Author: Kirsten Doyle

As the world steps into 2025, the cybersecurity landscape is set to evolve at an unprecedented pace, driven by the convergence of emerging technologies, sophisticated threats, and tightening regulations. The fourth edition of this report delves into the critical trends shaping the industry, offering key insights to help organizations navigate the challenges ahead. From the rising threat of insider attacks and the vulnerabilities within global supply chains to the disruptive potential of quantum computing and the transformative role of artificial intelligence, the stakes have never been higher. At the same time, regulatory frameworks worldwide are becoming more stringent, urging businesses…

Doughnut giant Krispy Kreme has disclosed a cyberattack that happened on 29 November and has led to significant operational disruptions, particularly affecting its online ordering system in parts of the United States. The doughnut chain disclosed the cyberattack in an 8-K filing with the SEC. The company was alerted to unauthorized activity on its information technology systems and has since engaged leading cybersecurity experts to investigate and remediate the situation. Despite the attack, Krispy Kreme’s physical stores remain open globally, and customers can still place orders in person. Daily deliveries to retail and restaurant partners are also uninterrupted. However, the disruption of…

The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking services. The information exposed includes personal details such as email addresses, profile photos, genders, dates of birth, precise geographic locations, links to Facebook accounts, and details on users’ drinking and smoking habits, education levels, occupations, and relationship statuses. This granular data could be exploited for identity theft, fraud, or other malicious activities. The breach, dated 23 November 2024, came to…

Artivion, a prominent manufacturer of heart surgery devices, disclosed a significant ransomware attack that has disrupted its operations. The incident involved the encryption and acquisition of company files, prompting Artivion to take immediate measures to contain the breach. According to a recent Form 8-K filing, Artivion responded swiftly by taking affected systems offline, launching an investigation, and engaging external cybersecurity and legal experts to address the situation. Despite these efforts, the incident has caused delays in order processing, shipping, and some corporate functions. The company stressed that it will continue to deliver products and services to customers, stating that most…

Independent cybersecurity experts Noam Rotem and Ran Locar have exposed a sophisticated cyber operation targeting vulnerabilities in public websites, leading to unauthorized access to sensitive customer data, infrastructure credentials, and proprietary source code. The researchers collaborated with the AWS Fraud team on a customer notification to implement measures aimed at mitigating the impact of this event. They said that although they identified some of the victims of this operation, they have not been included in the report for privacy reasons. They said: “Our investigation has identified the names and contact information of some of the individuals behind this incident. This…

As we unveil the third edition of Information Security Buzz’s 2025 predictions, we are thrilled by the incredible response. In this installment, we dive even deeper into the evolving cybersecurity landscape, where advancements in AI, quantum computing, and cloud technologies intersect with growing vulnerabilities and escalating threats. With insights from industry leaders, this edition delivers a comprehensive look at what’s next for security professionals and businesses worldwide. These 2025 predictions explore critical challenges such as the mass deployment of unsecured AI tools, the urgent need for post-quantum cryptography, and the intensifying focus on SaaS vulnerabilities and insider threats. From nation-state…

As 2025 approaches, the cybersecurity landscape is set to face a new slew of challenges fueled by evolving threats and stringent regulations. According to Kiteworks’ newly released “2025 Forecast for Managing Private Content Exposure Risk” report, there are 12 transformative trends shaping the year ahead, offering entities actionable strategies to protect sensitive data, maintain compliance, and boost operational efficiency in an increasingly complex environment. Urgent Threats and Strategic Imperatives The report clearly shows that cyber threats, particularly those targeting AI systems and software supply chains, are increasingly complex and sophisticated. While offering fantastic opportunities, AI technologies have also become weapons…

The Linux Foundation, in collaboration with the Laboratory for Innovation Science at Harvard, has unveiled a comprehensive study, “Census III of Free and Open Source Software – Application Libraries (Census III).” The report identifies the most widely used free and open-source software (FOSS) as application libraries and highlights the ongoing significance of collaboration within the open-source ecosystem. Drawing on over 12 million observations of FOSS libraries across production applications at more than 10,000 companies, Census III is the most extensive study of its kind to date. It highlights critical trends shaping the open source landscape and offers a detailed examination…

Two critical vulnerabilities (CVE-2024-42448 and CVE-2024-42449) have been identified in Veeam Service Provider Console (VSPC), prompting an urgent call for users to update their systems. According to Veeam’s latest security advisory, the vulnerabilities affect all builds of VSPC versions 7 and 8. The first flaw (CVE-2024-42448) allows for remote code execution (RCE) on the server when exploited by an authorized management agent, carrying a CVSS score of 9.9. The second issue (CVE-2024-42449) exposes the system to NTLM hash leaks and file deletions, with a CVSS score of 7.1. Veeam has confirmed that these vulnerabilities were discovered during internal testing and…

Thanks to the fantastic response we received, we’re excited to continue our exploration of the evolving cybersecurity landscape. As we approach 2025, the challenges and threats facing businesses, governments, and individuals are becoming increasingly complex. Following our initial insights, we reached out to more experts across the technology and cybersecurity fields to delve deeper into the transformative shifts ahead. In this next instalment, we will explore pivotal trends such as the increasing threat of business logic attacks, vulnerabilities in the software supply chain, the evolution of DevSecOps practices, and more. We will also discuss the need for quantum-resilient encryption and…