Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In the past year alone, the number of artificial intelligence (AI) packages running in workloads grew by almost 500%. Which is to say: AI is everywhere, and it’s settling in for the long haul. Naturally, as helpful as they are, these AI workloads come with security challenges, including data exposure, adversarial attacks, and model manipulation. So as AI adoption accelerates, security leaders must build an AI workload security program to protect their organizations while enabling innovation.

On Monday, March 24, 2025, a set of critical vulnerabilities affecting the admission controller component of the Ingress NGINX Controller for Kubernetes was announced. In total, five vulnerabilities were announced; the most severe vulnerability, CVE-2025-1974 (CVS 9.8), may result in remote code execution (RCE). Exploitation of this vulnerability can be detected with Sysdig Secure or the Falco rule provided in this article.

Effectively responding to cloud security incidents can be daunting for organizations expanding rapidly in the cloud. Whether you face a policy violation or an active threat, quick and reliable alerting and response are essential to keeping cloud services secure and available. For many organizations, Sysdig and PagerDuty each play a critical role in automating DevSecOps and helping modern IT operations and security teams respond effectively.

On March 14, 2025, StepSecurity uncovered a compromise in the popular GitHub Action tj-actions/changed-files. Tens of thousands of repositories use this action to track file changes, and it is now known to have been tampered with, posing a risk to both public and private projects. A CVE has been created for this issue: CVE-2025-30066.

The Shadowserver group recently identified over 41,500 internet-exposed VMware ESXi hypervisors vulnerable to CVE-2025-22224, a critical Time-of-Check Time-of-Use (TOCTOU) code execution attack. The attackers who gain administrative access to a compromised VM can exploit this flaw to execute arbitrary code on the hypervisor, gaining full control over all hosted VMs and networked assets. Broadcom released emergency patches for ESXi and Workstation products to remediate the flaw.

Sysdig’s 2025 Cloud-Native Security and Usage Report identifies promising trends in how organizations are developing, using, and maintaining everything within their cloud environments. The eighth annual report shares the results of an analysis of millions of containers and cloud accounts. This year’s findings reveal several key areas that have improved, including cloud threat detection and response, AI security, and vulnerability management.

In today’s technology landscape, security leaders often find themselves under immense pressure: their resource-constrained teams are expected to mitigate growing risks, navigate complex infrastructures, and implement best practices, all while justifying their value to executive leadership.

Vulnerability management has always been a challenge, but today’s security teams are feeling the pressure more than ever. With thousands of new CVEs reported every month, the sheer volume makes it difficult to know where to focus. In-use vulnerability prioritization is one of the most effective ways to cut through the noise, focusing only on vulnerabilities that are actively loaded in runtime. To focus on what really matters, security teams need better ways to prioritize risk.