Cybersecurity Institute News Roundup 14 April 2025
Welcome to this week’s Cybersecurity Institute News Roundup: a weekly overview of the most interesting news and articles that have caught our attention recently from across the cybersecurity industry. In this week’s roundup, we cover utility operators being targeted for cyber attacks, excessive agency in autonomous large language models (LLMs) creating cyber risks, AI outpacing human red teams in phishing tests, the uptick in Distributed Denial of Service (DDoS) attacks as a geopolitical conflict tactic, and NIST deferring pre-2018 cyber vulnerabilities to prioritize the current backlog.
Utility operators under cyber attack
Critical infrastructure remains a favored target of cyber attackers with 62% of utility operators reporting being targeted in the last year. More alarmingly, nearly 60% of these attacks were carried out by nation state groups.
Excessive agency in LLMs poses a growing cyber threat
As more and more companies seek to harness the power of AI by deploying autonomous large language models (LLMs), cyber leaders are being cautioned to watch for excessive agency which can compromise organization confidentiality, integrity, and availability especially when exploited by bad actors.
AI outperforms human red teams
According to cyber training firm Hoxhunt, AI has surpassed human red teams in the ability to both craft and scale highly effective phishing attacks.
DDoS attacks increasingly being used for geopolitical interference
A recent report from NETSCOUT highlights that Distributed Denial of Service (DDoS) attacks are increasingly being used to interfere with national security, democratic processes, and public services.
NIST shelves pre-2018 vulnerabilities to focus on current backlog
As the NIST backlog of unanalyzed cyber vulnerabilities continues to grow, the agency has announced that all CVEs published before 2018, which accounts for roughly a third of the total, will be marked as deferred and will no longer be prioritized for updates or enrichment.