Tag: infosec

New infosec products of the week: December 5, 2025

Dec 5, 2025 6:32 AM

Tags: ai, infosec

Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind. BlackFog releases ADX … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/05/new-infosec-products-of-the-week-december-5-2025/
Your year-end infosec wrapped

Dec 4, 2025 8:32 PM

Tags: infosec

Bill explores how our biggest mistakes can be the catalysts for growth that we need. This week’s newsletter promises stories, lessons, and a fresh perspective on failure. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/your-year-end-infosec-wrapped/
Developers urged to immediately upgrade React, Next.js

Dec 4, 2025 5:32 AM

Tags: cloud, cve, data, email, exploit, firewall, flaw, framework, infosec, leak, network, rce, remote-code-execution, sans, software, threat, tool, vulnerability, waf

create-next-app and built for production is vulnerable without any specific code modifications by the developer,” Wiz also warns.The problem in React’s server package, designated CVE-2025-55182, is a logical deserialization vulnerability allowing the server to processes RSC payloads in an unsafe way. When a server receives a specially crafted, malformed payload, say Wiz researchers, it fails to validate the…
CSO 30 Awards 2025: Celebrating Excellence, Innovation and Leadership in Cybersecurity

Dec 2, 2025 4:49 PM

Tags: advisory, ai, automation, awareness, backup, business, ceo, cio, cyber, cybersecurity, data, endpoint, finance, google, governance, healthcare, incident response, infosec, jobs, office, phishing, ransomware, resilience, risk, service, strategy, technology, threat

UK CSO 30 2025 winner Greg Emmerson (right) with judge Andrew Barber (left) CSO UK / FoundryGreg Emmerson stood out for transforming both the culture and capability of Applegreen’s security organization. Emmerson established regional Centres of Excellence to strengthen collaboration and skill development across global teams, modernizing operations through Continuous Threat Exposure Management and enterprise-wide canary tooling. By unifying identities and embedding advanced…
CSO 30 Awards 2025: Celebrating Excellence, Innovation and Leadership in Cybersecurity

Dec 2, 2025 4:49 PM

Tags: advisory, ai, automation, awareness, backup, business, ceo, cio, cyber, cybersecurity, data, endpoint, finance, google, governance, healthcare, incident response, infosec, jobs, office, phishing, ransomware, resilience, risk, service, strategy, technology, threat

UK CSO 30 2025 winner Greg Emmerson (right) with judge Andrew Barber (left) CSO UK / FoundryGreg Emmerson stood out for transforming both the culture and capability of Applegreen’s security organization. Emmerson established regional Centres of Excellence to strengthen collaboration and skill development across global teams, modernizing operations through Continuous Threat Exposure Management and enterprise-wide canary tooling. By unifying identities and embedding advanced…
Infosec products of the month: November 2025

Nov 28, 2025 6:49 AM

Tags: data, infosec, network

Here’s a look at the most interesting products from the past month, featuring releases from: 1touch.io, Action1, Barracuda Networks, Bedrock Data, Bitdefender, Cyware, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/infosec-products-of-the-month-november-2025/
Black Friday 2025 for InfoSec: How to spot real value and avoid the noise

Nov 26, 2025 7:49 AM

Tags: email, infosec

Your inbox is probably drowning in Black Friday emails right now. Another >>limited time offer
New infosec products of the week: November 21, 2025

Nov 21, 2025 6:49 AM

Tags: ai, data, infosec

Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack. Kentik AI Advisor brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/new-infosec-products-of-the-week-november-21-2025/
New infosec products of the week: November 21, 2025

Nov 21, 2025 6:49 AM

Tags: ai, data, infosec

Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack. Kentik AI Advisor brings … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/21/new-infosec-products-of-the-week-november-21-2025/
New infosec products of the week: November 14, 2025

Nov 14, 2025 6:49 AM

Tags: infosec

Here’s a look at the most interesting products from the past week, featuring releases from Action1, Avast, Cyware, Firewalla, and Nokod Security. Action1 addresses Intune gaps … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/14/new-infosec-products-of-the-week-november-14-2025/
Malicious npm packages contain Vidar infostealer

Nov 7, 2025 2:20 PM

Tags: advisory, application-security, attack, cybersecurity, data-breach, detection, infosec, infrastructure, malicious, open-source, programming, risk, risk-management, service, software, supply-chain, technology, threat, tool, vulnerability

Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…
Malicious npm packages contain Vidar infostealer

Nov 7, 2025 2:20 PM

Tags: advisory, application-security, attack, cybersecurity, data-breach, detection, infosec, infrastructure, malicious, open-source, programming, risk, risk-management, service, software, supply-chain, technology, threat, tool, vulnerability

Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…
Malicious npm packages contain Vidar infostealer

Nov 7, 2025 2:20 PM

Tags: advisory, application-security, attack, cybersecurity, data-breach, detection, infosec, infrastructure, malicious, open-source, programming, risk, risk-management, service, software, supply-chain, technology, threat, tool, vulnerability

Typosquatting: One favorite tactic of threat actors trying to infect the open source software supply chain is typosquatting, the creation of packages with names similar to those of legitimate ones to trick unwitting developers searching for a particular library. For example, in 2018 a researcher found that threat actors had created phony libraries in the…
New infosec products of the week: November 7, 2025

Nov 7, 2025 6:19 AM

Tags: infosec, network

Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor. Bitdefender … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/07/new-infosec-products-of-the-week-november-7-2025/
How crooks use IT to enable cargo theft

