433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | [email protected] | Office: (813) 563-2652

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint Connector. Proof-of-concept (PoC) exploit code for CVE-2025-20128 is available, Cisco said, but the company is not aware of the vulnerability being exploited in the wild. Credit for reporting the flaw has been given to OSS-Fuzz, Google’s continuous fuzzing … More → The post Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw appeared first on Help Net Security.
http://news.poseidon-us.com/THXMWR

Google Cloud links poor credentials to nearly half of cloud-based attacks

Cloud services with weak credentials were prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.
http://news.poseidon-us.com/THXD1M

Appdome Threat Dynamics analyzes and ranks mobile threats

Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the likelihood of a successful exploit from more than 400+ attack vectors and calculate a Mobile Risk Index for each business and mobile application. This allows businesses to see how threats move across the production environment, empowering them to quickly prioritize and focus on the attack vectors … More → The post Appdome Threat Dynamics analyzes and ranks mobile threats appeared first on Help Net Security.
http://news.poseidon-us.com/THX4xT

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company said on Wednesday. About CVE-2025-23006 SonicWall Secure Mobile Access (SMA) is a unified secure access gateway used by organizations to provide employees access to applications from anywhere. The SMA 1000 series of appliances is aimed … More → The post SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) appeared first on Help Net Security.
http://news.poseidon-us.com/THX4wQ

DigitalOcean Per-Bucket Access Keys boosts object storage security

DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping to enhance their data security and simplifying management. Prior to the introduction of Per-Bucket Access Keys, many customers chose to limit the types of applications they ran on DigitalOcean infrastructure to those without object storage requirements or with minimal access management requirements in order to better control access to their … More → The post DigitalOcean Per-Bucket Access Keys boosts object storage security appeared first on Help Net Security.
http://news.poseidon-us.com/THX1Wt

Bitsight Instant Insights accelerates vendor risk assessments

Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize security questionnaires and reports, allowing security and compliance teams to make faster, more informed risk decisions. Security and risk management teams are constantly challenged to onboard new vendors, renew existing partnerships, and address backlogs of assessments—all while dealing with limited resources. Instant Insights, part of Bitsight IQ, delivers critical information … More → The post Bitsight Instant Insights accelerates vendor risk assessments appeared first on Help Net Security.
http://news.poseidon-us.com/THX1WG

Defense strategies to counter escalating hybrid attacks

In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against hybrid attacks. What are the most promising technologies or methodologies for distinguishing between false flags and authentic attribution markers in cyberattacks? Can behavioral analysis contribute to identifying an attacker’s motives when both nation-states and cybercriminals use overlapping tactics? Distinguishing false flags from … More → The post Defense strategies to counter escalating hybrid attacks appeared first on Help Net Security.
http://news.poseidon-us.com/THWtLF

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features a built-in crawler to discover additional URLs for testing. The tool is designed to adapt to specific web caches for enhanced testing efficiency, is customizable, and integrates into existing CI/CD pipelines. Features Analyzing a web cache before testing … More → The post Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning appeared first on Help Net Security.
http://news.poseidon-us.com/THWtK8

CISOs are juggling security, responsibility, and burnout

This article gathers excerpts from multiple reports, presenting statistics and insights that may be valuable for CISOs, helping them with informed decision-making, risk management, and developing strategies to enhance their organization’s cybersecurity posture. CISOs don’t invest enough in code security 72% of security leaders agree that the age of AI necessitates a complete reset of how organizations approach application security, according to Cycode. This urgency is reinforced by the fact that 93 billion lines of … More → The post CISOs are juggling security, responsibility, and burnout appeared first on Help Net Security.
http://news.poseidon-us.com/THWrBW