Monthly Archives: May 2025

Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)

A critical vulnerability (CVE-2025-4322) in Motors, a WordPress theme popular with car/motor dealerships and rental services, can be easily exploited by unauthenticated attackers to take over admin accounts and gain full control over target WP-based sites. The privileges thus acquired allow attackers to inject scripts that steal user data, make download links point to malware, redirect visitors to malicious sites, install a backdoor, or steal data saved in the underlying database. About CVE-2025-4322 Motors is … More → The post Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322) appeared first on Help Net Security.
http://news.poseidon-us.com/TKvMSX

Carmakers rev up AI efforts amid economic uncertainty

Ford, General Motors and Toyota pursue use cases to enhance customer experience, optimize costs and drive profits, executives said in their latest financial reports.
http://news.poseidon-us.com/TKvKbh

Veeam Kasten for Kubernetes v8 unifies VM and container data protection

Veeam Software launched Veeam Kasten for Kubernetes v8, designed to bring data resilience to both traditional virtual machines (VMs) and cloud-native environments, delivering security and operational efficiency. Veeam Kasten for Kubernetes v8 introduces new innovations in Kubernetes data resilience, providing enterprise-ready modern virtualization, enhanced security, effortless operations at scale, and ultimate customer freedom of choice. This latest release reinforces Veeam’s commitment to enabling enterprises to seamlessly manage their data in a unified infrastructure – securely … More → The post Veeam Kasten for Kubernetes v8 unifies VM and container data protection appeared first on Help Net Security.
http://news.poseidon-us.com/TKvCll

Strider Spark protects organizations from state-sponsored threats

Strider announced new capabilities for Spark, the company’s proprietary AI-powered intelligence engine that is transforming how organizations identify and mitigate risks associated with state-sponsored threats. Industry, government, and academic organizations are vulnerable to ongoing nation-state operations that target and compromise networks, intellectual property, people, and supply chains. Spark delivers detailed threat analysis within seconds to provide organizations with deeper insights into the risk environment through a streamlined interface that includes intuitive, query-based exploration. Spark enables … More → The post Strider Spark protects organizations from state-sponsored threats appeared first on Help Net Security.
http://news.poseidon-us.com/TKvChP

What good threat intelligence looks like in practice

In this Help Net Security interview, Anuj Goel, CEO of Cyware, discusses how threat intelligence is no longer a nice to have, it’s a core cyber defense requirement. But turning intelligence into action remains a challenge for many organizations. The path forward lies in integration, automation, and collaboration across technical and executive teams. With the right strategy, threat intelligence can become not just a source of awareness, but a driver of speed, precision, and resilience. … More → The post What good threat intelligence looks like in practice appeared first on Help Net Security.
http://news.poseidon-us.com/TKv7BS

AutoPatchBench: Meta’s new way to test AI bug fixing tools

AutoPatchBench is a new benchmark that tests how well AI tools can fix code bugs. It focuses on C and C++ vulnerabilities found through fuzzing. The benchmark includes 136 real bugs and their verified fixes, taken from the ARVO dataset. Patch generation flowchart CyberSecEval 4 AutoPatchBench is part of Meta’s CyberSecEval 4, a benchmark designed to objectively evaluate and compare various LLM-based auto-patching agents for vulnerabilities specifically identified via fuzzing, a widely used method of … More → The post AutoPatchBench: Meta’s new way to test AI bug fixing tools appeared first on Help Net Security.
http://news.poseidon-us.com/TKv3H8

Third-party cyber risks and what you can do

When a third-party tech vendor suffers a cyber incident, your business can feel the effects immediately. That’s why it’s crucial to treat vendor risk as part of your cybersecurity posture. In this Help Net Security video, Mike Toole, Director of Security and IT at Blumira, explores why visibility into your vendor ecosystem is essential: from understanding which vendors you use and what data they access, to how they protect it. Learn how to build third-party … More → The post Third-party cyber risks and what you can do appeared first on Help Net Security.
http://news.poseidon-us.com/TKv26Z

Nation-state APTs ramp up attacks on Ukraine and the EU

Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers, according to ESET. Ukraine faces rising cyber threats The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. Gamaredon remained the most prolific actor targeting Ukraine, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. “The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it … More → The post Nation-state APTs ramp up attacks on Ukraine and the EU appeared first on Help Net Security.
http://news.poseidon-us.com/TKv25m

ISC Stormcast For Wednesday, May 21st, 2025 https://isc.sans.edu/podcastdetail/9460, (Wed, May 21st)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TKv1RP

From Red to Real: Why It’s Time to Rethink Cyber Risk Reporting

Jason Ha speaks to iTnews ahead of his AusCERT tutorial on bringing structure, clarity and traceability to cyber risk communication.
http://news.poseidon-us.com/TKtv2X