%term

What is a Data Poisoning Attack?

Mar 25, 2025 By Stephen Thoemmes In Snyk

Data poisoning is a sophisticated adversarial attack designed to manipulate the information used in training artificial intelligence (AI) models. By injecting deceptive or corrupt data, attackers can hurt model performance, introduce biases, or even create security vulnerabilities. As AI models increasingly power critical applications in cybersecurity, healthcare, finance, and many other industries, maintaining the integrity of their training data is absolutely critical.

Read Post

Snyk

Read more about What is a Data Poisoning Attack?

IngressNightmare: Analysis of Critical Vulnerabilities in Kubernetes Ingress NGINX Controller

Mar 25, 2025 By Amit Schendel In ARMO

On March 24, 2025, Wiz Research disclosed a series of critical vulnerabilities in Ingress NGINX Controller for Kubernetes, collectively dubbed: These unauthenticated Remote Code Execution (RCE) vulnerabilities have been assigned a CVSS base score of 9.8. According to Wiz Research, exploitation allows attackers to gain unauthorized access to all secrets across all namespaces in affected Kubernetes clusters, potentially leading to complete cluster takeover.

Read Post

ARMO

Read more about IngressNightmare: Analysis of Critical Vulnerabilities in Kubernetes Ingress NGINX Controller

Detecting and Mitigating IngressNightmare - CVE-2025-1974

Mar 25, 2025 By Sysdig Threat Research Team In Sysdig

On Monday, March 24, 2025, a set of critical vulnerabilities affecting the admission controller component of the Ingress NGINX Controller for Kubernetes was announced. In total, five vulnerabilities were announced; the most severe vulnerability, CVE-2025-1974 (CVS 9.8), may result in remote code execution (RCE). Exploitation of this vulnerability can be detected with Sysdig Secure or the Falco rule provided in this article.

Read Post

Sysdig

Read more about Detecting and Mitigating IngressNightmare - CVE-2025-1974

Nation-State Threat Actors Leverage Windows Shortcut Vulnerability

Mar 24, 2025 By Foresiet In Foresiet

The newly found Windows shortcut vulnerability is now being actively exploited by state-sponsored Advanced Persistent Threat (APT) actors to execute covert malicious commands. According to new research conducted by Trend Micro's Zero Day Initiative (ZDI), the vulnerability, designated as ZDI-CAN-25373, is now being exploited by Chinese, Iranian, North Korean, and Russian threat actors for worldwide cyber espionage and data theft.

Read Post

Foresiet

Read more about Nation-State Threat Actors Leverage Windows Shortcut Vulnerability

POAM Process Automation: Breaking the Manual Grind

Mar 24, 2025 By Nucleus Security In Nucleus

Plans of Action and Milestones (POAM) play a critical role in public sector cybersecurity. In this webinar with government IT solutions provider Carahsoft, we break down the challenges security teams face when implementing POAMs, sharing real-life examples of where things go wrong and why. As part of the presentation, we also cover the intensive math of POAM programs: people, systems, and time.

View Video

Nucleus

Read more about POAM Process Automation: Breaking the Manual Grind

CVE-2025-29927 - Authorization Bypass Vulnerability in Next.js: All You Need to Know

Mar 24, 2025 By Yoav Saporta In JFrog

On March 21st, 2025, the Next.js maintainers announced a new authorization bypass vulnerability – CVE-2025-29927. This vulnerability can be easily exploited to achieve authorization bypass. In some cases – exploitation of the vulnerability can also lead to cache poisoning and denial of service.

Read Post

JFrog

Read more about CVE-2025-29927 - Authorization Bypass Vulnerability in Next.js: All You Need to Know

CrowdStrike Falcon Exposure Management Expands Security to Unmanaged Network Assets with Network Vulnerability Assessment

Mar 24, 2025 By Rona Kedmi In CrowdStrike

As organizations strengthen endpoint and cloud security, attackers are shifting their focus to often-overlooked network infrastructure like routers, switches, and firewalls. Legacy vulnerability management (VM) solutions struggle to keep pace, relying on slow, periodic scans that fail to provide real-time visibility into emerging threats.

Read Post

CrowdStrike

Read more about CrowdStrike Falcon Exposure Management Expands Security to Unmanaged Network Assets with Network Vulnerability Assessment

Falcon Exposure Management Network Vulnerability Assessment: Demo Drill Down

Mar 24, 2025 By CrowdStrike In CrowdStrike

Traditional network vulnerability scanners leave your critical network assets vulnerable, providing outdated visibility and ineffective prioritization. Falcon Exposure Management's Network Vulnerability Assessment (NVA) delivers real-time visibility, AI-powered prioritization with ExPRT.AI, and seamless integration for automated remediation. This demo showcases how NVA streamlines your security strategy, ensuring precise focus on threats that matter most and proactively protecting your network.

View Video

CrowdStrike

Read more about Falcon Exposure Management Network Vulnerability Assessment: Demo Drill Down

Vibe Coding with Claude Code (Claude Agentic AI Tool)

Mar 24, 2025 By Snyk In Snyk

Claude Code is Here! Anthropic just announced Claude Code, an agentic AI coding tool, and I had to check it out. In this video, I dive into the announcement, explore what makes Claude Code special, and put it to the test by asking it to build a secure note-taking app!

View Video

Snyk

Read more about Vibe Coding with Claude Code (Claude Agentic AI Tool)

Why Security Testing Skills Matter for Both Digital and Physical Protection

Mar 24, 2025 By SecuritySenses In SecuritySenses

Discover how ethical hacking and lock-picking skills align. Explore their shared principles and real-world applications in enhancing security. Read more about it.

Read Post