Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Attackers are probing Palo Alto Networks GlobalProtect portals
Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise.

April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft
Microsoft is continuing to build on their AI cybersecurity strategy and this month announced the introduction of new agents in Microsoft Security Copilot. They are introducing agents for phishing triage, alert triage for data loss prevention and insider risk management, conditional access optimization, vulnerability remediation, and threat intelligence briefing.

Forward-thinking CISOs are shining a light on shadow IT
In this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks of shadow IT.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x.

Building a cybersecurity strategy that survives disruption
Cybersecurity used to focus primarily on prevention. But in today’s environment, that’s not enough. That’s where cyber resilience comes in.

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)
CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog.

Review: Zero to Engineer
Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree.

Phishers are increasingly impersonating electronic toll collection companies
Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed.

Balancing data protection and clinical usability in healthcare
In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target.

Google is making sending end-to-end encrypted emails easy
Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday.

BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework
BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable.

North Korean IT workers set their sights on European organizations
North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe.

Why global tensions are a cybersecurity problem for every business
With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive.

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code.

Generative AI is reshaping financial fraud. Can security keep up?
In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies.

CISA reveals new malware variant used on compromised Ivanti Connect Secure devices
CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day.

Exegol: Open-source hacking environment
Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely.

Windows 11 quick machine recovery: Restoring devices with boot issues
Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024.

7 ways to get C-suite buy-in on that new cybersecurity tool
Convincing leadership, especially those more attuned to balance sheets than breach reports, can feel like selling a Wi-Fi router to someone without any internet connection. Securing buy-in is not just a technical challenge. It’s a game of strategy, storytelling, and persuasion.

Inside the AI-driven threat landscape
In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers

How to map and manage your cyber attack surface with EASM
Security specialists generally define the attack surface as the sum of all possible points in a system or network where attacks can be launched against. In other words, it can be described as the sum of all potential attack vectors

GenAI turning employees into unintentional insider threats
The amount of data being shared by businesses with GenAI apps has exploded, increasing 30x in one year, according to Netskope.

How to build an effective cybersecurity simulation
What should organizations actively do to make these simulations as real and valuable as possible?

Only 2-5% of application security alerts require immediate action
The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security.

Two things you need in place to successfully adopt AI
Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk.

Building a reasonable cyber defense program
In this article, we’ll identify and discuss several policy elements you can incorporate into your cybersecurity program that meet the standard of reasonableness.

Connected cars drive into a cybersecurity crisis
The very fact that someone can hack a vehicle and take control of it is terrifying, turning scenarios from movies into reality.

Your smart home may not be as secure as you think
In this article, we explore the security challenges of smart IoT devices in the home, potential threats like hacking and privacy breaches, and measures users can take to ensure the security of their connected devices.

The human side of insider threats: People, pressure, and payback
While cybercriminals are often in the spotlight, one of the most dangerous threats to your company might be hiding in plain sight, within your own team.

How to recognize and prevent deepfake scams
Deepfakes are a type of synthetic media created using AI and machine learning. In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened.

Cybersecurity jobs available right now: April 1, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: April 4, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam.