Researcher Says Patched Commvault Bug Still Exploitable | AI Domination: RSAC 2025 Social Media Roundup

Click here to subscribe to Informationweek.com

Categories: Services | Professionals Business goods Financially Kantoor Marketing Retail Retail Industry Machines Age: 14 until 18 year 19 until 30 year 31 until 64 years

1 month ago

Html
Text

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

May 8, 2025

Signup

Weekly Edition

The latest news and insights for cybersecurity professionals

- The Latest News and Features -

Researcher Says Patched Commvault Bug Still Exploitable‎‎ CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.‎‎ Keep Reading →

AI Domination: RSAC 2025 Social Media Roundup‎‎ Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.‎‎

'Bring Your Own Installer' Attack Targets SentinelOne EDR‎ Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.‎

Despite Arrests, Scattered Spider Continues High-Profile Hacking‎ While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.‎

SANS Top 5: Cyber Has Busted Out of the SOC‎ This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.‎

CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation‎ The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.‎

Play Ransomware Group Used Windows Zero-Day‎ Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.‎

Attackers Ramp Up Efforts Targeting Developer Secrets‎ Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.‎

DR GLOBAL

'Lemon Sandstorm' Underscores Risks to Middle East Infrastructure‎ The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.‎

THE EDGE

The Dark Side of Digital: Breaking the Silence on Youth Mental Health‎ Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about Internet anonymity, mental health, and the growing disconnect between generations.‎

DR TECHNOLOGY

AI Agents Fail in Novel Ways, Put Businesses at Risk‎ Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.‎

- Commentary -

Opinions from thought leaders around the cybersecurity industry

Infrastructure as Code: An IaC Guide to Cloud Security‎ IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.‎

How to Prevent AI Agents From Becoming the Bad Guys‎ When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.‎

More Commentary →

- Upcoming Events -

May 14, 2025

Securing the Software Supply Chain: Managing Third Party Risks

May 15, 2025

Cybersecurity Strategies for Small and Medium-Sized Businesses

Aug 2, 2025

[Conference] Black Hat USA - August 2-7 - Learn More

More Events →

- More Resources -

WHITE PAPER

Rocket Smart Chat for Product Information: Revolutionize product sales and support with the power of GenAI for product information