Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558)
For the fifth time this year, Google has patched a Chrome zero-day vulnerability (CVE-2025-6558) exploited by attackers in the wild.
Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)
With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to be leveraged by attackers soon.
Experts unpack the biggest cybersecurity surprises of 2025
2025 has been a busy year for cybersecurity. From unexpected attacks to new tactics by threat groups, a lot has caught experts off guard. We asked cybersecurity leaders to share the biggest surprises they’ve seen so far this year and what those surprises might mean for the rest of us.
SonicWall SMA devices persistently infected with stealthy OVERSTEP backdoor and rootkit
Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned.
Making security and development co-owners of DevSecOps
In this Help Net Security interview, Galal Ibrahim Maghola, former Head of Cybersecurity at G42 Company, discusses strategic approaches to implementing DevSecOps at scale.
Vulnerable firmware for Gigabyte motherboards could allow bootkit installation
UEFI firmware running on 100+ Gigabyte motherboard models is affected by memory corruption vulnerabilities that may allow attackers to install persistent and difficult-to-detect bootkits (i.e., malware designed to infect the computer’s boot process).
What a mature OT security program looks like in practice
In this Help Net Security interview, Cindy Segond von Banchet CC, Cybersecurity Lead at Yokogawa Europe, shares her insights on what defines a sustainable OT security program.
Why we must go beyond tooling and CVEs to illuminate security blind spots
In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day.
How service providers can turn cybersecurity into a scalable MRR engine
Unlike traditional engagements that focus on short-term fixes, strategic cybersecurity programs are designed for resilience and continuity, embedding security into daily operations, supporting leadership decision-making, and ensuring alignment with business objectives.
Securing vehicles as they become platforms for code and data
In this Help Net Security interview, Robert Knoblauch, CISO at Element Fleet Management, discusses how the rise of connected vehicles and digital operations is reshaping fleet management cybersecurity.
Why silent authentication is the smarter way to secure BYOD
In this Help Net Security video, Andy Ulrich, CISO at Vonage, explains how silent authentication offers a smarter, seamless solution to the security and productivity challenges of BYOD.
Machine unlearning gets a practical privacy upgrade
Machine learning models are everywhere now, from chatbots to credit scoring tools, and they carry traces of the data they were trained on. When someone asks to have their personal data erased under laws like the GDPR, their data also needs to be wiped from the machine learning models that learned from it.
FAPI 2.0: How the OpenID Foundation is enabling scalable interoperability in global healthcare
In this Help Net Security interview, Gail Hodges, Executive Director at the OpenID Foundation, discusses how the Foundation ensures global consistency in FAPI 2.0 implementations and helps different industries, including healthcare, adopt secure and interoperable identity standards.
Most cybersecurity risk comes from just 10% of employees
A new report from Living Security and the Cyentia Institute sheds light on the real human element behind cybersecurity threats, and it’s not what most organizations expect.
Inorganic DNA: How nanoparticles could be the future of anti-counterfeiting tech
For decades, manufacturers and security professionals have been playing a high-stakes game of cat and mouse with counterfeiters. From holograms and QR codes to RFID tags and serial numbers, the industry’s toolkit has evolved, but so have the threats. Now, Italian startup Particular Materials is taking a radically different approach: tagging physical goods at the molecular level using engineered nanomaterials.
Ransomware drops, but don’t relax yet
WatchGuard has released its latest Internet Security Report, covering malware, network, and endpoint threats spotted by its Threat Lab in the first quarter of 2025.
Stop settling for check-the-box cybersecurity policies
After every breach, people ask: How did this happen if there were cybersecurity policies in place? The truth is, just having them doesn’t stop attacks. They only work if people know them and follow them when it matters.
AsyncRAT evolves as ESET tracks its most popular malware forks
AsyncRAT is an open-source remote access trojan that first appeared on GitHub in 2019. It includes a range of typical RAT capabilities, such as keylogging, screen capture, credential theft, and more.
Real-world numbers for estimating security audit costs
Each step in the audit process costs an organization time and money. In some cases, an organization can easily understand the direct costs, like how much an organization needs to pay the audit firm.
Falco: Open-source cloud-native runtime security tool for Linux
Falco is an open-source runtime security tool for Linux systems, built for cloud-native environments.
pqcscan: Open-source post-quantum cryptography scanner
pqcscan is an open-source tool that lets users scan SSH and TLS servers to see which Post-Quantum Cryptography (PQC) algorithms they claim to support.
Tired of gaps in your security? These open-source tools can help
In this article, we’ll take a look at some popular open-source tools that help with everything from log management to network and host monitoring, and even incident response.
Cybersecurity jobs available right now: July 15, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Review: Passwork 7.0, self-hosted password manager for business
Passwork recently launched version 7.0 of its self-hosted password manager, designed for everything from small teams to large enterprises. As an on-premises solution, Passwork runs on your own server, giving your team the ability to create, edit, and share passwords while admins monitor activity and control access to locally stored, sensitive data.
Product showcase: Enzoic for Active Directory
Enzoic for Active Directory is an easy-to-install plugin that integrates with Microsoft Active Directory (AD) to set, monitor, and remediate unsafe passwords and credentials.
Bitdefender PHASR: Proactive hardening demo overview
Discover how Bitdefender PHASR enables organizations to identify and remediate security misconfigurations before attackers can exploit them.
New infosec products of the week: July 18, 2025
Here’s a look at the most interesting products from the past week, featuring releases from At-Bay, Immersive, NETSCOUT, Socure, and Stellar Cyber.