This month in security with Tony Anscombe – April 2025 edition

From the near-demise of MITRE’s CVE program to a report showing that AI outperforms elite red teamers in spearphishing, April 2025 was another whirlwind month in cybersecurity

29 Apr 2025

The past month has seen no shortage of impactful and disconcerting cybersecurity news, including an eleventh-hour turnaround that averted the shutdown of MITRE’s CVE program to a report showing that AI outperforms red team experts in spearphishing. In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:

how MITRE’s Common Vulnerabilities and Exposures (CVE) came close to shutting down due to a lack of funding – and what questions this issue raises
some takeaways from a survey according to which 30% of charities in the UK reported having experienced a cybersecurity breach or attack in the last 12 months
AI outperforming elite red teamers in spearphishing, according to a report by Hoxhunt
what Tony’s conversation with a tour guide in India revealed about effective ways of combatting deepfake-fueled extortion

Don’t forget to check out the March 2025 edition of Tony’s monthly security news roundup for more insights.

Connect with us on Facebook, X, LinkedIn and Instagram.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts