InfoSec Dot - Issue #82. 🔐 Automate Certs, Boost Security | 📊 Instant Audit Reports | ⏰ Never Miss Expiry Dates

In partnership with

Hi Cybersecurity Enthusiasts,

In this edition, we explore AWS’s latest automation features for managing Private Certificate Authorities (CAs). The new update allows organizations to automatically generate detailed audit reports for all issued and revoked certificates, improving visibility and compliance tracking. These reports are stored in an S3 bucket in CSV or JSON formats for easy access.

Additionally, AWS introduces automated expiration alerts to ensure timely certificate renewals. By integrating Lambda functions, organizations can set up custom notifications for upcoming expiration dates, preventing security risks tied to expired certificates. This proactive approach enhances certificate lifecycle management and reduces manual oversight..

Stay informed with these critical updates to understand and counteract the evolving cybersecurity threats of 2025.

Find out why 1M+ professionals read Superhuman AI daily.

In 2 years you will be working for AI

Or an AI will be working for you

Here's how you can future-proof yourself:

1. Join the Superhuman AI newsletter – read by 1M+ people at top companies

2. Master AI tools, tutorials, and news in just 3 minutes a day

3. Become 10X more productive using AI

Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.

Sign up and start learning AI

🗓️ What’s New

WooCommerce Users Targeted by Fake WordPress Plugin to Steal Payment Information

WooCommerce store owners are being warned about a new malicious campaign involving a fake WordPress plugin designed to steal payment data. The counterfeit plugin mimics legitimate functionality while secretly capturing customers’ credit card information. Security experts emphasize the importance of vetting plugins carefully and regularly auditing website security measures to mitigate such risks. Read More (3 min)

Cybercriminals Increasingly Target Credentials Over Ransomware

Cybercriminals are shifting focus from ransomware to credential theft, with phishing emails delivering infostealers up by 84% this year. Experts warn that attackers are exploiting MFA gaps and legacy vulnerabilities to steal login data at scale. Read More (5 min)

SAP NetWeaver Customers Urged to Patch Critical Zero-Day Vulnerability

A critical zero-day flaw (CVE-2025-31324) in SAP NetWeaver's Visual Composer is being actively exploited to deploy web shells and take full control of servers. SAP has released a patch and urges immediate updates to protect exposed systems. Read More (5 min)

Scamnetic Raises $13 Million to Combat AI-Driven Scams in Real Time

AI threat protection startup Scamnetic has secured $13 million in Series A funding to expand its real-time scam detection platform. The tool scans messages, QR codes, and media to prevent fraud, including dating and crypto scams. Read More (2 min)

Chinese Hackers Exploit Ivanti VPN Flaws in Global Espionage Campaign

Chinese APT group UNC5221 is exploiting critical Ivanti VPN vulnerabilities (CVE-2025-0282, CVE-2025-22457) to infiltrate organizations across 12 countries. The attackers deploy the SPAWNCHIMERA malware suite to maintain covert access, exfiltrate data, and prepare for potential disruptive operations. Read More (4 min)

Verizon's 2025 DBIR Reveals Surge in Ransomware and Exploited Vulnerabilities

Verizon's 2025 Data Breach Investigations Report highlights a 37% increase in ransomware attacks and a 34% rise in exploited vulnerabilities. Small and medium-sized businesses are particularly affected, with ransomware present in 88% of breaches. The report also emphasizes the growing threat from zero-day exploits targeting edge devices and VPNs. Despite a decline in ransom payments, the frequency and impact of these attacks continue to escalate. Read More (5 min)

🔍 In-Depth Insights

MCP Servers Can Attack Before They're Even Used

A vulnerability in the Model Context Protocol (MCP), dubbed "line jumping," allows malicious servers to manipulate AI model behavior by injecting prompt instructions into tool descriptions. These instructions can execute unauthorized commands before any tools are invoked, bypassing security measures and potentially compromising systems. This issue highlights the need for stricter validation of tool descriptions to prevent such exploits. Read More (6 min)

Figma Enhances Endpoint Security with User-Centric Design

Figma has introduced a modern endpoint security strategy that prioritizes user experience without compromising on protection. Their Endpoint Security Baseline (ESB) includes automated threat detection and self-service remediation, allowing employees to resolve issues via Slack without IT intervention. By integrating tools like OSQuery and enforcing policies such as kernel extension blocking, Figma ensures that devices remain secure while minimizing friction for users. Read More (6 min)

🤖 AI in Cybersecurity

Agentic AI Needs Onboarding to Avoid Misclassifications

Agentic AI is increasingly used in cybersecurity to handle tasks like alert triage, but it requires proper onboarding to align with an organization's unique risk landscape. Without this, AI can misclassify threats or miss subtle attacks. Effective onboarding involves training AI on internal documentation, historical incident logs, and business-specific risk factors to ensure it makes informed, context-aware decisions. Continuous feedback and oversight are essential for improving AI performance over time. Read More (5 min)

AI's Impact on Data Breach Outcomes Remains Limited, Says Verizon

Verizon's 2025 Data Breach Investigations Report indicates that while AI-generated text in phishing emails has doubled, the rate of successful breaches remains unchanged. The report suggests that traditional attack methods, such as exploiting software vulnerabilities, continue to be more prevalent. Experts advise organizations to monitor unauthorized AI use and enhance employee training to mitigate evolving threats. Read More (3 min)

💡 Actionable Insights

How Breaches Start: Breaking Down 5 Real Vulnerabilities

Five real-world vulnerabilities show how minor flaws, like exposed .git repos or open redirects, can lead to full server compromise. Experts stress that even small issues, like SSRF or XSS, can escalate into serious breaches if not addressed. Read More (6 min)

Automating AWS Private CA Audit Reports and Certificate Expiration Alerts

AWS now enables automated generation of audit reports for Private Certificate Authorities (CAs), detailing all issued and revoked certificates. These reports are stored in CSV or JSON format within an S3 bucket. Additionally, organizations can set up Lambda functions to monitor certificate expiration dates and trigger alerts, ensuring timely renewals and maintaining secure internal communications. Read More (11 min)

🔗 Miscellaneous Links

• Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers

• Frederick Health data breach impacts nearly 1 million patients

• Yale New Haven Health Notifying 5.5 Million of March Hack

• Data Breach at Onsite Mammography Impacts 350,000

• VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025

Also, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

Regards,

Dot