Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
June 2025 Patch Tuesday forecast: Second time is the charm?
Microsoft has been busy releasing more out-of-band (OOB) patches than usual throughout May.
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
Google has fixed two Chrome vulnerabilities, including a zero-day flaw (CVE-2025-5419) with an in-the-wild exploit.
Rethinking governance in a decentralized identity world
Decentralized identity (DID) is gaining traction, and for CISOs, it’s becoming a part of long-term planning around data protection, privacy, and control. As more organizations experiment with verifiable credentials and self-sovereign identity models, a question emerges: Who governs the system when no single entity holds the reins?
Attackers fake IT support calls to steal Salesforce data
Over the past several months, a threat group has been actively breaching organizations’ Salesforce instances and exfiltrating customer and business data, Google Threat Intelligence Group (GTIG) has warned.
How global collaboration is hitting cybercriminals where it hurts
In this Help Net Security interview, William Lyne, Deputy Director of UK’s National Crime Agency, discusses the cybercrime ecosystem and the threats it enables.
Attackers breached ConnectWise, compromised customer ScreenConnect instances
A suspected “sophisticated nation state actor” has compromised ScreenConnect cloud instances of a “very small number” of ConnectWise customers, the company has revealed on Wednesday.
CISO 3.0: Leading AI governance and security in the boardroom
In this Help Net Security interview, Aaron McCray, Field CISO at CDW, discusses how AI is transforming the CISO role from a tactical cybersecurity guardian into a strategic enterprise risk advisor.
How to manage your cyber risk in a modern attack surface
Because of this rapid growth of the attack surface, it’s becoming more and more difficult for security teams to maintain visibility and respond to emerging threats. Meanwhile, threat actors are growing more opportunistic, actively scanning for weaknesses and striking faster than traditional monitoring systems can detect.
Agentic AI and the risks of unpredictable autonomy
In this Help Net Security interview, Thomas Squeo, CTO for the Americas at Thoughtworks, discusses why traditional security architectures often fail when applied to autonomous AI systems.
The hidden risks of LLM autonomy
Large language models (LLMs) have come a long way from the once passive and simple chatbots that could respond to basic user prompts or look up the internet to generate content. Today, they can access databases and business applications, interact with external systems to independently execute complex tasks and make business decisions.
Why IAM should be the starting point for AI-driven cybersecurity
In this Help Net Security interview, Benny Porat, CEO at Twine Security, discusses applying AI agents to security decisions.
Bankers Association’s attack on cybersecurity transparency
A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection.
Why SAP security updates are a struggle for large enterprises
In this Help Net Security video, Jonathan Stross, SAP Security Analyst at Pathlock, examines why managing SAP security updates is so complex for enterprises.
Meta open-sources AI tool to automatically classify sensitive documents
Meta has released an open source AI tool called Automated Sensitive Document Classification. It was originally built for internal use and is designed to find sensitive information in documents and apply security labels automatically.
CISOs need better tools to turn risk into action
Many organizations are overwhelmed by the complexity of their IT systems, making it difficult to manage cybersecurity risks, according to a new Ivanti report.
Security awareness training isn’t stopping breaches. Can AI help?
In this Help Net Security video, Mick Leach, Field CISO at Abnormal AI, explores why security awareness training (SAT) is failing to reduce human error, the top cause of cybersecurity incidents.
48% of security pros are falling behind compliance requirements
32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje.
Review: Metasploit, 2nd Edition
f you’ve spent any time in penetration testing, chances are you’ve crossed paths with Metasploit. The second edition of Metasploit tries to bring the book in line with how pentesters are using the tool. It mostly succeeds, with some caveats depending on your experience level and what you’re hoping to get out of it.
Ransomware and USB attacks are hammering OT systems
Ransomware, trojans, and malware delivered through USB devices are putting growing pressure on industrial systems, according to the Honeywell 2025 Cyber Threat Report, which draws on data from monitoring tools deployed across industrial sites around the world.
Vet: Open-source software supply chain security tool
Vet is an open source tool designed to help developers and security engineers spot risks in their software supply chains. It goes beyond traditional software composition analysis by detecting known vulnerabilities and flagging malicious packages.
Photos: Infosecurity Europe 2025
Infosecurity Europe 2025 is a cybersecurity event taking place from June 3 to 5 in London. Help Net Security is on-site and here’s a closer look at the conference. The second gallery is here.
Development vs. security: The friction threatening your code
Developers are driven to deliver new features quickly, while security teams prioritize risk mitigation, which often puts the two at odds.
Protecting patient data starts with knowing where it’s stored
Patient data is often stored or processed outside the country where it was collected. When that happens, the data falls under the laws of the country where it resides. Depending on those laws, local governments may have legal access to that data. For healthcare organizations and CISOs, knowing where data lives and who controls it is key to keeping it safe.
Cybersecurity jobs available right now: June 3, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Product showcase: Smarter pentest reporting and exposure management with PlexTrac
PlexTrac is a pentest reporting and threat exposure management platform that helps organizations continuously address their most critical threats.
New infosec products of the week: June 6, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and Varonis.
