Monthly Archives: May 2025

The high price of untested code

Two-thirds of organizations are at risk of a costly software outage in the next year, according to Tricentis.
http://news.poseidon-us.com/TKpG8R

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google Chrome’s Loader, which attackers can use to make the browser leak cross-origin data that can be used to take over accounts. The vulnerability can be triggered with a maliciously crafted HTML page, on Chrome versions prior … More → The post CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) appeared first on Help Net Security.
http://news.poseidon-us.com/TKpG8B

Cranium introduces AI red teaming platform

Cranium has launched Arena, an AI red teaming platform built to proactively test and secure AI systems across the full model and supply chain lifecycle. As artificial intelligence continues its rapid integration into enterprise infrastructure, so too does the urgency for scalable and intelligent risk management. Cranium Arena provides a hands-on environment where organizations can simulate real-world cyber threats—both automated and human-led—against their AI models before attackers strike. “AI systems today are as powerful as they are … More → The post Cranium introduces AI red teaming platform appeared first on Help Net Security.
http://news.poseidon-us.com/TKpG3V

Deepfake attacks could cost you more than money

In this Help Net Security interview, Camellia Chan, CEO at X-PHY, discusses the dangers of deepfakes in real-world incidents, including their use in financial fraud and political disinformation. She explains AI-driven defense strategies and recommends updating incident response plans and internal policies, integrating detection tools, and ensuring compliance with regulations like the EU’s DORA to mitigate liability. How have attackers used deepfakes in real-world incidents, even if hypothetically, and how plausible are those tactics becoming? … More → The post Deepfake attacks could cost you more than money appeared first on Help Net Security.
http://news.poseidon-us.com/TKnznK

Polymorphic phishing attacks flood inboxes

AI is transforming the phishing threat landscape at a pace many security teams are struggling to match, according to Cofense. In 2024, researchers tracked one malicious email every 42 seconds. Many of the 42-second attacks were part of polymorphic phishing attacks. Unlike traditional phishing methods, polymorphic phishing attacks rely on dynamic changes to the appearance and structure of malicious emails or links. Attackers use sophisticated algorithms to alter subject lines, sender addresses, and email content … More → The post Polymorphic phishing attacks flood inboxes appeared first on Help Net Security.
http://news.poseidon-us.com/TKnzmq

Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed

The Linux Foundation, in collaboration with OpenSSF and Linux Foundation Education, has released the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families. “Cybersecurity is now a leadership issue, not just a technical one,” said Steve Fernandez, General Manager at OpenSSF. “Our framework gives organizations a straightforward way to identify gaps and prioritize the security skills that matter most, based … More → The post Cybersecurity Skills Framework connects the dots between IT job roles and the practical skills needed appeared first on Help Net Security.
http://news.poseidon-us.com/TKnzky

Safeguarding Data in the Era of AI

In Australia and New Zealand (ANZ), organisations are navigating unprecedented challenges in managing and securing their most valuable asset—data. While data is often likened to gold for its value, it can also resemble uranium: potent yet potentially hazardous, necessitating meticulous handling and minimal storage.
http://news.poseidon-us.com/TKnz1W

How working in a stressful environment affects cybersecurity

Stressful work environments don’t just erode morale, they can quietly undermine cybersecurity. When employees feel overworked, unsupported, or mistreated, their judgment and decision-making suffer. “From an organizational perspective, a toxic culture often leads to increased errors, missed threats, decreased productivity, and higher turnover rates,” said Rob Lee, Chief of Research and Head of Faculty at SANS Institute. According to CyberArk, 65% of office workers admit they’ve bypassed cybersecurity policies to stay productive. Frustration and anger … More → The post How working in a stressful environment affects cybersecurity appeared first on Help Net Security.
http://news.poseidon-us.com/TKnxDB

New infosec products of the week: May 16, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Hunted Labs, McAfee, Obsidian Security, PentestPad, Resecurity, and SecuX. Resecurity One simplifies cybersecurity operations Resecurity One provides real-time cyber threat intelligence from multiple sources, enabling organizations to proactively identify and respond to cyber threats. With comprehensive threat intelligence feeds and advanced analytics, organizations can detect and thwart cyber attacks before they cause harm. SecuX releases Bitcoin self-managed solution for SMBs … More → The post New infosec products of the week: May 16, 2025 appeared first on Help Net Security.
http://news.poseidon-us.com/TKnxC2

ISC Stormcast For Friday, May 16th, 2025 https://isc.sans.edu/podcastdetail/9454, (Fri, May 16th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TKnsqL