{"id":19241,"date":"2025-05-01T15:18:11","date_gmt":"2025-05-01T13:18:11","guid":{"rendered":"https:\/\/kordon.app\/?p=19241"},"modified":"2025-05-01T15:18:12","modified_gmt":"2025-05-01T13:18:12","slug":"14-cyber-security-news-worth-your-attention-from-last-week-of-april","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/14-cyber-security-news-worth-your-attention-from-last-week-of-april\/","title":{"rendered":"14 Cyber Security News Worth Your Attention from Last Week of April"},"content":{"rendered":"<p><em>As I do every week, I spent a few hours reviewing 17 cyber security news portals, handpicking the <strong>most interesting articles from the last week of April and summarizing them\u2014so you can quickly catch up on only the most interesting cyber news.<\/strong><\/em><\/p>\n\n\n\n<p><em>This week, I\u2019ve also included <strong>two long-form articles \u2014 not breaking news, but thoughtful deep dives I found especially insightful.<\/strong> Consider them this week\u2019s recommended reads if you want to go beyond the headlines.<\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. AI Code Hallucinations Increase the Risk of &#8216;Package Confusion&#8217; Attacks<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~1,350 words | <strong>Estimated reading time<\/strong>: 6\u20137 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Summary <\/strong>AI coding assistants are increasingly generating fake software package names, making it easier for attackers to carry out <em>package confusion<\/em> attacks that insert malicious code into legitimate apps. Researchers found that nearly 20% of AI-generated code dependencies pointed to non-existent libraries\u2014creating a repeatable vulnerability that could poison the software supply chain as AI-generated code becomes the norm.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A study of 576,000 AI-generated code samples found <strong>440,000 references to fake packages<\/strong> (19.7% of dependencies).<\/li>\n\n\n\n<li><strong>Many hallucinated package names appeared<\/strong> <strong>repeatedly<\/strong>, <strong>meaning attackers can predict them and create malicious packages that get pulled into real software.<\/strong><\/li>\n\n\n\n<li>Open-source models hallucinated more (21%) than commercial models (5%)<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforce package verification<\/strong>: Require developers to manually verify all AI-suggested dependencies before using them.<\/li>\n\n\n\n<li><strong>Use private package registries<\/strong>: Limit dependency sources to trusted, internally managed repositories.<\/li>\n\n\n\n<li><strong>Monitor for repeated hallucination patterns<\/strong>: Identify frequently hallucinated package names that could become prime targets for attackers.<\/li>\n<\/ul>\n\n\n\n<p>Read more on <a href=\"https:\/\/www.wired.com\/story\/ai-code-hallucinations-increase-the-risk-of-package-confusion-attacks\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Wired<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. <strong>Employee Monitoring App Leaks 21 Million Screenshots in Real Time<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~500 words | <strong>Estimated reading time<\/strong>: 2-3 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Summary <\/strong>The WorkComposer employee monitoring app accidentally exposed over <strong>21 million real-time screenshots<\/strong> of workers\u2019 devices on the open web. These images included emails, chats, passwords, and sensitive business data. The breach highlights how surveillance tools, meant to track productivity, can turn into major security and privacy risks\u2014impacting both company security and employee rights. <strong>Cybernews contacted the company, and access has now been secured.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The leak stemmed from an <strong>unsecured Amazon S3 bucket<\/strong>, making the data accessible to anyone online.<\/li>\n\n\n\n<li>Some screenshots captured <strong>login pages, API keys, and financial documents<\/strong>, increasing the risk of fraud and corporate espionage.<\/li>\n\n\n\n<li>The <strong>real-time nature<\/strong> of the breach allowed attackers to potentially monitor unfolding business activities.<\/li>\n\n\n\n<li>WorkComposer\u2019s case follows a pattern: other apps like WebWork have leaked millions of employee screenshots in previous incidents.