{"id":14584,"date":"2025-08-07T17:33:33","date_gmt":"2025-08-07T17:33:33","guid":{"rendered":"https:\/\/newestek.com\/?p=14584"},"modified":"2025-08-07T17:33:33","modified_gmt":"2025-08-07T17:33:33","slug":"black-hat-2025-latest-news-and-insights","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14584","title":{"rendered":"Black Hat 2025: Latest news and insights"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p class=\"has-text-align-center\"><strong><a href=\"https:\/\/www.blackhat.com\/us-25\/\" target=\"_blank\" rel=\"noreferrer noopener\">Black Hat USA<\/a><br \/>August 2-7, 2025<br \/>Las Vegas, NV<\/strong><\/p>\n<\/p>\n<p>Black Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and others<\/p>\n<p>The week kicks off on August 2 with four days of  cybersecurity training courses. The courses cover a range of topics from reverse engineering malware to penetration testing. The main conference runs August 6 amd 7 amd featires presentations by security researchers and industry experts who offer insight into the latest vulnerabilities, hacks, and defense strategies.<\/p>\n<p>Expect Black Hat USA 2025 to focus on the dual nature of AI as both a powerful tool for cyberdefense and a new weapon for threat actors.<\/p>\n<h2 class=\"wp-block-heading\" id=\"latest-black-hat-news-insights-and-analysis\">Latest Black Hat news, insights, and analysis <\/h2>\n<h3 class=\"wp-block-heading\" id=\"beef-up-ai-security-with-zero-trust-principles\">Beef up AI security with zero trust principles<\/h3>\n<p><em>Aug. 7, 2025: <\/em>Many CSOs worry about their firm\u2019s AI agents spitting out advice to users on how to build a bomb, or citing non-existent legal decisions. But <a href=\"https:\/\/www.csoonline.com\/article\/4035385\/beef-up-ai-security-with-zero-trust-principles.html\">those are the least of their worries<\/a>, said a security expert at this week\u2019s Black Hat security conference in Las Vegas. Systems using large language models (LLMs) that connect to enterprise data contain\u00a0other\u00a0vulnerabilities that will be leveraged in dangerous ways unless developers and infosec leaders tighten security.<\/p>\n<h3 class=\"wp-block-heading\" id=\"researchers-uncover-rce-attack-chains-in-popular-enterprise-credential-vaults\">Researchers uncover RCE attack chains in popular enterprise credential vaults<\/h3>\n<p><em>Aug. 6, 2025: <\/em>Researchers have <a href=\"https:\/\/www.csoonline.com\/article\/4035274\/researchers-uncover-rce-attack-chains-in-popular-enterprise-credential-vaults.html\">found 14 logic flaws<\/a> in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication checks, access secrets, impersonate identities and execute arbitrary code.<\/p>\n<h3 class=\"wp-block-heading\" id=\"revault-flaws-let-attackers-bypass-windows-login-or-place-malware-implants-on-dell-laptops\">ReVault flaws let attackers bypass Windows login or place malware implants on Dell laptops<\/h3>\n<p><em>Aug. 6, 2025: <\/em><a href=\"https:\/\/www.csoonline.com\/article\/4035211\/revault-flaws-let-attackers-bypass-windows-login-or-place-malware-implants-on-dell-laptops.html\">Vulnerabilities in the ControlVault3 (CV) firmware<\/a> in Dell laptops, discovered by security researchers from Cisco Talos, allow attackers with physical access to bypass Windows login on vulnerable laptops or let a local user gain admin privileges. The most serious of the five vulnerabilities affects the Windows API associated with ControlVault3 and creates a means for attackers to install persistent malware capable of surviving even an operating system reinstallation.<\/p>\n<h3 class=\"wp-block-heading\" id=\"hpe-unveils-ai-powered-network-security-and-data-protection-technology\">HPE unveils AI-powered network security and data protection technology<\/h3>\n<p><em>Aug. 5, 2025: <\/em>HPE has unveiled a <a href=\"https:\/\/www.networkworld.com\/article\/4034500\/hpe-unveils-ai-powered-network-security-and-data-protection-technology.html\">secure access service edge (SASE) copilot<\/a> to help networking teams make faster, better decisions using artificial intelligence as well as a new integration hub that lets third-party applications access HPE Zerto data to streamline operations.