Kirsten Doyle

As we unveil the third edition of Information Security Buzz’s 2025 predictions, we are thrilled by the incredible response. In this installment, we dive even deeper into the evolving cybersecurity landscape, where advancements in AI, quantum computing, and cloud technologies intersect with growing vulnerabilities and escalating threats. With insights from industry leaders, this edition delivers a comprehensive look at what’s next for security professionals and businesses worldwide. These 2025 predictions explore critical challenges such as the mass deployment of unsecured AI tools, the urgent need for post-quantum cryptography, and the intensifying focus on SaaS vulnerabilities and insider threats. From nation-state…

As 2025 approaches, the cybersecurity landscape is set to face a new slew of challenges fueled by evolving threats and stringent regulations. According to Kiteworks’ newly released “2025 Forecast for Managing Private Content Exposure Risk” report, there are 12 transformative trends shaping the year ahead, offering entities actionable strategies to protect sensitive data, maintain compliance, and boost operational efficiency in an increasingly complex environment. Urgent Threats and Strategic Imperatives The report clearly shows that cyber threats, particularly those targeting AI systems and software supply chains, are increasingly complex and sophisticated. While offering fantastic opportunities, AI technologies have also become weapons…

The Linux Foundation, in collaboration with the Laboratory for Innovation Science at Harvard, has unveiled a comprehensive study, “Census III of Free and Open Source Software – Application Libraries (Census III).” The report identifies the most widely used free and open-source software (FOSS) as application libraries and highlights the ongoing significance of collaboration within the open-source ecosystem. Drawing on over 12 million observations of FOSS libraries across production applications at more than 10,000 companies, Census III is the most extensive study of its kind to date. It highlights critical trends shaping the open source landscape and offers a detailed examination…

Two critical vulnerabilities (CVE-2024-42448 and CVE-2024-42449) have been identified in Veeam Service Provider Console (VSPC), prompting an urgent call for users to update their systems. According to Veeam’s latest security advisory, the vulnerabilities affect all builds of VSPC versions 7 and 8. The first flaw (CVE-2024-42448) allows for remote code execution (RCE) on the server when exploited by an authorized management agent, carrying a CVSS score of 9.9. The second issue (CVE-2024-42449) exposes the system to NTLM hash leaks and file deletions, with a CVSS score of 7.1. Veeam has confirmed that these vulnerabilities were discovered during internal testing and…

Thanks to the fantastic response we received, we’re excited to continue our exploration of the evolving cybersecurity landscape. As we approach 2025, the challenges and threats facing businesses, governments, and individuals are becoming increasingly complex. Following our initial insights, we reached out to more experts across the technology and cybersecurity fields to delve deeper into the transformative shifts ahead. In this next instalment, we will explore pivotal trends such as the increasing threat of business logic attacks, vulnerabilities in the software supply chain, the evolution of DevSecOps practices, and more. We will also discuss the need for quantum-resilient encryption and…

As Black Friday approaches, shoppers eagerly hunt for bargains online, but so do malicious actors. Cyber criminals are like pick-pockets, they go where the crowds are, so this high-traffic shopping season presents a smorgasbord of opportunities for malefactors to exploit vulnerabilities, from phishing scams to fake retail websites. With digital transactions expected to skyrocket, staying vigilant is essential to protect your personal information and hard-earned money. This article will look at practical tips to help you navigate the online shopping frenzy securely, avoid common traps, and protect your data during one of the busiest retail events of the year. Don’t…

Check Point Research has discovered that cybercriminals are exploiting the popular Godot Engine to spread malware, bypassing detection by nearly all antivirus solutions. The new technique uses Godot’s scripting language, GDScript, to deliver malicious payloads through a loader dubbed “GodLoader,” which has infected over 17,000 devices since June 2024. New Threat Vector in Gaming Development Godot Engine, an open-source platform for developing 2D and 3D games, is known for its flexibility and multi-platform capabilities. Its scripting language, GDScript, has become a tool for threat actors to execute malicious commands. Check Point says this method remains undetected by most antivirus engines,…

The Matrix botnet is expanding at an alarming rate, with nearly 35 million devices currently vulnerable to compromise. Researchers from Aqua Nautilus who uncovered the threat, warn that even a fraction of these devices falling into the botnet’s control could result in a massive surge in scale, posing significant risks to global cybersecurity infrastructure. If only 1% of these devices are breached, Matrix could control 350,000 endpoints. A compromise rate of 5% could result in 1.7 million devices—a figure comparable to some of history’s largest distributed denial-of-service (DDoS) campaigns. This would position Matrix as a formidable threat capable of orchestrating…

In a concerning trend that has emerged in recent months, Perception Point has observed threat actors exploiting URL rewriting, a security feature designed to protect users from malicious links in emails. By manipulating the rewritten URLs, malefactors are able to hide phishing links behind trusted domains, evading detection and making it increasingly difficult for security measures to protect users. URL rewriting, which is implemented by email security vendors to replace original URLs with modified ones that are first scanned for threats, has been a key tool in the fight against phishing. However, cybercriminals have now found a way to weaponize…

As the digital landscape evolves, so do the threats and challenges defining cybersecurity. With 2025 around the corner, ISB reached out to several experts to forecast transformative shifts in how businesses, governments, and individuals protect themselves against increasingly sophisticated cyberattacks. Information Security Buzz reached out to leading experts across the technology and cybersecurity spectrum to gain insight into what lies ahead. Regulatory pressures, the rise of Zero Trust as a cornerstone of AI-driven enterprises, and the looming complexities of autonomous hacking, the perspectives shared a glimpse into a future brimming with both opportunity and risk. We had such an overwhelming…