France accuses Russia's GRU of cyberattacks targeting French entities, including those linked to the 2024 Olympics, since 2021. These attacks spotlight ongoing security vulnerabilities amid geopolitical tensions.

Google reports a decrease to 75 zero-day vulnerabilities exploited in 2024 from 98 in 2023, with a notable rise in state-sponsored cyber-espionage, predominantly from China, Russia, and South Korea. The report highlights increased targeting of enterprise technologies, urging vendors to bolster security against such threats.

A recent Oligo report unveils critical flaws in Apple's AirPlay, potentially allowing remote hijacking of devices without user action. While Apple issued patches, many third-party devices remain at risk, underlining the security challenges of integrating Apple tech across diverse platforms.

Cloudflare reported an unprecedented spike in DDoS attacks, with 20.5 million incidents in Q1 2025, a 358% increase from last year. Germany was the most targeted, and the Gambling & Casinos sector faced the most threats.

Hewlett Packard Enterprise unveiled major updates to its cloud security solutions at the RSA Conference, focusing on zero trust networking and AI-driven protection for hybrid environments. These enhancements to the Aruba Networking and GreenLake platforms reflect HPE's strategy to bolster defenses against sophisticated cyber threats, emphasizing the need for modern IT infrastructure.

Pistachio, an AI-driven cybersecurity training firm from Oslo, secures $7 million in Series A funding, boosting total funding to $10.5 million. The capital will fuel expansion in Europe and North America, addressing human error in cybersecurity with innovative training solutions.

CISA warns of cyberattacks targeting vulnerabilities in Commvault, Active! Mail, and Broadcom Brocade solutions, urging prompt updates by May 19, 2025. These vulnerabilities include a critical flaw in Commvault's Backup & Recovery software that allows remote execution of web shells, exploited by nation-state actors.

Two suspects were arrested on April 22 as part of an international operation to dismantle JokerOTP, a phishing tool that stole over £7.5 million by intercepting 2FA codes. This three-year investigation involved collaboration between UK police, the National Crime Agency, Europol, and the Dutch National Police, highlighting a concerted global effort to combat sophisticated cybercrime.

Abnormal AI has launched autonomous AI agents aimed at transforming employee training and enhancing email security to combat evolving cyber threats. CEO Evan Reiser emphasizes the need for personalized, real-time threat education and advanced detection capabilities, leading to innovations like the AI Phishing Coach and AI Data Analyst, which streamline security processes and improve threat response efficiency.

Sentra launches 'Data Security for AI Agents,' addressing AI security challenges for enterprises, ensuring compliance and data protection. The solution features real-time monitoring and supports major AI toolkits, with a showcase at RSA Conference 2025.

Trend Micro has unveiled an AI Detection Model using NVIDIA's Morpheus AI framework on AWS to enhance threat detection efficiency. This integration leverages AWS's infrastructure for global reach and rapid, scalable threat analysis, offering advanced security measures for AI-driven workloads.

Postal codes are crucial in e-commerce for fraud detection and identity verification, yet they pose privacy risks. Their sensitivity is underscored by GDPR, requiring them to be treated as PII.

At RSA Conference 2025, Cisco unveiled AI-driven security innovations to tackle AI threats, enhancing endpoint visibility and industrial network protection. Other highlights include Mindgard's findings on AI vulnerabilities and X-PHY's offline deepfake detection tool.

Palo Alto Networks is set to acquire Protect AI for over $500 million, reinforcing its commitment to AI-driven cybersecurity. This move highlights the growing industry emphasis on securing AI technologies.

Two critical zero-day vulnerabilities in Craft CMS, CVE-2025-32432 and CVE-2024-58136, have been actively exploited, affecting thousands of instances. Craft CMS released patches and urged updates to mitigate these severe threats, which have already compromised nearly 300 sites.

Wallarm's analysis highlights critical security risks associated with AI agents, particularly through APIs, with 65% of AI-related cybersecurity issues linked to them. To combat these threats, Wallarm introduces Agentic AI Protection, set to launch in Summer 2025, providing advanced security measures against various AI attack vectors.

Slopsquatting, a novel AI-driven cybersecurity threat, emerges as fake software dependencies are suggested by models like GPT-4, risking supply chain integrity. Experts urge enhanced access controls and AI-driven countermeasures to mitigate these risks, highlighting a whitepaper by Palo Alto Networks that outlines strategies against adversarial prompt attacks.

NetFoundry has raised $12 million in its first venture round led by SYN Ventures, aiming to revolutionize secure networking with embeddable zero-trust connectivity. This funding marks a pivotal step for NetFoundry's network-as-code model, already adopted by major firms globally, enhancing security without traditional VPNs or MPLS.

A new phishing scam is deceiving WooCommerce users with fake security alerts to install malware disguised as critical patches. The attack creates hidden admin accounts and can lead to severe site compromise, mimicking tactics seen in a 2023 campaign against WordPress.