<\/p>\n<h2 class=\"wp-block-heading\" id=\"2024-black-hat-news\">2024 Black Hat news<\/h2>\n<h3 class=\"wp-block-heading\" id=\"black-hat-europe-2024-key-takeaways-for-cybersecurity-pros\">Black Hat Europe 2024: Key takeaways for cybersecurity pros<\/h3>\n<p><em>Dec. 16, 2024:<\/em> Technical talks and policy discussions took centre stage, including ERP in the crosshairs, problems with CVSS, and <a href=\"https:\/\/www.csoonline.com\/article\/1295652\/24-on-2024-asia-pacifics-cybersecurity-thought-leaders-share-their-predictions-and-aspirations.html\">AI\u2019s impact on cybercops<\/a>.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3624464\/researchers-expose-a-surge-in-hacker-interest-in-sap-systems.html\" data-type=\"link\" data-id=\"https:\/\/www.csoonline.com\/article\/3624464\/researchers-expose-a-surge-in-hacker-interest-in-sap-systems.html\">SAP systems increasingly targeted by cyber attackers<\/a><\/h3>\n<p><em>Dec. 13, 2024:<\/em> Long viewed as an opaque black box, attackers are increasingly focused upon hacking into enterprise systems from SAP, according to research presented at Black Hat Europe 2024.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3623598\/security-researchers-find-deep-flaws-in-cvss-vulnerability-scoring-system.html\">Security researchers find deep flaws in CVSS vulnerability scoring system<\/a><\/h3>\n<p><em>Dec. 12, 2024:<\/em> Cybersecurity experts from financial giant JPMorganChase say the cybersecurity community is being misled about the severity of vulnerabilities by the CVSS, which threatens to seriously hinder remediation efforts.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3623569\/microsoft-windows-best-fit-character-conversion-ripe-for-exploitation.html\">Microsoft Windows \u2018Best Fit\u2019 character conversion \u2018ripe for exploitation\u2019<\/a><\/h3>\n<p><em>Dec. 12, 2024:<\/em> Security researchers warn that the Windows ANSI API contains a hidden trap that could lead to arbitrary code execution \u2014 a new attack surface dubbed \u2018WorstFit.\u2019<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3623544\/keytrap-dnssec-the-day-the-internet-almost-stood-still.html\">KeyTrap DNSSEC: The day the internet (almost) stood still<\/a><\/h3>\n<p><em>Dec. 12, 2024:<\/em> Black Hat conference attendees heard a post-mortem on the KeyTrap DNSSEC vulnerability, which could have widely impacted browsing, email, TLS, and other key web services.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3621403\/black-hat-europe-preview-cryptographic-protocol-attacks-and-ai-in-the-spotlight.html\">Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight<\/a><\/h3>\n<p><em>Dec. 10, 2024<\/em>: This week in London\u00a0Black Hat Europe\u00a0will feature a diverse range of talks and presentations covering the latest developments in cybersecurity. Here are the most notable keynotes and sessions for cybersecurity leaders and professionals.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3485314\/amd-cpus-impacted-by-18-year-old-smm-flaw-that-enables-firmware-implants.html\">AMD CPUs impacted by 18-year-old SMM flaw that enables firmware implants<\/a><\/h3>\n<p><em>Aug. 9, 2024:<\/em> Security reseachers estimate the \u2018Sinkclose\u2019 vulnerability affects \u2018hundreds of millions of laptops, desktops, and servers,\u2019 allowing attackers to execute malicious code on the most privileged execution mode on a computer. They will present their findings at this year\u2019s DEF CON.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3485204\/5-key-takeaways-from-black-hat-usa-2024.html\">5 key takeaways from Black Hat USA 2024<\/a><\/h3>\n<p><em>Aug. 9, 2024:<\/em> The industry\u2019s biggest annual get together offers CISOs a chance to chart industry trends. From <a href=\"https:\/\/www.csoonline.com\/article\/3568609\/cso30-australia-2024-winners-unveiled-at-gala-ceremony.html\">cloud security<\/a> to AI, here\u2019s what\u2019s notable about this year\u2019s \u2018hacker summer camp.