Aggregator

You must login to view this content

You must login to view this content

Vibe coding might sound like a trendy term, but it's really just developing software without automated checks and quality gates. Traditional engineering disciplines have always relied on safety measures and quality controls, so vibe coding should be no different in my honest opinion.

The post Automated Guard Rails for Vibe Coding appeared first on Security Boulevard.

You must login to view this content

Cyolo announced several major new capabilities, headlined by Cyolo Third-Party VPN Control. This capability within the company’s Cyolo PRO (Privileged Remote Operations) solution delivers visibility and access control for enforced third-party VPN and direct connections without requiring changes to production infrastructure or vendor workflows. In today’s industrial environments, even organizations with mature security programs face a critical blind spot: third-party connections they cannot govern or even see. Some vendors insist on using their own legacy … More →

The post Cyolo expands remote access coverage for OT and cyber-physical systems appeared first on Help Net Security.

The UK government has appointed Blaise Florence Metreweli as the next Chief of the Secret Intelligence Service (SIS), also known as MI6. Metreweli will take up the role, traditionally referred to by the codename “C,” succeeding Sir Richard Moore, who is stepping down after five years in the post. Metreweli’s appointment marks a historic first for the agency. She will become the first woman to lead MI6 in its 116-year history. Her promotion reflects both … More →

The post History made as MI6 appoints first female Chief appeared first on Help Net Security.

In 2025, app store security threats have reached unprecedented levels, driven by increasingly sophisticated cybercriminal tactics and expanding attack surfaces.

The post App Store Security Threats in 2025: Why Hackers Target Mobile Ecosystems  appeared first on Security Boulevard.

Vulnerabilities affecting the SinoTrack GPS tracking platform may allow attackers to keep tabs on vehicles’ location and even perform actions such as disconnecting power to vehicles’ fuel pump (if the tracker can interact with a car’s system). The warning was issued by the Cybersecurity and Infrastructure Security Agency (CISA) last week, based on a report by security researcher Raúl Ignacio Cruz Jiménez, and the vulnerabilities have yet to be patched. The vulnerabilities (CVE-2025-5484, CVE-2025-5485) SinoTrack … More →

The post SinoTrack GPS vulnerabilities may allow attackers to track, control vehicles appeared first on Help Net Security.

Car-sharing giant Zoomcar Holdings, Inc. has disclosed a significant cybersecurity incident that compromised sensitive personal information of approximately 8.4 million users.  The breach, discovered on June 9, 2025, represents one of the largest data exposures in the mobility sector, highlighting ongoing vulnerabilities in cloud infrastructure security.  According to an SEC Form 8-K filing, threat actors […]

The post Zoomcar Hacked – 8.4 Million Users’ Sensitive Details Exposed appeared first on Cyber Security News.

The Microsoft email accounts of several Washington Post journalists whose coverage includes national security and economic policy, including China, where hacked and could give the bad actors access to the messages that were sent and received.

The post Washington Post Journalists’ Microsoft Email Accounts Hacked appeared first on Security Boulevard.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon, offers an up-close glimpse at the thinking that drove his move to exposure management. You can read the entire Exposure Management Academy series here.

As we shift our security focus at Verizon to proactive exposure management, we’re consolidating tools and teams to focus on real-world, exploitable risks. By aligning offensive security functions under a unified strategy, prioritizing exploitable threats and fostering collaboration, we're moving our focus beyond compliance-based remediation to risk-based remediation.

You know the story: Those of us in cybersecurity play a high-stakes game of Whac-a-mole® just about every day. We spend our lives chasing down vulnerabilities and issuing (or responding to) mandates like, "Patch within 30 days” or “Code red, patch now!”

But as attack surfaces grow and threat actors become more sophisticated, this reactive approach has become inadequate. 

At Verizon, we recognized that, with such a heterogeneous landscape that has to serve the diverse needs of corporate, retail, mobile field techs and more, the best solution was not another collection of disparate tech. We needed a single, consolidated exposure management platform that could cover every corner of our enterprise. The journey to get there broke down silos and shifted our mindset from being compliance-driven to a risk-based focus. 

Importantly, before we even considered new technology, we needed to align multiple teams, each with their own tools and priorities, behind a shared strategy.

Security teams have always juggled a patchwork of tools: Separate tools for attack surface management, asset visibility, vulnerability scanning, identity exposure and cloud security. In most companies, different teams operate the solutions and each one requires its own set of expertise. The intent of the fragmentation is to ensure you have people with the right skills remediating the right problems. 

The siloed approach slows response times and creates blind spots that can leave critical vulnerabilities unaddressed simply because they fall outside a team’s area of expertise. You cannot do attack path analysis in silos!

I don’t want to be in the business of just checking boxes. 

