ToolShell under siege: Check Point analyzes Chinese APT Storm-2603

Storm-2603 group exploits SharePoint flaws and uses a custom C2 framework, AK47 C2, with HTTP- and DNS-based variants named AK47HTTP and AK47DNS. Check Point Research is tracking a ToolShell... Read more »

The blind spot: digital supply chain is now a board-level imperative

Many companies lack visibility into complex digital supply chains, meaning hidden risks and regulatory exposure. Cyber security requires continuous mapping and board engagement Read more »

CISA released Thorium platform to support malware and forensic analysis

CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform... Read more »

Smart steps to keep your AI future-ready

In this Help Net Security interview, Rohan Sen, Principal, Cyber, Data, and Tech Risk, PwC US, discusses how organizations can design autonomous AI agents with strong governance from day... Read more »

It’s time to sound the alarm on water sector cybersecurity

A cyberattack on a water facility can put entire communities and businesses at risk. Even a short disruption in clean water supply can have serious public health and safety... Read more »

What attackers know about your company thanks to AI

In this Help Net Security video, Tom Cross, Head of Threat Research at GetReal Security, explores how generative AI is empowering threat actors. He breaks down three key areas:... Read more »

Review: CISA Certified Information Systems Auditor Practice Tests

CISA Certified Information Systems Auditor Practice Tests offers practical, domain-by-domain prep for the CISA exam, with hundreds of questions covering key objectives and real-world systems audit skills. About the... Read more »

Security gaps still haunt shared mobile device use in healthcare

Shared mobile devices are becoming the standard in hospitals and health systems. While they offer cost savings and workflow improvements, many organizations are still struggling to manage the security... Read more »

Infosec products of the month: July 2025

Here’s a look at the most interesting products from the past month, featuring releases from: Akeyless, At-Bay, Barracuda Networks, Bitdefender, Cynomi, Darwinium, DigitalOcean, Immersive, Lepide, Malwarebytes, ManageEngine, NETSCOUT, PlexTrac,... Read more »

Russia-linked APT Secret Blizzard targets foreign embassies in Moscow with ApolloShadow malware

Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard... Read more »
Subscribe to our Newsletter