(IN)SECURE Newsletter - April 24, 2025

A smorgasbord of knowledge and news - View this email in your browser  (IN)SECURE Newsletter  April 24, 2025 A smorgasbord of knowledge and news A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original access vector was locked down. LLMs' tendency to "hallucinate" code packages that don't exist could become the basis for a new type of supply chain attack dubbed "slopsquatting". When participating in a Zoom call, you can grant remote control of your computer to others. While this feature may come in handy when dealing with trusted family, friends and colleagues, threat actors have started abusing it to install malware on targets' computer. Ideas to consider, practices to implement The legal blind spot of shadow IT Securing digital products under the Cyber Resilience Act When AI agents go rogue, the fallout hits the enterprise When companies merge, so do their cyber threats Strategic AI readiness for cybersecurity: From hype to reality Cybercriminal groups embrace corporate structures to scale, sustain operations Why shorter SSL/TLS certificate lifespans matter The quiet data breach hiding in AI workflows How to find out if your AI vendor is a security risk Why CISOs are doubling down on cyber crisis simulations Chief Legal Officers step up in cybersecurity oversight (Video) Get our news via e-mail Subscribe to get regular updates from Help Net Security. Choose between our daily and weekly newsletters, or you can also opt for specialized newsletters: Breaking news – sent for major events Cybersecurity jobs – sent weekly Open-source cybersecurity tools – sent monthly Open-source tools you should check out SWE-agent - A tool that uses LLMs to fix issues in GitHub repositories Hawk Eye - A scanner that uncovers secrets and PII across platforms Attack Flow - Learn how cyber adversaries combine and sequence offensive techniques Tirreno - A fraud prevention platform APTRS - An automated penetration testing reporting system Resources Broaden your knowledge and resolve issues (registration may be required): Enzoic AD Lite Password Audit Report Whitepaper: Voice of Security 2025 Report: Fortune 500 employee-linked account exposure Report: The State of Secrets Sprawl 2025 eBook: What does it take to be a full-fledged virtual CISO? Copyright © 2025 Help Net Security, All rights reserved.  You are receiving Help Net Security daily security news because you opted in at our web site located on www.helpnetsecurity.com. Our mailing address is:  Help Net Security  Astus d.o.o.  Kastav 51215  Croatia  Add us to your address book No longer interested in receiving these emails? Unsubscribe