Newsletter

Cybersecurity Decrypted: March 19 – 27 2025

Last updated on Apr 3, 2025
Joel Witts
Laura Iannini
Written by Joel Witts Technical Review by Laura Iannini
Decrypted Cover
This article will cover

Welcome back to Cybersecurity Decrypted, your weekly breakdown of the top cybersecurity industry news.

In this week’s issue:

  • 🇺🇸 New research shows the scale of US Gov data breaches
  • 🐶 Security vulnerabilities found in… robot dogs?
  • 🌐 Big news from Cloudflare
  • 🌎 Our top takeaways from ESET World 2025

You can listen to Decrypted every week in your favorite podcast app. Subscribe here.

📰 Top Stories

  • 75% of US government departments and agency websites have suffered data breaches, with 53.7% scoring a ‘D’ or worse for cybersecurity according to research this week. 🔗
  • AI will make it even easier to automate credential theft, with the time taken to take over accounts being reduced by 50% according to new Gartner research. 🔗
  • The Trump administration wants state and local government agencies to play a bigger role in protecting critical infrastructure against cyberattacks, outlined in a new executive order. 🔗
  • A new cybercrime platform dubbed ‘Atlantis AIO’ is offering ‘automated’ credential stuffing services targeting 140 online platforms including email services, e-commerce sites, and VPNs, says Abnormal Security. 🔗
  • Browser-based phishing attacks surged by 140% last year, with over 750,000 incidents identified, according to Menlo Security threat research. AI is likely to have been a key contributor. 🔗

💡 Insights From ESET World

Our reporter Caitlin Harris has been in Las Vegas this week at ESET World. 

  • Our reporter Caitlin Harris has been at ESET World this week, covering thought leadership on AI in cybersecurity, the latest in detection and response, and compliance. We’ve recapped the unmissable top takeaways – and what it all means for your business: ESET World 2025: Key Takeaways
  • 🎙️Don’t miss our latest podcast with threat intelligence researcher Robert Lipovsky, and leading security evangelist Tony Anscombe, recorded live at ESET World.

📡 Threat Watch

  • Over the last year there has been a 6.5% increase in cyber-attacks targeting third-party vulnerabilities, accounting for 35.5% of all breaches, according to SecurityScorecard research. 🔗
  • CISA has issued a warning for US federal agents to secure against a high-severity vulnerability in NAKIVO’s backup software that would allow attackers to read arbitrary files. (CVE-2024-48248🔗
  • Bad dog? China-built robot dogs have been shipped with a pre-installed remote access tunnel, enabling full remote control and potential network access according to security researchers. The robots are used in academic, corporate, and defense environments. 🔗
  • New methods to ‘jailbreak’ LLMs have been identified by Cato Network threat researchers. Researchers were able to trick GenAI tools into generating malware via ‘narrative engineering’ – essentially asking the GenAI platform to play a role with assigned tasks and challenges.  🔗
  • Traditional secure email gateways miss an average of 67.5 phishing emails per 100 mailboxes every month, according to new research from IRONSCAES. 🔗

🚨 Industry News

  • Cloudflare has closed all HTTP ports on api.cloudflare.com and now only accepts secure encrypted HTTPS connections– preventing sensitive information being accidentally exposed. 🔗
  • Microsoft has announced an update to Security Copilot – adding new AI agents that can autonomously assist teams when dealing with phishing, data security, and identity management. 🔗
  • OpenAI is raising its maximum bug bounty payment to $100,000 USD for finding high impact vulnerabilities. 🔗
  • Island – a security focused enterprise browser platform – has announced a $250 million USD Series E funding round. The company is now valued at almost $5 billion. 🔗
  • Dataminr – a real-time event, risk and threat discovery platform – has raised $85 million USD to accelerate AI development, bringing the total raised to over $1 billion. 🔗
  • SplxAI – an AI security startup that delivers automated security testing to secure internal and customer facing AI systems – has announced a $7 million USD seed funding round. 🔗

🏛️ Cybersecurity Policy 

  • The Trump administration wants state and local government agencies to play a bigger role in protecting critical infrastructure against cyberattacks, outlined in a new executive order. 🔗
  • Katherine Sutton, currently chief technology advisor to the commander of Pentagon Operations at US Cyber Command, has been nominated to be assistant secretary of defense for cyber policy. 🔗
  • The FFC (Federal Communications Commission) has announced it has begun an investigation into whether Chinese telecommunication providers such as Huawei, ZTE, and Hikvision are still operating in the USA after being banned in 2021. 🔗

🌎 Around The World

  • 🇬🇧 The UK Government has announced new plans to tackle cyber-enabled fraud by tapping the power of AI to help automate casework. 🔗
  • 🇪🇺 Europol has warned this week that organized crime networks are increasingly using AI to automate tasks and stay ahead of law enforcement. 🔗
  • 🇬🇧 DrayTek router users in the UK and Europe have been stuck in a bootloop this week, causing a headache for many ISPs, with speculation it may have something to do with recently disclosed security vulnerabilities. 🔗
  • 🇳🇬 Multiple African law enforcement agencies have arrested 306 suspects as part of an international crackdown on cross-border cybercriminal gangs. 🔗
  • 🇲🇾 Kuala Lumpur International Airport has been hit by a ransomware attack, confirmed Malaysia’s PM. The threat actors demanded a $10 million USD ransom – which has been rejected. 🔗

🎙️ Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

That’s all for this week! 👋

Expert Insights’ Cybersecurity Resources

Written By
Joel Witts
Joel Witts

Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.

Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is an Information Security Engineer. She holds a Bachelor’s degree in Cybersecurity from the University of West Florida. Laura has experience with a variety of cybersecurity platforms and leads technical reviews of leading solutions. She conducts thorough product tests to ensure that Expert Insights’ reviews are definitive and insightful.