March 2025 Cybersecurity News

March 26, 2025 Cimetrics News

Curated Cybersecurity news

Summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.

What is new in March 2025 Cybersecurity News?

NIST’s Cybersecurity Framework

The latest iteration of the National Institutes of Standards and Technology’s (NIST’s) Cybersecurity Framework (CSF) helps organizations strengthen their security posture and align their cybersecurity efforts with enterprise-wide risk management.

NIST’s Stephen Quinn, the project lead for the Cybersecurity Framework, provides a comprehensive overview of the key updates and transformative features in the 2.0 version. At the center of the new framework is the introduction of the “govern” function, which empowers executives and risk management professionals to seamlessly integrate cybersecurity risk into their existing enterprise-level decision-making processes. Read More

SEC Priorities Regarding Cybersecurity Enforcement in the Second Trump Administration

The SEC recently announced the creation of a Cyber and Emerging Technologies Unit (CETU) that will focus on fraudulent conduct in cybersecurity, digital assets, and emerging technologies such as artificial intelligence. For public companies, the announcement indicates that the new unit will focus on combatting fraud and other “cyber-related misconduct,” including “public issuer fraudulent disclosure relating to cybersecurity.” Read more

New VMware Security Flaw- High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass.

Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). Read More

WHO/Europe launches guide to strengthen cybersecurity in digital health

At a time of rapid advances in digital technology, WHO/Europe has published a guide on cybersecurity and privacy risk assessments in digital health tailored to the WHO European Region, which encompasses 53 Member States across Europe and central Asia.

The document, titled “Cybersecurity and privacy maturity assessment and strengthening for digital health information systems”, provides a framework to help countries and organizations develop risk assessment strategies that align with their specific needs, goals and regulatory requirements. Read more

Alphabet to buy Wiz for $32 billion in its biggest deal to boost cloud security

March 18 (Reuters) – Alphabet will buy fast-growing startup Wiz for about $32 billion in its biggest deal ever, the Google parent said Tuesday, as it doubles down on cybersecurity to sharpen its edge in the cloud-computing race against Amazon.com and Microsoft.

The blockbuster deal will make Wiz part of Google’s cloud unit and strengthen the company’s efforts in cybersecurity solutions that companies use to remove critical risks. Read more

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability

CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more

Microsoft injects AI agents into security tools

Microsoft said Monday it will soon roll out 11 new AI agents for its security-focused Copilot aimed at offloading some of the most repetitive tasks that bog down cybersecurity teams.

Why it matters: Microsoft is the latest major vendor to embed autonomous AI security agents directly into its security suite in an effort to reduce burnout for cyber pros and boost efficiency through AI-powered automation.

The big picture: Security professionals have long hoped that AI could help close the cybersecurity workforce gap and ease analyst burnoutRead more

Google confirms cyber espionage attacks on Chrome users from ‘highly sophisticated malware’

Think before clicking on these links.

After cybersecurity experts discovered an influx of malware infecting Chrome users, Google has since confirmed the attacks and announced a security patch that will accompany the latest browser update.

Researchers at data protection firm Kaspersky found “a wave of infections by previously unknown and highly sophisticated malware” this month, which was triggered when a target clicked on a phishing link in an email and launched the site in Google Chrome. Read more

In order to provide you a personalized user experience, our site uses cookies.
cookie policy.

Accept Cookies
Cimetrics

Log in

You dont have an account yet? Register Now

Search

Menu