<\/li>\n<\/ul>\n\n\n\n<p>Read more on <a href=\"https:\/\/cybernews.com\/security\/employee-monitoring-app-leaks-millions-screenshots\/\" target=\"_blank\" rel=\"noopener\" title=\"Cybernews\">Cybernews<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. <strong>AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~3,000 words | <strong>Estimated reading time<\/strong>: 12\u201314 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">Oligo Security revealed <em>AirBorne<\/em>, a set of 23 vulnerabilities in Apple\u2019s AirPlay protocol and SDK, allowing attackers to take over Apple and third-party devices through zero-click and wormable remote code execution (RCE) attacks. <strong>Apple has patched all affected devices and software<\/strong>, but the larger risk lies with <strong>tens of millions of third-party speakers, TVs, and CarPlay devices<\/strong> that support AirPlay and are often updated less reliably, leaving a massive attack surface exposed.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AirBorne flaws allow attackers to escalate from local network access to <strong>device takeover and malware propagation<\/strong>.<\/li>\n\n\n\n<li>Two CVEs (2025-24252, 2025-24132) can be combined to create <strong>wormable exploits<\/strong> requiring no user interaction.<\/li>\n\n\n\n<li>Vulnerabilities span Macs, iPhones, CarPlay systems, and AirPlay SDK-powered IoT devices.<\/li>\n\n\n\n<li>Some attack paths allow <strong>eavesdropping, device hijacking, and even remote logout of users<\/strong> in corporate environments.<\/li>\n\n\n\n<li>Oligo\u2019s responsible disclosure led to 17 CVEs and broad collaboration with Apple\u2019s security team.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Update Apple devices immediately<\/strong><\/li>\n\n\n\n<li><strong>Audit third-party AirPlay devices<\/strong>: Identify and assess risk from third-party AirPlay-enabled hardware, especially in business environments.<\/li>\n\n\n\n<li><strong>Restrict AirPlay access<\/strong> where it&#8217;s not needed<\/li>\n<\/ul>\n\n\n\n<p>Read more and get the CVE info at <a href=\"https:\/\/www.oligo.security\/blog\/airborne\" target=\"_blank\" rel=\"noopener\" title=\"\">oligo.security<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. <strong>Scattered Spider Suspected in Major M&amp;S Cyberattack<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~600 words | <strong>Estimated reading time<\/strong>: ~3 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">British retailer Marks &amp; Spencer (M&amp;S) suffered a major cyberattack linked to the <strong><em>Scattered Spider<\/em> group\u2014the same hackers behind the high-profile 2023 MGM Resorts breach.<\/strong> The attack disrupted payments, online orders, and supply chains, <strong>wiping \u00a3650 million from M&amp;S\u2019s market value.<\/strong> Investigators believe <strong>the attackers gained access months earlier,<\/strong> underscoring how long-term, stealthy intrusions can escalate into crippling ransomware attacks.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Hackers allegedly stole M&amp;S\u2019s <strong>NTDS.dit<\/strong> (Active Directory database) as early as February, enabling password cracking and lateral movement.<\/li>\n\n\n\n<li>The <strong>DragonForce encryptor<\/strong> was used against VMware ESXi hosts, consistent with ransomware tactics.<\/li>\n\n\n\n<li>Service outages included <strong>contactless payment failures, halted Click &amp; Collect orders, and paused online sales<\/strong>. Customers also reported <strong>empty shelves and stock shortages<\/strong>, suggesting supply chain disruptions.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Segment critical systems<\/strong>: Limit lateral movement by isolating different systems.<\/li>\n\n\n\n<li><strong>Review incident response plans<\/strong> to account for dwell-time threats where attackers remain undetected for months before launching ransomware.<\/li>\n<\/ul>\n\n\n\n<p>Read more at <a href=\"https:\/\/hackread.com\/scattered-spider-suspected-in-major-ms-cyberattack\/\" target=\"_blank\" rel=\"noopener\" title=\"\">HackRea<\/a>d<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. <strong>UK Bans SIM Farms to Tackle Telecoms Crime and Cyber Fraud<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~900 + 670 words | <strong>Estimated reading time<\/strong>: 5\u20136 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">The UK has become <strong>the first country in Europe to ban the supply and possession of SIM farms<\/strong>\u2014devices that allow criminals to automate scam texts and fraud at scale. The new law makes it illegal to use, possess, or supply SIM farms without a legitimate reason, with offenders facing <strong>fines without a upper limit in England and Wales<\/strong>, and up to \u00a35,000 in Scotland and Northern Ireland. <strong>Previously, only fraudulent activity itself was illegal, leaving a loophole for owning or selling SIM farms.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fraud rose 19% last year and now accounts for over 40% of reported crime in England and Wales.