Monthly Archives: April 2025

Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201)

Apple has released emergency security updates for iOS/iPadOS, macOS, tvOS and visionOS that fix two zero-day vulnerabilities (CVE-2025-31200, CVE-2025-31201) that have been exploited “in an extremely sophisticated attack against specific targeted individuals on iOS.” CVE-2025-31200 and CVE-2025-31201 CVE-2025-31200 affects CoreAudio, an API Apple devices use for processing audio. The memory corruption vulnerability can be triggered with a maliciously crafted media file: when the audio stream in it is processed, it allows attackers to execute malicious … More → The post Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) appeared first on Help Net Security.
http://news.poseidon-us.com/TKCfQM

Cyber threats against energy sector surge as global tensions mount

Cyberattacks targeting the energy sector are increasing, driven by a host of geopolitical and technological factors. A report published by Sophos in July 2024, and which surveyed 275 cybersecurity and IT leaders from the energy, oil/gas, and utilities sector across 14 countries, found 67% of respondents who said their organizations had suffered a ransomware attack in the last year. While Sophos’ figure remained steady year-over-year, a January 2025 report authored by TrustWave said that ransomware … More → The post Cyber threats against energy sector surge as global tensions mount appeared first on Help Net Security.
http://news.poseidon-us.com/TKCfPX

Gurucul introduces self-driving SIEM powered by AI enhancements

Gurucul announced a quantum leap forward with a self-driving SIEM powered by extensive AI enhancements and infused within a revamped AI-centric user interface for improved and effective execution of collect, detect, investigate, threat hunt and response workflows to its Unified Data and Security Analytics Platform—REVEAL. Supercharged with multiple AI agents throughout the entire threat management lifecycle, these new autonomous capabilities greatly reduce intensive engineering, maintenance and operational tasks, resulting in a “self-driving” SIEM that augments … More → The post Gurucul introduces self-driving SIEM powered by AI enhancements appeared first on Help Net Security.
http://news.poseidon-us.com/TKCWtk

Symbiotic Security v1 empowers developers to write secure code

Symbiotic Security launched Symbiotic Security version 1 that ensures code security keeps pace with development speed, by using AI to secure code in real-time through remediation and training integrated within their workflows. Symbiotic Security v1 empowers developers to write secure code from the outset during the development process, and maximize the productivity gains of AI-assisted coding. Its intelligent detection and remediation identifies vulnerabilities in real-time, instantly providing secure code suggestions that developers can accept, modify, … More → The post Symbiotic Security v1 empowers developers to write secure code appeared first on Help Net Security.
http://news.poseidon-us.com/TKCT14

Ebryx LLMSec protects LLMs and autonomous AI agents in production environments

Ebryx launched LLMSec — a suite of specialized security services designed to protect Large Language Models (LLMs) and autonomous AI agents in production environments. The new risk landscape for AI builders From OpenAI-based copilots to autonomous agents built with LangChain or CrewAI, LLMs are revolutionizing development. But their complexity introduces unique vulnerabilities: Prompt injection & jailbreaking – Malicious prompts can hijack model behavior Data leakage – Sensitive information exposed through model outputs Agent misuse – … More → The post Ebryx LLMSec protects LLMs and autonomous AI agents in production environments appeared first on Help Net Security.
http://news.poseidon-us.com/TKCSzs

When AI agents go rogue, the fallout hits the enterprise

In this Help Net Security interview, Jason Lord, CTO at AutoRABIT, discusses the cybersecurity risks posed by AI agents integrated into real-world systems. Issues like hallucinations, prompt injections, and embedded biases can turn these systems into vulnerable targets. Lord calls for oversight, continuous monitoring, and human-in-the-loop controls to combat these threats. Many AI agents are built on foundation models or LLMs. How do the inherent unpredictabilities of these models—like hallucinations or prompt injections—translate into risks … More → The post When AI agents go rogue, the fallout hits the enterprise appeared first on Help Net Security.
http://news.poseidon-us.com/TKCQ0y

Microsoft vulnerabilities: What’s improved, what’s at risk

Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more complex ecosystems. But one of the more telling metrics for CISOs is not just how many bugs were found — it’s how dangerous they were. In that regard, the data offers some good news. … More → The post Microsoft vulnerabilities: What’s improved, what’s at risk appeared first on Help Net Security.
http://news.poseidon-us.com/TKCQ0H

Inside PlugValley: How this AI vishing-as-a-service group operates

In this Help Net Security video, Alexis Ober, Threat Intel Analyst at Fortra, discusses the threat actor group PlugValley, which is now offering AI-powered vishing-as-a-service. Rather than requiring technical skills or large budgets, PlugValley’s service lets any cybercriminal launch vishing campaigns using customizable AI agents with human-like voices, spoofed caller IDs, and real-time call adaptation to boost success rates — all sold via Telegram subscriptions for up to $1,999/month. The post Inside PlugValley: How this AI vishing-as-a-service group operates appeared first on Help Net Security.
http://news.poseidon-us.com/TKCNBp

Review: Hands-On Industrial Internet of Things

Hands-On Industrial Internet of Things is a practical guide designed specifically for professionals building and securing industrial IoT (IIoT) systems. About the authors Giacomo Veneri brings deep expertise in telecommunications and AI, shaped by over 25 years in IoT and AI applications within industrial environments. As Director of AI Specialists at Baker Hughes, he spearheads machine learning innovations that bridge cutting-edge research with practical, real-world solutions. Antonio Capasso offers extensive experience managing large-scale IT projects … More → The post Review: Hands-On Industrial Internet of Things appeared first on Help Net Security.
http://news.poseidon-us.com/TKCNBk

ISC Stormcast For Thursday, April 17th, 2025 https://isc.sans.edu/podcastdetail/9412, (Thu, Apr 17th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TKCJx7