Collaborate Disseminate
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Salesloft Drift data breach: Investigation reveals how attackers got in The attack that resulted in the Salesloft Drift data breach started with the compr… Continue reading Week in review: Salesloft Drift breach investigation results, malicious GitHub Desktop installers
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of compromising UEFI-based systems and weaponizing CVE-2024-7344 to bypass UEFI Se… Continue reading HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot
In this Help Net Security video, John Wilson, Senior Fellow, Threat Research at Fortra, explores the state of DMARC adoption across the top 10 million internet domains. He explains how SPF, DKIM, and DMARC work together to prevent email spoofing, why m… Continue reading The state of DMARC adoption: What 10M domains reveal
LLMs can make mistakes, leak data, or be tricked into doing things they were not meant to do. Garak is a free, open-source tool designed to test these weaknesses. It checks for problems like hallucinations, prompt injections, jailbreaks, and toxic outp… Continue reading Garak: Open-source LLM vulnerability scanner
Organizations often operate as if their security controls are fully effective simply because they’re deployed, configured, and monitored. Firewalls are in place, endpoints are protected, and SIEM rules are running. All good, right? Not so fast. A… Continue reading Fixing silent failures in security controls with adversarial exposure validation
Data breaches cost more for financial organizations than they do for those in many other industries. In attempting to strengthen your financial organization’s cybersecurity, you must contend with evolving regulatory obligations, outdated IT infra… Continue reading Download: Cyber defense guide for the financial sector
In this Help Net Security video, Matt Fangman, Field CTO at SailPoint, discusses whether an AI culture war is inevitable. He explores the rise of AI agents as a new identity type, the need for guardrails and human supervision, and how organizations can… Continue reading Are we headed for an AI culture war?
The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos. The proble… Continue reading Cyber defense cannot be democratized
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach In the wake of last week’s revelation of a breach at Salesloft by a gro… Continue reading Week in review: Several companies affected by the Salesloft Drift breach, Sitecore 0-day vulnerability
We work in an industry driven by Common Vulnerabilities and Exposures (CVE). Each security update released by myriad vendors addresses some flaw in software that could be exploited and those flaws that are publicly acknowledged are assigned a CVE desig… Continue reading September 2025 Patch Tuesday forecast: The CVE matrix