Week in review: LLM package hallucinations harm supply chains, Nagios Log Server flaws fixed
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)
Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.”
When companies merge, so do their cyber threats
For CISOs, mergers and acquisitions (M&A) bring both potential and risk. These deals can drive growth, but they also open the door to serious cybersecurity threats that may derail the transaction.
Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)
CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania.
The quiet data breach hiding in AI workflows
As AI becomes embedded in daily business workflows, the risk of data exposure increases. Prompt leaks are not rare exceptions. They are a natural outcome of how employees use large language models. CISOs cannot treat this as a secondary concern.
Cozy Bear targets EU diplomats with wine-tasting invites (again)
APT29 (aka Cozy Bear, aka Midnight Blizzard) is, once again, targeting European diplomats with fake invitations to wine-tasting events, Check Point researchers have shared.
Securing digital products under the Cyber Resilience Act
In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in terms of regulatory complexity and impact on organizations.
Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers.
Funding uncertainty may spell the end of MITRE’s CVE program
The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it.
When AI agents go rogue, the fallout hits the enterprise
In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems.
Hertz data breach: Customers in US, EU, UK, Australia and Canada affected
American car rental company Hertz has suffered a data breach linked to last year’s exploitation of Cleo zero-day vulnerabilities by a ransomware gang.
Cybercriminal groups embrace corporate structures to scale, sustain operations
In this Help Net Security interview, Sandy Kronenberg, CEO of Netarx, discusses how cybercriminal groups are adopting corporate structures and employee incentives to scale operations, retain talent, and evade detection.
Critical flaws fixed in Nagios Log Server
The Nagios Security Team has fixed three critical vulnerabilities affecting popular enterprise log management and analysis platform Nagios Log Server.
Review: Hands-On Industrial Internet of Things
Hands-On Industrial Internet of Things is a practical guide designed specifically for professionals building and securing industrial IoT (IIoT) systems.
Package hallucination: LLMs may deliver malicious code to careless devs
LLMs’ tendency to “hallucinate” code packages that don’t exist could become the basis for a new type of supply chain attack dubbed “slopsquatting” (courtesy of Seth Larson, Security Developer-in-Residence at the Python Software Foundation).
Tirreno: Open-source fraud prevention platform
Tirreno is an open-source fraud prevention platform designed as a universal analytics tool to monitor online platforms, web applications, SaaS products, digital communities, mobile apps, intranets, and e-commerce websites.
The UK’s phone theft crisis is a wake-up call for digital security
Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving the £50 million trade. Nationally, cases have doubled to 83,900 annually.
Inside PlugValley: How this AI vishing-as-a-service group operates
In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered vishing-as-a-service.
Sector by sector: How data breaches are wrecking bottom lines
Data breaches are rising across industries, hitting healthcare, finance, and retail especially hard. The damage goes beyond lost data, as it’s financial, operational, and reputational.
Strategic AI readiness for cybersecurity: From hype to reality
AI readiness in cybersecurity involves more than just possessing the latest tools and technologies; it is a strategic necessity.
Chief Legal Officers step up in cybersecurity oversight
In this Help Net Security video, Jennifer Chen, Executive Director of the Association of Corporate Counsel (ACC) Foundation, discusses how globally, Chief Legal Officers (CLOs) are becoming integral leaders in cybersecurity strategy, holding leadership positions, and frequently reporting cybersecurity strategies to the company board.
The future of authentication: Why passwordless is the way forward
By now, most CISOs agree: passwords are the weakest link in the authentication chain. They’re easy to guess, hard to manage, and constantly reused.
Why shorter SSL/TLS certificate lifespans matter
Digital certificates are the unsung heroes of the internet, silently verifying that the websites, apps, and services you use are legit and your data is safe. For years, we’ve leaned on certificates with maximum validity term stretching for months and, in some cases, even years.
94% of firms say pentesting is essential, but few are doing it right
Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt.
Browser extensions make nearly every employee a potential attack vector
Despite being present on virtually every employee’s browser, extensions are rarely monitored by security teams or controlled by IT, according to LayerX.
Organizations can’t afford to be non-compliant
Non-compliance can cost organizations 2.71 times more than maintaining compliance programs, according to Secureframe.
Cybersecurity jobs available right now: April 15, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Cyber threats against energy sector surge as global tensions mount
Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors.
SafeLine Bot Management: Self-hosted alternative to Cloudflare
SafeLine is an open-source, self-hosted Web Application Firewall (WAF) and reverse proxy designed for organizations that value autonomy, visibility, and customizability.
New infosec products of the week: April 18, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Cyware, Entrust, PlexTrac, and Seemplicity.