Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public

Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs
MITRE has released the latest version of its ATT&CK framework, which now also includes a new section (“matrix”) to cover the tactics, techniques and procedures (TTPs) used to target VMware ESXi hypervisors.

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)
There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week.

54% of tech hiring managers expect layoffs in 2025
54% of tech hiring managers say their companies are likely to conduct layoffs within the next year, and 45% say employees whose roles can be replaced by AI are most likely to be let go, according to a new study by General Assembly.

Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been upgraded to patch a critical vulnerability (CVE-2025-34028) that could allow unauthenticated remote code execution.

The legal blind spot of shadow IT
Shadow IT isn’t just a security risk, it’s a legal one. When teams use unsanctioned tools, they can trigger compliance violations, expose sensitive data, or break contracts.

Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024.

Review: Artificial Intelligence for Cybersecurity
Artificial Intelligence for Cybersecurity is a practical guide to how AI and machine learning are changing the way we defend digital systems.

Attackers phish OAuth codes, take over Microsoft 365 accounts
Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts.

Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and others).

SWE-agent: Open-source tool uses LLMs to fix issues in GitHub repositories
By connecting powerful language models like GPT-4o and Claude Sonnet 3.5 to real-world tools, the open-source tool SWE-agent allows them to autonomously perform complex tasks: from fixing bugs in live GitHub repositories and solving cybersecurity challenges, to browsing the web or executing custom workflows.

Coaching AI agents: Why your next security hire might be an algorithm
Security teams are drowning in alerts. The sheer volume of threats, suspicious activity, and false positives makes it nearly impossible for analysts to investigate everything effectively. Enter agentic AI, capable of completing hundreds of tasks simultaneously without tiring.

Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
Hawk Eye is an open-source tool that helps find sensitive data before it leaks.

When confusion becomes a weapon: How cybercriminals exploit economic turmoil
We’ve entered a dangerous feedback loop where financial instability doesn’t just shake the market; it shakes our ability to make clear decisions.

2025 Data Breach Investigations Report: Third-party breaches double
The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%, according to Verizon’s 2025 Data Breach Investigations Report.

Cybercriminals blend AI and social engineering to bypass detection
Attackers are focusing more on stealing identities. Because of this, companies need to use zero trust principles. They should also verify user identities more carefully, says DirectDefense.

Why CISOs are watching the GenAI supply chain shift closely
In supply chain operations, GenAI is gaining traction. But according to Logility’s Supply Chain Horizons 2025 report, many security leaders remain uneasy about what that means for data protection, legacy tech, and trust in automation.

Phishing emails delivering infostealers surge 84%
Cybercriminals continued to shift to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined, according to IBM.

Cyber threats now a daily reality for one in three businesses
Businesses are losing out on an average of $98.5 million a year as a consequence of cyber threats, fraud, regulatory hurdles and operational inefficiencies, according to research from FIS and Oxford Economics.

A new era of cyber threats is approaching for the energy sector
Cyber threats targeting the energy sector come in many forms, including state-sponsored actors seeking to disrupt national infrastructure, cybercriminals motivated by profit, and insiders intentionally causing damage.

Cybersecurity jobs available right now: April 23, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

The dark side of YouTube: Malicious links, phishing, and deepfakes
With billions of users, YouTube has become a tempting target for cybercriminals.

Top must-visit companies at RSAC 2025
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product demos, and nonstop buzz, navigating RSAC can be overwhelming. That’s why we’ve done the legwork to highlight the standout companies you won’t want to miss.

Email authentication simplified: How PowerDMARC makes DMARC effortless
PowerDMARC helps organizations roll out DMARC the right way. They aim to make the setup simple, even for complex environments.

Skyhawk Security brings preemptive cloud app defense to RSAC 2025
Skyhawk Security is adding new protection for custom-built cloud applications. The company announced the update to its AI-powered Autonomous Purple Team for RSAC 2025 Conference, which starts April 28 in San Francisco.

Exposed and unaware: The state of enterprise security in 2025
The Edgescan 2025 Vulnerability Statistics Report offers a data-rich snapshot of the global cybersecurity landscape, drawing from thousands of assessments and penetration tests conducted in 2024.

New infosec products of the week: April 25, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode.



Source link