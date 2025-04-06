Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Attackers are probing Palo Alto Networks GlobalProtect portals

Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise.

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft

Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management, conditional access optimization, vulnerability remediation, and threat intelligence briefing.

Forward-thinking CISOs are shining a light on shadow IT

In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks of shadow IT.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)

A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x.

Building a cybersecurity strategy that survives disruption

Cybersecurity used to focus primarily on prevention. But in today’s environment, that’s not enough. That’s where cyber resilience comes in.

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog.

Review: Zero to Engineer

Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree.

Phishers are increasingly impersonating electronic toll collection companies

Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed.

Balancing data protection and clinical usability in healthcare

In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target.

Google is making sending end-to-end encrypted emails easy

Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday.

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework

BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable.

North Korean IT workers set their sights on European organizations

North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe.

Why global tensions are a cybersecurity problem for every business

With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive.

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code.

Generative AI is reshaping financial fraud. Can security keep up?

In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies.

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices

CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day.

Exegol: Open-source hacking environment

Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely.

Windows 11 quick machine recovery: Restoring devices with boot issues

Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024.

7 ways to get C-suite buy-in on that new cybersecurity tool

Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet connection. Securing buy-in is not just a technical challenge. It’s a game of strategy, storytelling, and persuasion.

Inside the AI-driven threat landscape

In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers

How to map and manage your cyber attack surface with EASM

Security specialists generally define the attack surface as the sum of all possible points in a system or network where attacks can be launched against. In other words, it can be described as the sum of all potential attack vectors

GenAI turning employees into unintentional insider threats

The amount of data being shared by businesses with GenAI apps has exploded, increasing 30x in one year, according to Netskope.

How to build an effective cybersecurity simulation

What should organizations actively do to make these simulations as real and valuable as possible?

Only 2-5% of application security alerts require immediate action

The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security.

Two things you need in place to successfully adopt AI

Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk.

Building a reasonable cyber defense program

In this article, we’ll identify and discuss several policy elements you can incorporate into your cybersecurity program that meet the standard of reasonableness.

Connected cars drive into a cybersecurity crisis

The very fact that someone can hack a vehicle and take control of it is terrifying, turning scenarios from movies into reality.

Your smart home may not be as secure as you think

In this article, we explore the security challenges of smart IoT devices in the home, potential threats like hacking and privacy breaches, and measures users can take to ensure the security of their connected devices.

The human side of insider threats: People, pressure, and payback

While cybercriminals are often in the spotlight, one of the most dangerous threats to your company might be hiding in plain sight, within your own team.

How to recognize and prevent deepfake scams

Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened.