\u2019<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3484842\/s3-shadow-buckets-leave-aws-accounts-open-to-compromise.html\">S3 shadow buckets leave AWS accounts open to compromise<\/a><\/h3>\n<p><em>Aug. 8, 2024:<\/em> Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3484624\/back-to-the-future-windows-update-is-now-a-trojan-horse-for-hackers.html\">Back to the future: Windows Update is now a trojan horse for hackers<\/a><\/h3>\n<p><em>Aug. 8, 2024:<\/em> SafeBreach security researcher Alon Leviev has unveiled at Black Hat a technique that lets malicious actors manipulate the Windows Update process to downgrade critical system components, rendering security patches useless.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3481907\/the-top-new-cybersecurity-products-at-black-hat-usa-2024.html\">Top new cybersecurity products at Black Hat USA 2024<\/a><\/h3>\n<p><em>Aug. 8, 2024:<\/em> Find out the top cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat USA 2024 that you need to know about, with our rolling coverage of conference announcements.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3483776\/generative-ai-takes-center-stage-at-black-hat-usa-2024.html\">Generative AI takes center stage at Black Hat USA 2024<\/a><\/h3>\n<p><em>Aug. 8, 2024:<\/em> Top gen AI-driven cybersecurity tools, platforms, features, services, and technologies unveiled at Black Hat 2024 that you need to know about. Read about them here.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3483919\/apt-groups-increasingly-attacking-cloud-services-to-gain-command-and-control.html\">APT groups increasingly attacking cloud services to gain command and control<\/a><\/h3>\n<p><em>Aug. 7, 2024:<\/em> Nation-state threat groups are piling on attack techniques seen as successful in exploiting free cloud services, Symantec reports, with findings to be presented today in\u00a0a talk\u00a0at the Black Hat USA security conference.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3482041\/black-hat-preview-ai-and-cloud-security-take-center-stage.html\">Black Hat preview: AI and cloud security in the spotlight<\/a><\/h3>\n<p><em>Aug. 6, 2024:<\/em> This year\u2019s Black Hat USA sees LLMs in the crosshairs, rising attacks against hyperscale cloud vendors, and CISOs in need of advice for legal liabilities. Find out more with CSO Online\u2019s conference preview.<\/p>\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/www.csoonline.com\/article\/3481659\/north-korean-group-infiltrated-100-plus-companies-with-imposter-it-pros.html\">North Korean group infiltrated 100-plus companies with imposter IT pros: CrowdStrike report<\/a><\/h3>\n<p><em>Aug. 6, 2024:<\/em> Released at Black Hat, CrowdStrike\u2019s Threat Hunting Report outlines a DPRK group\u2019s attempts to exfiltrate data and install RMM tools by posing as US IT workers, along with several other examples that show cross-domain analysis is needed to tackle rising identity-based attacks.<\/p>\n<h3 class=\"wp-block-heading\" id=\"\"><\/h3>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Black Hat USAAugust 2-7, 2025Las Vegas, NV Black Hat USA 2025 returns to the Mandalay Bay Convention Center in Las Vegas on August 2-7. The annual event is a perennial magnet for cybersecurity professionals, researchers, vendors and others The week kicks off on August 2 with four days of cybersecurity training courses. The courses cover a range of topics from reverse engineering malware to penetration&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14584\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14584","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14584","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14584"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14584\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14584"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14584"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14584"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}