Security News

Lastest stories from HelpNetSecurity

• EU Council adopts the NIS2 directive
  November 29, 2025 by Help Net Security
  The European Council adopted legislation for a high common level of cybersecurity across the Union, to further improve the resilience and incident response capacities of both the public and private sector and the EU as a whole. The new directive, called “NIS2“, will replace the current directive on security of network and information systems (the […]
• Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
  November 29, 2025 by Zeljka Zorz
  A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog. About CVE-2021-35587 CVE-2021-35587 was discovered by security researchers “Jang” (Nguyen Jang) […]
• The top 200 most common passwords in 2022 are bad, mkay?
  November 29, 2025 by Zeljka Zorz
  According to NordPass’ latest list of top 200 most common passwords in 2022, “password” is the most popular choice, followed by “123456”, “123456789”, “guest” and “qwerty“. 2022 is ending and 2023 is almost upon us, but despite yearly entreates to users to up their password game, weak and often (re)used passwords are obviously still a […]
• Cybercriminals are cashing in on FIFA World Cup-themed cyberattacks
  November 29, 2025 by Help Net Security
  The hype and popularity of the FIFA World Cup has attracted audiences from across the globe. And this, in turn attracts a variety of cybercriminals, who want to exploit the varied fan following, and the organizations participating, to make a quick buck. Advanced persistent threat (APT) campaigns, phishing, credit card/cryptocurrency fraud, DDoS attacks, and identity […]
• 7 free cybersecurity resources you need to bookmark
  November 28, 2025 by Help Net Security
  CodeSec CodeSec is a CLI based tool which brings Contrast’s enterprise-level security testing right to your laptop. It allows you to run real-time SAST or Serverless scans and receive actionable results in a matter of minutes. Defendify Essentials Package Assess your cyber risk, test your network, and improve awareness with essential tools from Defendify: Cybersecurity […]
• Many Global 2000 companies lack proper domain security
  November 28, 2025 by Help Net Security
  CSC released its third annual Domain Security Report that found three out of four Forbes Global 2000 companies have not adopted key domain security measures—exposing them to high risk of security threats. These companies have implemented less than half of all domain security measures. In addition, lookalike domains are targeting those companies as well—with 75% […]