Nov 5, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, awareness, breach, business, control, crime, cyber, cybersecurity, data, detection, email, endpoint, finance, fraud, government, group, incident response, infosec, infrastructure, insurance, Internet, jobs, law, login, mfa, network, password, phishing, privacy, risk, skills, smishing, social-engineering, supply-chain, technology, theft, threat, tool, training, vulnerability

Value of stolen shipments has doubled: It’s hard to determine the size of this IT-related cargo theft problem. The US National Insurance Crime Bureau estimates cargo theft losses from all sources increased 27% last year compared to 2023, to $35 billion.Versik CargoNet, a company that tracks physical supply chain crime for law enforcement agencies, insurance…
How crooks use IT to enable cargo theft

Nov 5, 2025 5:19 AM

Tags: access, ai, api, attack, authentication, awareness, breach, business, control, crime, cyber, cybersecurity, data, detection, email, endpoint, finance, fraud, government, group, incident response, infosec, infrastructure, insurance, Internet, jobs, law, login, mfa, network, password, phishing, privacy, risk, skills, smishing, social-engineering, supply-chain, technology, theft, threat, tool, training, vulnerability

Value of stolen shipments has doubled: It’s hard to determine the size of this IT-related cargo theft problem. The US National Insurance Crime Bureau estimates cargo theft losses from all sources increased 27% last year compared to 2023, to $35 billion.Versik CargoNet, a company that tracks physical supply chain crime for law enforcement agencies, insurance…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Ransomware negotiator, pay thyself!

Nov 4, 2025 12:19 AM

Tags: extortion, infosec, ransomware

Rogues committed extortion while working for infosec firms First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/rogue_ransomware_negotiators/
Ransomware negotiator, pay thyself! Rogues committed extortion while working for infosec firms

Nov 3, 2025 11:19 PM

Tags: extortion, infosec, ransomware

This is not what people mean when they say: ‘You should get a side hustle’ First seen on theregister.com Jump to article: www.theregister.com/2025/11/03/rogue_ransomware_negotiators/
Infosec products of the month: October 2025

Oct 31, 2025 6:19 AM

Tags: infosec

Here’s a look at the most interesting products from the past month, featuring releases from: Acronis, Akeyless, Axoflow, Blumira, Cayosoft, Confluent, Corelight, Elastic, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/31/infosec-products-of-the-month-october-2025/
Proton trains new service to expose corporate infosec cover-ups

Oct 30, 2025 8:19 PM

Tags: corporate, infosec, service

Service will tell on compromised organizations, even if they didn’t plan on doing so themselves First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/proton_data_breach_observatory/
Proton trains new service to expose corporate infosec cover-ups

Oct 30, 2025 8:19 PM

Tags: corporate, infosec, service

Service will tell on compromised organizations, even if they didn’t plan on doing so themselves First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/proton_data_breach_observatory/
Cyberpunks mess with Canada’s water, energy, and farm systems

Oct 30, 2025 4:19 PM

Tags: control, infosec, infrastructure

Infosec agency warns hacktivists broke into critical infrastructure systems to tamper with controls First seen on theregister.com Jump to article: www.theregister.com/2025/10/30/hacktivists_canadian_ics_systems/
WSUS attacks hit ‘multiple’ orgs as Google and other infosec sleuths ring Redmond’s alarm bell

Oct 28, 2025 1:26 AM

Tags: attack, google, infosec, update

If at first you don’t succeed, patch and patch again First seen on theregister.com Jump to article: www.theregister.com/2025/10/27/microsoft_wsus_attacks_multiple_orgs/
Scammers try to trick LastPass users into giving up credentials by telling them they’re dead

Oct 25, 2025 5:26 AM

Tags: access, advisory, authentication, breach, corporate, credentials, crypto, cybercrime, email, google, group, infosec, intelligence, login, mail, malicious, mfa, mitigation, password, phishing, phone, scam, social-engineering, threat

Staff should be using MFA: CSOs and IT managers should ensure that any password managers their employees use have phishing-resistant multifactor authentication or require an additional login factor, so if staff fall for a scam like this, the scammer can’t log in just using stolen credentials, Grimes said.If the corporate approved password manager doesn’t allow…
New infosec products of the week: October 24, 2025

Oct 24, 2025 6:26 AM

Tags: data, infosec

Here’s a look at the most interesting products from the past week, featuring releases from Axoflow, Elastic, Illumio, Keycard, Netscout and Rubrik. Axoflow Security Data Layer … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/24/new-infosec-products-of-the-week-october-24-2025/
AI browsers can be abused by malicious AI sidebar extensions: Report

Oct 24, 2025 5:26 AM

Tags: access, ai, apple, attack, awareness, browser, chrome, ciso, cloud, credentials, cybersecurity, google, guide, hacker, infosec, least-privilege, linux, macOS, malicious, malware, marketplace, microsoft, password, phishing, risk, smishing, threat, tool, training

‘Dumpster fires’: David Shipley, head of Canadian employee security awareness training firm Beauceron Security, agrees.”I think if CISOs are bored and want to spice up their lives with an incident, they should roll out these AI-powered hot messes to their users,” he said .”But, if they’re like most CISOs and they have lots of problems,…
Serious vulnerability found in Rust library

Oct 23, 2025 5:26 AM

Tags: advisory, attack, backup, container, control, data, email, exploit, flaw, incident response, infection, infosec, linux, malicious, open-source, pypi, radius, remote-code-execution, rust, software, supply-chain, unauthorized, update, vulnerability

async-tar Rust library. And not only is it in this library, but also in its many forks, including the widely used tokio-tar.”In the worst-case scenario, this vulnerability has a severity of 8.1 (High) and can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers say…