We needed to build a security program that prioritizes real-world risks, rather than every vulnerability. And, in that effort, it’s clear that the value of an integrated approach outweighs the benefits of niche features.

So, to handle these challenges, we opted to consolidate under a single platform: Tenable One.

While the right platform makes all the difference, implementing exposure management isn't purely technical. It’s organizational. Launching an exposure management program means shifting ownership of key, siloed security functions, which can require teams to work together in ways they haven’t before.

For example, at Verizon, attack surface management was previously handled by a separate team. Now, those individuals are part of my group. The Active Directory team, which runs identity exposure tools like Bloodhound, remains independent, but we collaborate closely so they see the security insights as valuable rather than punitive. 

The internet of things (IoT) and operational technology (OT) security specialists who previously used a different set of tools now all work within the same framework.

Security teams accustomed to working in silos must now share data and decision-making, which can be a tough adjustment. I found that the key to overcoming this is transparency and partnership. 

In fact, reading a bit of Dale Carnegie regularly can be just as important as a daily dose of Brian Krebs. 

So, to ease the transition, rather than imposing top-down mandates, we’ve focused on aligning teams through shared objectives, clear communication and demonstrating value early in the process. By involving stakeholders from the start, in areas like identity security, IT operations and cloud security, we’re ensuring that change isn’t something done to them, but something they actively shape and support.

I want to emphasize that none of this happened overnight. 

It required high-level buy-in and careful planning. These teams weren’t just being asked to use a new tool, they were being asked to change the way they work. The only way to make that transition successful is by showing team members how this approach makes their jobs easier, not harder.

One of the biggest mindset shifts in exposure management is recognizing that not every vulnerability needs to be patched immediately. Sure, it can be a hard thing to wrap your head around. But when everything is critical, nothing is critical. And that approach just leads to burnout, inefficiency and more exposures. 

Instead, at Verizon, we focus on vulnerabilities that are actually exploitable and part of a realistic attack path.

So, if there’s a critical vulnerability in an application but no feasible way for an attacker to reach it, should it really be the top priority? On the other hand, if a vulnerability provides a direct path to a crown jewel asset, we need to address it immediately. 

The key is prioritization based on real-world attack scenarios, not arbitrary severity scores.

Another critical advantage of exposure management is how it changes security conversations at the executive level. Instead of delivering long lists of vulnerabilities that mean little to non-technical leaders, we can present a clear picture in a few key points:

• What’s at risk?
• How could an attacker get in?
• What are the most urgent priorities to fix?

And when a major vulnerability hits, we don’t have to scramble to figure out if we are affected. We have the data at our fingertips. That’s the real value of exposure management: Speed, clarity and the ability to act before attackers do.

At its core, exposure management is about shifting from reactive security to proactive security. It’s not just about fixing vulnerabilities anymore. It’s about understanding risk in the context of the business. 

As more organizations move in this direction, exposure management will continue to evolve. 

Vendor consolidation is ongoing, teams are being restructured and security leaders are realizing that patching everything everywhere all at once is an impossible task. 

So, like Verizon, the industry must focus on what really matters: Preventing the attacks that could actually lead to a compromise.

And for those of us at the tip of the spear in this shift, it’s time to stop being reactive and start managing exposure like the strategic risk it is.

• Read the Security leaders’ guide to exposure management strategy, a proven, pragmatic approach to standing up an exposure management program — plus advice for scoping it, engaging stakeholders and obtaining buy-in.

Whac-a-Mole is a registered trademark of Mattel Inc.

The post Exposure Management Is the Future of Proactive Security appeared first on Security Boulevard.

Each Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon, offers an up-close glimpse at the thinking that drove his move to exposure management. You can read the entire Exposure Management Academy series here.

As we shift our security focus at Verizon to proactive exposure management, we’re consolidating tools and teams to focus on real-world, exploitable risks. By aligning offensive security functions under a unified strategy, prioritizing exploitable threats and fostering collaboration, we're moving our focus beyond compliance-based remediation to risk-based remediation.

You know the story: Those of us in cybersecurity play a high-stakes game of Whac-a-mole® just about every day. We spend our lives chasing down vulnerabilities and issuing (or responding to) mandates like, "Patch within 30 days” or “Code red, patch now!”

But as attack surfaces grow and threat actors become more sophisticated, this reactive approach has become inadequate. 

At Verizon, we recognized that, with such a heterogeneous landscape that has to serve the diverse needs of corporate, retail, mobile field techs and more, the best solution was not another collection of disparate tech. We needed a single, consolidated exposure management platform that could cover every corner of our enterprise. The journey to get there broke down silos and shifted our mindset from being compliance-driven to a risk-based focus. 

Importantly, before we even considered new technology, we needed to align multiple teams, each with their own tools and priorities, behind a shared strategy.

