo, cio, cyber, cybersecurity, data, endpoint, finance, google, governance, healthcare, incident response, infosec, jobs, office, phishing, ransomware, resilience, risk, service, strategy, technology, threatUK CSO 30 2025 winner Greg Emmerson (right) with judge Andrew Barber (left) CSO UK / FoundryGreg Emmerson stood out for transforming both the culture and capability of Applegreen’s security organization. Emmerson established regional Centres of Excellence to strengthen collaboration and skill development across global teams, modernizing operations through Continuous Threat Exposure Management and enterprise-wide canary tooling. By unifying identities and embedding advanced…
-
Infosec products of the month: November 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/infosec-products-of-the-month-november-2025/
-
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise
Your inbox is probably drowning in Black Friday emails right now. Another >>limited time offer
-
New infosec products of the week: November 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack. Kentik AI Advisor brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/new-infosec-products-of-the-week-november-21-2025/
-
New infosec products of the week: November 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack. Kentik AI Advisor brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/new-infosec-products-of-the-week-november-21-2025/
-
New infosec products of the week: November 14, 2025
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Action1, Avast, Cyware, Firewalla, and Nokod Security. Action1 addresses Intune gaps … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/14/new-infosec-products-of-the-week-november-14-2025/
-
Malicious npm packages contain Vidar infostealer
Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…
-
Malicious npm packages contain Vidar infostealer
Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…
-
Malicious npm packages contain Vidar infostealer
Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…