Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Senior Consultant Kevin Lewis has picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what our consulting team has been reading this August—plus, scroll to see Kevin’s CISO Pick of the Month for his top new resource for security and compliance professionals this month.

SonicWall SSLVPN Attacks Tied to Known Flaw

External security teams including Arctic Wolf, Mandiant, Huntress, and Field Effect observed a spike in activity against SonicWall Gen-7 firewalls with SSLVPN enabled, initially raising fears of a new zero-day. SonicWall has since confirmed the incidents are tied to CVE-2024-40766, not an undiscovered flaw. Fewer than 40 cases have been confirmed, with most linked to migration missteps such as old passwords carried over and firmware left outdated.

➡️ Read more

Experts: AI Defenses Are Repeating ’90s Mistakes

At Black Hat USA 2025, researchers warned that many AI defenses are repeating 1990s-era security mistakes, skipping basics like authentication and input validation. Experts likened today’s AI tools to “toddlers” or “faster drivers without better skills,” highlighting the risks of rushing deployments without safeguards. NVIDIA’s security team demonstrated how prompt injection attacks, the AI equivalent of SQL injection, can easily compromise large language models.

➡️ Read more

Attackers, Defenders Arm Up for AI Hacking Era

A new report claims that “the era of AI hacking” is here—both cybercriminals and defenders are deploying AI to automate tasks from vulnerability discovery to social engineering. While tools from Google and CrowdStrike aid defense, attackers (including North Korean actors) are using generative AI to breach systems, though criticism remains that AI often floods developers with low‑value alerts.

➡️ Read more

Deepfake Scams Explode, Costing $200M in Q1

Cybercriminals are increasingly deploying AI-powered deepfakes to impersonate CEOs and executives, tricking staff into divulging sensitive data or transferring funds. In the U.S., 2024 saw over 105,000 deepfake attacks, and just in Q1 of this year, losses exceeded $200 million. Experts urge multi-layered defenses, including verification protocols, staff training, and advanced detection tools to counter this rapidly evolving threat.

➡️ Read more

Security Spending to Soar to $213B in 2025

A new Gartner forecast shows global cybersecurity spending is expected to climb to $213 billion this year, up from $193 billion in 2024 with projections pointing to $240 billion by 2026. Growth is fueled by escalating threats, tougher compliance rules, and the surge in AI-powered workloads, especially in cloud environments. Investments in security software are increasing, with spending rising from $95 billion in 2024 to an anticipated $121 billion by 2026, while security services (including managed service providers) are also seeing notable demand.

➡️ Read more

Kevin Lewis
Senior Consultant, Cybersecurity Consulting

CISO Pick of the Month:

Webinar: What Makes a “Great” Penetration Test?

Not all pentests are created equal. My colleague Larry Kinkaid is joining the penetration testing experts at Psicurity next month for a webinar breaking down what a high-quality web application pentest should look like—from scoping and methodology to reporting and remediation. Learn more and save your spot now.

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.