Security teams have always juggled a patchwork of tools: Separate tools for attack surface management, asset visibility, vulnerability scanning, identity exposure and cloud security. In most companies, different teams operate the solutions and each one requires its own set of expertise. The intent of the fragmentation is to ensure you have people with the right skills remediating the right problems. 

The siloed approach slows response times and creates blind spots that can leave critical vulnerabilities unaddressed simply because they fall outside a team’s area of expertise. You cannot do attack path analysis in silos!

I don’t want to be in the business of just checking boxes. 

We needed to build a security program that prioritizes real-world risks, rather than every vulnerability. And, in that effort, it’s clear that the value of an integrated approach outweighs the benefits of niche features.

So, to handle these challenges, we opted to consolidate under a single platform: Tenable One.

While the right platform makes all the difference, implementing exposure management isn't purely technical. It’s organizational. Launching an exposure management program means shifting ownership of key, siloed security functions, which can require teams to work together in ways they haven’t before.

For example, at Verizon, attack surface management was previously handled by a separate team. Now, those individuals are part of my group. The Active Directory team, which runs identity exposure tools like Bloodhound, remains independent, but we collaborate closely so they see the security insights as valuable rather than punitive. 

The internet of things (IoT) and operational technology (OT) security specialists who previously used a different set of tools now all work within the same framework.

Security teams accustomed to working in silos must now share data and decision-making, which can be a tough adjustment. I found that the key to overcoming this is transparency and partnership. 

In fact, reading a bit of Dale Carnegie regularly can be just as important as a daily dose of Brian Krebs. 

So, to ease the transition, rather than imposing top-down mandates, we’ve focused on aligning teams through shared objectives, clear communication and demonstrating value early in the process. By involving stakeholders from the start, in areas like identity security, IT operations and cloud security, we’re ensuring that change isn’t something done to them, but something they actively shape and support.

I want to emphasize that none of this happened overnight. 

It required high-level buy-in and careful planning. These teams weren’t just being asked to use a new tool, they were being asked to change the way they work. The only way to make that transition successful is by showing team members how this approach makes their jobs easier, not harder.

One of the biggest mindset shifts in exposure management is recognizing that not every vulnerability needs to be patched immediately. Sure, it can be a hard thing to wrap your head around. But when everything is critical, nothing is critical. And that approach just leads to burnout, inefficiency and more exposures. 

Instead, at Verizon, we focus on vulnerabilities that are actually exploitable and part of a realistic attack path.

So, if there’s a critical vulnerability in an application but no feasible way for an attacker to reach it, should it really be the top priority? On the other hand, if a vulnerability provides a direct path to a crown jewel asset, we need to address it immediately. 

The key is prioritization based on real-world attack scenarios, not arbitrary severity scores.

Another critical advantage of exposure management is how it changes security conversations at the executive level. Instead of delivering long lists of vulnerabilities that mean little to non-technical leaders, we can present a clear picture in a few key points:

• What’s at risk?
• How could an attacker get in?
• What are the most urgent priorities to fix?

And when a major vulnerability hits, we don’t have to scramble to figure out if we are affected. We have the data at our fingertips. That’s the real value of exposure management: Speed, clarity and the ability to act before attackers do.

At its core, exposure management is about shifting from reactive security to proactive security. It’s not just about fixing vulnerabilities anymore. It’s about understanding risk in the context of the business. 

As more organizations move in this direction, exposure management will continue to evolve. 

Vendor consolidation is ongoing, teams are being restructured and security leaders are realizing that patching everything everywhere all at once is an impossible task. 

So, like Verizon, the industry must focus on what really matters: Preventing the attacks that could actually lead to a compromise.

And for those of us at the tip of the spear in this shift, it’s time to stop being reactive and start managing exposure like the strategic risk it is.

• Read the Security leaders’ guide to exposure management strategy, a proven, pragmatic approach to standing up an exposure management program — plus advice for scoping it, engaging stakeholders and obtaining buy-in.

Whac-a-Mole is a registered trademark of Mattel Inc.

For the latest discoveries in cyber research for the week of 16th June, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES One of South Korea’s largest ticketing platforms Yes24 has been a victim of a ransomware attack that resulted in a four-day service outage, disrupting online bookings for concerts, e-book access, and community […]

The post 16th June – Threat Intelligence Report appeared first on Check Point Research.

Zoomcar Holdings, Inc., the prominent car-sharing platform, has confirmed a significant data breach that has compromised the personal information of approximately 8.4 million users. The incident, which was first detected on June 9, 2025, was disclosed in a recent filing with the U.S. Securities and Exchange Commission (SEC), raising concerns about data security and privacy […]

The post Zoomcar Data Breach Exposes Sensitive Details of 8.4 Million Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.