Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Microsoft’s new AI agents take on phishing, patching, alert fatigue
Microsoft is rolling out a new generation of AI agents in Security Copilot, built to help with some of the most time-consuming security challenges, such as phishing, data protection, and identity management.

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783)
Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections.

Cyber insurance isn’t always what it seems
Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens.

UK NCSC offers security guidance for domain and DNS registrars
The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services.

The hidden costs of security tool bloat and how to fix it
In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security stacks.

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it.

A closer look at The Ultimate Cybersecurity Careers Guide
In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide.

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them).

Review: The Developer’s Playbook for Large Language Model Security
With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications.

If you think you’re immune to phishing attempts, you’re wrong!
Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list of email addresses of his newsletter subscribers.

Malwoverview: First response tool for threat hunting
Malwoverview is an open-source threat hunting tool designed for the initial triage of malware samples, URLs, IP addresses, domains, malware families, IOCs, and hashes.

Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover
Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters.

Finders Keypers: Open-source AWS KMS key usage finder
Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys.

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no have access to (e.g., the web app’s admin panel).

The vCISO Academy: Transforming MSPs and MSSPs into cybersecurity powerhouses
While over 94% of service providers recognize the rising demand for vCISO services, more than 25% of providers report lacking the cybersecurity and compliance expertise needed to offer vCISO services.

Android financial threats: What businesses need to know to protect themselves and their customers
According to ESET research, Android financial threats, targeting banking apps and cryptocurrency wallets, grew by 20% in H2 of 2024 compared to the first half of the year.

Post-quantum cryptography and the future of online safety
In this Help Net Security video, Rebecca Krauthamer, CEO of QuSecure, explores the rising urgency of post-quantum cryptography (PQC) and what organizations must do to prepare.

A CISO’s guide to securing AI models
To safeguard ML models from emerging threats, CISOs should implement a comprehensive and proactive approach that integrates security from their release to ongoing operation.

How AI agents could undermine computing infrastructure security
In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks.

Spring clean your security data: The case for cybersecurity data hygiene
Spring cleaning isn’t just for your closets; security teams should take the same approach to their security operations data, where years of unchecked log growth have created a bloated, inefficient and costly mess.

Hottest cybersecurity open-source tools of the month: March 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.

OT systems are strategic targets in global power struggles
Compared to 2023, 2024 saw a smaller increase in cyberattacks that caused physical consequences on OT organizations, according to Waterfall Security.

Cloud providers aren’t delivering on security promises
Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf.

China-linked FamousSparrow APT group resurfaces with enhanced capabilities
ESET investigated suspicious activity on the network of a trade group in the United States that operates in the financial sector.

Enemies with benefits: RansomHub and rival gangs share EDRKillShifter tool
ESET researchers have published an in-depth analysis highlighting significant shifts within the ransomware landscape, spotlighting the rise of RansomHub.

How does your data end up on the dark web?
The dark web is a hidden corner of the internet where people can remain anonymous. It’s often confused with the deep web, but they’re not quite the same thing.

Protecting your personal information from data brokers
How aware are you that your personal information could be bought and sold without your consent—and that there are companies whose entire business model revolves around this?

How to manage and protect your biometric data
As biometric data becomes an integral part of our lives, we must remain informed and cautious about how this sensitive information is collected.

Cybersecurity jobs available right now: March 25, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

Whitepaper: Voice of Security 2025
Discover insights from 900 security leaders across the globe in IDC’s Voice of Security 2025 survey, sponsored by Tines in partnership with AWS.

Report: Fortune 500 employee-linked account exposure
According to data analyzed by the Enzoic research team, over the past three years of 2022, 2023, and 2024, more than three million employee-linked accounts became newly compromised by cybercriminals.

Infosec products of the month: March 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight Technologies, Outpost24, Palo Alto Networks, Pondurance, Red Canary, SailPoint, SimSpace, Sonatype, Sumsub, and TXOne Networks.