Cybersecurity News March, 2025
Curated cybersecurity news
summary for facility management professional, building owners and IT professionals who are interested in building security and Facility IT.
What is new in March, 2025 in Cybersecurity?
NIST’s Cybersecurity Framework
The latest iteration of the National Institutes of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) helps organizations strengthen their security posture and align their cybersecurity efforts with enterprise-wide risk management.
NIST’s Stephen Quinn, the project lead for the Cybersecurity Framework, provides a comprehensive overview of the key updates and transformative features in the 2.0 version. At the center of the new framework is the introduction of the “govern” function, which empowers executives and risk management professionals to seamlessly integrate cybersecurity risk into their existing enterprise-level decision-making processes. Read More
SEC Priorities Regarding Cybersecurity Enforcement in the Second Trump Administration
The SEC recently announced the creation of a Cyber and Emerging Technologies Unit (CETU) that will focus on fraudulent conduct in cybersecurity, digital assets, and emerging technologies such as artificial intelligence. For public companies, the announcement indicates that the new unit will focus on combatting fraud and other “cyber-related misconduct,” including “public issuer fraudulent disclosure relating to cybersecurity.” Read more
New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass.
Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). Read More
WHO/Europe launches guide to strengthen cybersecurity in digital health
At a time of rapid advances in digital technology, WHO/Europe has published a guide on cybersecurity and privacy risk assessments in digital health tailored to the WHO European Region, which encompasses 53 Member States across Europe and central Asia.
The document, titled “Cybersecurity and privacy maturity assessment and strengthening for digital health information systems”, provides a framework to help countries and organizations develop risk assessment strategies that align with their specific needs, goals and regulatory requirements. Read more
Alphabet to buy Wiz for $32 billion in its biggest deal to boost cloud security
March 18 (Reuters) - Alphabet will buy fast-growing startup Wiz for about $32 billion in its biggest deal ever, the Google parent said Tuesday, as it doubles down on cybersecurity to sharpen its edge in the cloud-computing race against Amazon.com and Microsoft.
The blockbuster deal will make Wiz part of Google's cloud unit and strengthen the company's efforts in cybersecurity solutions that companies use to remove critical risks. Read more
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more
Microsoft injects AI agents into security tools
Microsoft said Monday it will soon roll out 11 new AI agents for its security-focused Copilot aimed at offloading some of the most repetitive tasks that bog down cybersecurity teams.
Why it matters: Microsoft is the latest major vendor to embed autonomous AI agents directly into its security suite in an effort to reduce burnout for cyber pros and boost efficiency through AI-powered automation.
The big picture: Security professionals have long hoped that AI could help close the cybersecurity workforce gap and ease analyst burnout. Read more
Google confirms cyber ‘espionage’ attacks on Chrome users from ‘highly sophisticated malware’
Think before clicking on these links.
After cybersecurity experts discovered an influx of malware infecting Chrome users, Google has since confirmed the attacks and announced a security patch that will accompany the latest browser update.
Researchers at data protection firm Kaspersky found “a wave of infections by previously unknown and highly sophisticated malware” this month, which was triggered when a target clicked on a phishing link in an email and launched the site in Google Chrome. Read more
Leave a comment
Comments will be approved before showing up.
Also in Cimetrics News
June company news
New BACstac/DN Release + Smart Sensors for Building Efficiency & Training Opportunities
Cybersecurity News June 2025
NIST flags rising cybersecurity challenges as IT and OT systems increasingly converge through IoT integration, FBI, cybersecurity firms say a prolific hacking crew is now targeting airlines and the transportation sector, Cybersecurity experts share practical advice for small businesses and more...
Cybersecurity news May 2025
Midyear Roundup: Nation-State Cyber Threats in 2025, The Current Cybersecurity Landscape, Explained - J.P. Morgan, Why AI Is The New Cybersecurity Battleground and more...