<\/li>\n\n\n\n<li>Vodafone UK blocked <strong>over one billion scam messages<\/strong> since 2023, including 73.5 million in early 2025.<\/li>\n<\/ul>\n\n\n\n<p>Read more from <a href=\"https:\/\/cybermagazine.com\/network-security\/uk-bans-sim-farms-as-vodafone-blocks-73-5m-scam-texts\" target=\"_blank\" rel=\"noopener\" title=\"\">Cyber Magazine<\/a> ja <a href=\"https:\/\/www.gov.uk\/government\/news\/major-step-for-fraud-prevention-with-landmark-ban-on-sim-farms\" target=\"_blank\" rel=\"noopener\" title=\"UK Gov\">UK Gov<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. <strong>WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors<\/strong><br><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~1,200 words | <strong>Estimated reading time<\/strong>: 5\u20136 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">A large-scale phishing campaign is tricking WooCommerce and WordPress users into installing a fake security patch that deploys a backdoor and hidden admin accounts. The attack stands out for its <strong>massive scale and evolved social engineering tactics<\/strong>, including convincing fake CVE alerts and cloned websites. The malware gives attackers full control over compromised sites and reflects a growing sophistication in WordPress-targeted campaigns.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attackers use phishing emails and a spoofed WooCommerce website to distribute the malicious plugin.<\/li>\n\n\n\n<li>The fake patch creates hidden administrator accounts and installs web shells for remote control.<\/li>\n\n\n\n<li>Malware hides itself and can turn sites into botnets, ad servers, or ransomware targets.<\/li>\n<\/ul>\n\n\n\n<p>Read more from <a href=\"https:\/\/patchstack.com\/articles\/fake-cve-phishing-campaign-tricks-wordpress-users-to-install-malware\/\" title=\"\">Patchstack<\/a> ja <a href=\"https:\/\/thehackernews.com\/2025\/04\/woocommerce-users-targeted-by-fake.html\" target=\"_blank\" rel=\"noopener\" title=\"\">The Hacker News<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">7. <strong>Indian Court Orders Action to Block Proton Mail Over AI Deepfake Abuse Allegations<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~800 words |\u00a0<strong>Estimated reading time<\/strong>: 3\u20134 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">A court in India has ordered the government to block Proton Mail after it was allegedly used to send abusive emails containing AI-generated deepfakes. The case highlights growing pressure on encrypted services over misuse concerns. However, Proton Mail remains accessible because the court order requires the government to initiate a blocking process under Section 69A of India\u2019s IT Act, which has not yet been completed.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Under\u00a0<strong>Swiss law<\/strong>, Proton Mail is\u00a0<strong>forbidden<\/strong>\u00a0from responding directly to requests from foreign governments (like India).<\/li>\n\n\n\n<li><strong>For the block to take full effect, <\/strong>India would need to submit a request through Swiss authorities, who would then instruct Proton Mail if approved.<\/li>\n\n\n\n<li><strong>There is no public evidence that India has successfully used this process with Proton Mail in previous cases,<\/strong> including a 2024 bomb threat incident \u2014 suggesting it is unlikely to proceed successfully now.<\/li>\n<\/ul>\n\n\n\n<p>Read more on <a href=\"https:\/\/thehackernews.com\/2025\/04\/indian-court-orders-action-to-block.html\" title=\"\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Meta Launches LlamaFirewall Framework to Stop AI Jailbreaks, Injections, and Insecure Code<\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~400 words |\u00a0<strong>Estimated reading time<\/strong>: ~2 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">Meta has launched\u00a0<em>LlamaFirewall<\/em>, an open-source framework that helps developers secure AI applications from prompt injection, jailbreaks, and insecure code generation. Developers can integrate LlamaFirewall into their apps to\u00a0<strong>scan user inputs before sending them to the AI model and review outputs before delivering them to users<\/strong>. The tools provide real-time checks for prompt attacks, hijacked goals, and unsafe code, reflecting growing industry concern about LLM security.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Three main tools<\/strong>: PromptGuard 2 (blocks prompt injections), Agent Alignment Checks (detects goal hijacking), and CodeShield (prevents unsafe code output).