SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.
We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.
Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.
Here are this week’s stories:
Microsoft announces updates to key security offerings
Microsoft announced that its SIEM and SOAR solution Sentinel has evolved into a unified AI-ready platform that connects users, agents, devices, actions, and risks across the security environment. This enables defenders to trace attack paths, assess blast radius, and prioritize responses with greater clarity. Security Copilot builds on this foundation, allowing teams to create custom AI agents (no coding required) that integrate seamlessly into daily workflows. With built-in guardrails, companies can scale agents confidently, knowing their digital labor is backed by enterprise-grade security. In addition, the launch of the new Microsoft Security Store simplifies the discovery and deployment of agents and solutions and allows customers to leverage Microsoft’s ecosystem of security partners to implement new agents.
BBC journalist offered money in a plot to create an insider threat
A BBC journalist was offered a significant amount of money by cybercriminals who sought to hack into BBC’s network in hopes of stealing valuable data and leveraging it for a ransom. The journalist engaged with the hacker for several days to gather information. The hackers seemed skilled and the BBC’s security team decided to temporarily disconnect him completely from the organization’s network as a precaution.
FEMA and CBP data stolen via Citrix exploitation
A Citrix product vulnerability dubbed CitrixBleed 2 is believed to have been exploited in an attack that resulted in employee data being stolen from the Federal Emergency Management Agency (FEMA) and Customs and Border Protection (CBP), Nextgov reported. The incident may have led to FEMA technology staff being fired over their handling of the situation.
LinkedIn user data will train AI
LinkedIn users who do not want their data to be used for AI training have one month to take action. LinkedIn will start sharing profile data, job-related data, and content with Microsoft and its affiliates for AI training on November 3. The data collection will be enabled by default, but users can opt out by going to Settings → Data privacy → Data for Generative AI improvement. There is also a form where users can object to the processing of their data for AI training.
Android users in UAE targeted with new spyware
ESET has analyzed two new spyware families targeting Android users in the United Arab Emirates. The malware, named ProSpy and ToSpy, is disguised as the Signal and ToTok apps. The malicious applications are not distributed through official app stores and they require manual installation. One of the websites distributing ToSpy mimicked the Samsung Galaxy Store. Both spyware families continually exfiltrate sensitive data and files from Android devices.
Tile tracker vulnerabilities
Researchers have analyzed the location-tracking protocol of Tile trackers. They identified several critical vulnerabilities and design flaws that contradict the company’s security and privacy claims. Their findings indicate that Tile’s servers can permanently track the location of all tags, unprivileged adversaries can track users through Bluetooth, and the anti-theft features are easily compromised.
Milesight industrial cellular routers abused for phishing
Sekoia has warned that Milesight industrial cellular routers, which are known to have been targeted by threat actors, are being abused for an SMS phishing campaign targeting users in Belgium and elsewhere. An analysis found that 18,000 routers are accessible on the internet, and at least 572 are potentially vulnerable to attacks.
Google guidance for protecting against attacks of Salesforce hackers
Google Cloud has released proactive hardening recommendations that can aid organizations in protecting their systems against attacks conducted by UNC6040, the threat actor behind the recent Salesforce data theft and extortion campaign, which has impacted several major organizations.
Post-quantum cryptography adoption
Post-quantum cryptography (PQC) support for SSH servers has increased to 8.5% of all SSH servers and 26% of OpenSSH servers. However, the adoption of TLS 1.3, which supports PQC, has remained at 19%, according to an analysis by Forescout. IoT, OT, IoMT and network devices have a much lower adoption of PQC for SSH than traditional IT devices. In terms of PQC adoption across industries, professional and business services have the highest adoption rates, while manufacturing, oil and gas, and mining account for the lowest adoption.
Related: In Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus Vulnerability
Related: In Other News: 600k Hit by Healthcare Breaches, Major ShinyHunters Hacks, DeepSeek’s Coding Bias