<\/li>\n\n\n\n<li>Available for everyone<\/li>\n<\/ul>\n\n\n\n<p>Read more from <a href=\"https:\/\/thehackernews.com\/2025\/04\/meta-launches-llamafirewall-framework.html\" target=\"_blank\" rel=\"noopener\" title=\"\">The Hacker News<\/a>, and <a href=\"https:\/\/www.llama.com\/llama-protections\/\" title=\"\">Meta<\/a> and more from <a href=\"https:\/\/ai.meta.com\/blog\/ai-defenders-program-llama-protection-tools\/\" title=\"Meta\">Meta<\/a> <\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. <strong>&#8216;Digital Twins&#8217; Bring Simulated Security to the Real World<\/strong><\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~620 words | <strong>Estimated reading time<\/strong>: 3 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Security teams are using digital twins<\/strong>\u2014virtual copies of real-world systems\u2014t<strong>o simulate attacks, test patches, and assess risks without touching production environments<\/strong>. Companies like Trellix and Backslash Security apply this approach to model attacker behavior, triage alerts, and test software changes safely.<\/pre>\n\n\n\n<p>Read more from <a href=\"https:\/\/www.darkreading.com\/endpoint-security\/digital-twins-bring-simulated-security-real-world\" target=\"_blank\" rel=\"noopener\" title=\"Dark Reading\">Dark Reading<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Tech Giants Propose Standard for End-of-Life Security Disclosures<\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~610 words |\u00a0<strong>Estimated reading time<\/strong>: 3 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">A coalition of major tech companies \u2014 including <strong>Cisco, Microsoft, Dell, IBM, Oracle, and Red Hat<\/strong> \u2014 has introduced the draft\u00a0<em>OpenEoX<\/em>\u00a0<strong>standard to streamline how vendors disclose end-of-life (EoL) information for software and hardware<\/strong>. The proposal aims to address inconsistent, hard-to-track EoL notices that increase security risks by leaving organizations unaware of when products stop receiving patches or support.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The OpenEoX framework creates a\u00a0<strong>shared, machine-readable data format<\/strong>\u00a0for EoL notices.<\/li>\n\n\n\n<li>It defines four lifecycle checkpoints: General Availability, End of Sales, End of Security Support, and End of Life.<\/li>\n\n\n\n<li>The data format can be integrated into\u00a0<strong>SBOMs, security advisories, and supply chain tools<\/strong>.<\/li>\n\n\n\n<li>The coalition seeks public feedback before pushing the draft toward a full OASIS technical standard.<\/li>\n<\/ul>\n\n\n\n<p>Read more at <a href=\"https:\/\/www.securityweek.com\/tech-giants-propose-standard-for-end-of-life-security-disclosures\/\" title=\"\">Security Week<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. China\u2019s Secret Weapon? How EV Batteries Could Be Weaponized to Disrupt America<\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~2,290 words |\u00a0<strong>Estimated reading time<\/strong>: 10\u201311 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">Security experts warn that Chinese-made EV batteries\u2014widely used in vehicles, infrastructure, and the US power grid\u2014could serve as tools for espionage, data collection, or even sabotage. <strong>Batteries manufactured by CATL, the world\u2019s largest battery maker, have been found to include cloud-connected management systems<\/strong> that could allow remote access or data exfiltration. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CATL supplies nearly 40% of the global EV market<\/strong>, including batteries for <strong>Tesla<\/strong>, <strong>BMW<\/strong>, <strong>Ford<\/strong>, and the <strong>US energy grid.<\/strong><\/li>\n\n\n\n<li>Security researchers confirmed <strong>CATL\u2019s battery management systems connect to the CATL cloud, <\/strong>enabling two-way communication.<\/li>\n\n\n\n<li>Risks include\u00a0<strong>data collection<\/strong>,\u00a0<strong>remote shutdown or disruption<\/strong>, and\u00a0<strong>potential for malware delivery<\/strong>.<\/li>\n\n\n\n<li>Similar patterns seen with other Chinese technology firms, echoing national security concerns around Huawei.<\/li>\n\n\n\n<li>US military and critical infrastructure operators have already begun removing some CATL battery systems.<\/li>\n<\/ul>\n\n\n\n<p>Read more at <a href=\"https:\/\/www.securityweek.com\/chinas-secret-weapon-how-ev-batteries-could-be-weaponized-to-disrupt-america\/\" title=\"\">Security Week<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">12. Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense<\/h2>\n\n\n\n<p><strong>Word count<\/strong>: ~820 words |\u00a0<strong>Estimated reading time<\/strong>: 3\u20134 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">Researchers have revealed that the Model Context Protocol <strong>(MCP) \u2014 a framework that lets AI models connect to external tools and data sources and take actions on behalf of users<\/strong> \u2014 can be both a powerful feature and <strong>a serious security risk.<\/strong> <br><br>By sneaking malicious instructions into things like emails or tool descriptions, <strong>attackers can trick AI models into doing harmful tasks, such as forwarding sensitive emails or running unauthorized actions. <\/strong><br><br>Interestingly, <strong>the same technique can also be flipped for good,<\/strong> letting defenders use prompt injection to monitor or block risky AI behavior.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Typical kill chain<\/strong>: attacker hides instruction \u2192 AI reads it \u2192 AI activates a connected tool via MCP \u2192 action occurs (e.g., forwarding sensitive data).<\/li>\n<\/ul>\n\n\n\n<p>Read more at <a href=\"https:\/\/thehackernews.com\/2025\/04\/experts-uncover-critical-mcp-and-a2a.html\" target=\"_blank\" rel=\"noopener\" title=\"\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\"><mark style=\"background-color:#8ed1fc\" class=\"has-inline-color\">Long form Articles that are Worth the Time <\/mark><\/h2>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"574\" src=\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading-1024x574.png\" alt=\"\" class=\"wp-image-19269\" srcset=\"https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading-1024x574.png 1024w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading-600x336.png 600w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading-768x430.png 768w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading-18x10.png 18w, https:\/\/kordon.app\/wp-content\/uploads\/2025\/05\/A-guy-reading.png 1456w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h5 class=\"wp-block-heading\">1. <em>Microsoft Claims Steady Progress Revamping Security Culture<\/em>\u00a0(Dark Reading, April 2025) <\/h5>\n\n\n\n<p><strong>Word count<\/strong>: ~2,030 words |\u00a0<strong>Estimated reading time<\/strong>: 8\u20139 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">The article offers a <strong>rare inside look<\/strong> at how one of <strong>the world\u2019s largest tech companies<\/strong> is tackling the\u00a0<strong><em>hardest challenge in security today: cultural change<\/em>.<\/strong><br><br>If you\u2019re working on shifting from \"compliance-driven\" to \"culture-driven\" security or need real-world examples to support that strategy, this read is worth the time.<br><br><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/microsoft-steady-progress-revamp-security-culture\" target=\"_blank\" rel=\"noopener\" title=\"Read more\">Read more<\/a><\/pre>\n\n\n\n<h5 class=\"wp-block-heading\">2. <em>The Tech That Safeguards the Conclave\u2019s Secrecy<\/em>&nbsp;(WIRED, April 23, 2025)<\/h5>\n\n\n\n<p><strong>Word count<\/strong>: ~980 words |&nbsp;<strong>Estimated reading time<\/strong>: 4 minutes<\/p>\n\n\n\n<pre class=\"wp-block-verse\">The piece in Wired offers a <strong>fascinating glimpse into how the Vatican blends physical security and counter-surveillance technology to protect<\/strong> one of the world\u2019s most sensitive decision-making processes \u2014 the papal conclave. It\u2019s a thought-provoking case study in\u00a0layered security, insider threat prevention, and controlling information flows in high-risk environments.\u00a0<br><br>Read more on <a href=\"https:\/\/www.wired.com\/story\/technology-used-to-shield-conclave-pope-francis\/\" target=\"_blank\" rel=\"noopener\" title=\"\">Wired<\/a>. <\/pre>\n\n\n\n<p><\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>I spent a few hours reviewing 17 cyber security news portals, handpicking the most interesting cyber securityu news from the last week of April and summarizing them\u2014so you can quickly catch up on only the most interesting cyber news.<\/p>","protected":false},"author":1,"featured_media":19276,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,26],"tags":[],"class_list":["post-19241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19241","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=19241"}],"version-history":[{"count":35,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19241\/revisions"}],"predecessor-version":[{"id":19278,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19241\/revisions\/19278"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/19276"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=19241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=19241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=19241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}