Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Securing real-time payments without slowing them down
In this Help Net Security interview, Arun Singh, CISO at Tyro, discusses what it takes to secure real-time payments without slowing them down. He explains how analytics, authentication, and better industry cooperation can help stay ahead of fraud. Singh also touches on how digital identity and accountability are transforming how trust is built in payments.
Heisenberg: Open-source software supply chain health check tool
Heisenberg is an open-source tool that checks the health of a software supply chain. It analyzes dependencies using data from deps.dev, Software Bills of Materials (SBOMs), and external advisories to measure package health, detect risks, and generate reports for individual dependencies or entire projects.
A new way to think about zero trust for workloads
Static credentials have been a weak point in cloud security for years. A new paper by researchers from SentinelOne takes direct aim at that issue with a practical model for authenticating workloads without long-lived secrets. Instead of relying on static keys, the team proposes using temporary, verifiable tokens that expire within minutes.
How nations build and defend their cyberspace capabilities
In this Help Net Security interview, Dr. Bernhards Blumbergs, Lead Cyber Security Expert at CERT.LV, discusses how cyberspace has become an integral part of national and military operations. He explains how countries develop capabilities to act and defend in this domain, often in coordination with activities in other areas of conflict.
AI can flag the risk, but only humans can close the loop
In this Help Net Security interview, Dilek Çilingir, Global Forensic & Integrity Services Leader at EY, discusses how AI is transforming third-party assessments and due diligence. She explains how machine learning and behavioral analytics help organizations detect risks earlier, improve compliance, and strengthen accountability.
PortGPT: How researchers taught an AI to backport security patches automatically
Keeping older software versions secure often means backporting patches from newer releases. It is a routine but tedious job, especially for large open-source projects such as the Linux kernel. A new research effort has built a tool that uses a large language model to do that work automatically.
OpenGuardrails: A new open-source model aims to make AI safer for real-world use
When you ask a large language model to summarize a policy or write code, you probably assume it will behave safely. But what happens when someone tries to trick it into leaking data or generating harmful content? That question is driving a wave of research into AI guardrails, and a new open-source project called OpenGuardrails is taking a bold step in that direction.
What keeps phishing training from fading over time
When employees stop falling for phishing emails, it is rarely luck. A new study shows that steady, mandatory phishing training can cut risky behavior over time. After one year of continuous simulations and follow-up lessons, employees were half as likely to take the bait.
Metrics don’t lie, but they can be misleading when they only tell IT’s side of the story
In this Help Net Security interview, Rik Mistry, Managing Partner at Interval Group, discusses how to align IT strategy with business goals. He explains how security, governance, and orchestration shape IT operations and why early collaboration between IT and security leaders leads to better outcomes. Mistry also shares his perspective on automation and emerging technologies.
Cyber-espionage campaign mirroring Sandworm TTPs hit Russian and Belarusian military
A spear-phishing campaign aimed to compromise Russian and Belarusian military personnel by using military-themed documents as a lure has been flagged by Cyble and Seqrite security researchers. The goal of the campaign is to get targets to download and open a booby-trapped LNK file masquerading as a PDF, ultimately leading to a complete system compromise.
Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware
A ransomware negotiator and an incident response manager have been indicted in Florida for allegedly conspiring to deploy the ALPHV/BlackCat ransomware against multiple US companies and extorting nearly $1.3 million from one of the victims.
Cybercriminals exploit RMM tools to steal real-world cargo
Cybercriminals are compromising logistics and trucking companies by tricking them into installing remote monitoring and management (RMM) tools, Proofpoint researchers warned.
Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
On Tuesday, CISA added two vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-11371, which affects Gladinet’s CentreStack and Triofox file-sharing and remote access platforms, and CVE-2025-48703, a vulnerability in Control Web Panel (CWP), a web hosting control panel designed for managing servers running CentOS or CentOS-based distributions.
Google uncovers malware using LLMs to operate and evade detection
PromptLock, the AI-powered proof-of-concept ransomware developed by researchers at NYU Tandon and initially mistaken for an active threat by ESET, is no longer an isolated example: Google’s latest report shows attackers are now creating and deploying other malware that leverages LLMs to operate and evade security systems.
SonicWall cloud backup hack was the work of a state actor
Incident responders from Mandiant have wrapped up their investigation into the SonicWall cloud backup service hack, and the verdict is in: the culprit is a state-sponsored threat actor (though the specific nation wasn’t disclosed).
Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354)
Cisco has fixed two critical vulnerabilities (CVE-2025-20358, CVE-2025-20354) affecting Unified Contact Center Express (UCCX), which may allow attackers to bypass authentication, compromise vulnerable installations, and elevate privileges to root.
Attackers upgrade ClickFix with tricks used by online stores
Attackers have taken the ClickFix technique further, with pages borrowing tricks from online sellers to pressure victims into performing the steps that will lead to a malware infection.
Uncovering the risks of unmanaged identities
Every organization manages thousands of identities, from admins and developers to service accounts and AI agents. But many of these identities operate in the shadows, untracked and unprotected. These unmanaged identities quietly expand your attack surface, weaken compliance, and threaten business continuity, posing significant risk. So, how can you uncover, secure, and manage what you can’t see?
November 2025 Patch Tuesday forecast: Windows Exchange Server EOL?
October 2025 Patch Tuesday was one for the record books in so many ways. There was a big push by Microsoft to fix as many open vulnerabilities as possible in products that were reaching end-of-life (EOL). This included 116 CVEs addressed in Windows 10 and an astronomical 134 CVEs addressed in Windows 11, because don’t forget Windows 11 22H2 Enterprise and Education editions also reached EOL.
Cybercriminals have built a business on YouTube’s blind spots
The days when YouTube was just a place for funny clips and music videos are behind us. With 2.53 billion active users, it has become a space where entertainment, information, and deception coexist.
European authorities dismantle €600 million crypto scam network
Nine people have been arrested in a coordinated international operation targeting a large cryptocurrency money laundering network that defrauded victims of more than €600 million. The operation was led by Eurojust, the EU’s judicial cooperation agency, which brought together investigators and prosecutors from France, Belgium, Cyprus, Spain and Germany.
Connected homes: Is bystander privacy anyone’s responsibility?
Smart doorbells, connected cameras, and home monitoring systems have become common sights on doorsteps and living rooms. They promise safety and convenience, but they also raise a problem. These devices record more than their owners. They capture neighbors, visitors, and anyone passing by.
18 arrested in €300 million global credit card fraud scheme
A coordinated international operation has led to 18 arrests in a massive credit card fraud case worth at least €300 million. The effort, led by Eurojust, targeted a network of suspects accused of running fake online subscription services for dating, pornography, and streaming sites. Among those detained were five executives from four German payment service providers.
Enterprises are losing track of the devices inside their networks
Security teams are often surprised when they discover the range and number of devices connected to their networks. The total goes far beyond what appears in agent-based telemetry or old manual asset inventories.
Deepfakes, fraud, and the fight for trust online
In this Help Net Security video, Michael Engle, Chief Strategy Officer at 1Kosmos, explains how deepfakes are changing online identity verification. He describes how fake IDs and synthetic identities are being used for account signups and takeovers.
What shadow AI means for your company’s security
In this Help Net Security video, Peled Eldan, Head of Research at XM Cyber, explains the hidden risks of shadow AI. He describes how employees often use unapproved AI tools at work to save time or solve problems, even when approved tools are available. This behavior, though common, can lead to serious issues such as data leaks, compliance violations, and security blind spots.
Europe’s phone networks are drowning in fake calls
Caller ID spoofing has become one of Europe’s most persistent enablers of cyber fraud. A new position paper from Europol warns that manipulated phone identities now drive much of the continent’s financial and social engineering crime, making it difficult for law enforcement to track perpetrators. The agency estimates global losses at around EUR 850 million a year, with phone and text-based fraud accounting for roughly two thirds of reported scam cases.
Employees keep finding new ways around company access controls
AI, SaaS, and personal devices are changing how people get work done, but the tools that protect company systems have not kept up, according to 1Password. Tools like SSO, MDM, and IAM no longer align with how employees and AI agents access data.
Financial services can’t shake security debt
In financial services, application security risk is becoming a long game. Fewer flaws appear in new code, but old ones linger longer, creating a kind of software “interest” that keeps growing, according to Veracode’s 2025 State of Software Security report.
Google says 2026 will be the year AI supercharges cybercrime
Security leaders are staring down a year of major change. In its Cybersecurity Forecast 2026, Google paints a picture of a threat landscape transformed by AI, supercharged cybercrime, and increasingly aggressive nation-state operations. Attackers are moving faster, scaling their operations with automation.
VulnRisk: Open-source vulnerability risk assessment platform
VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights what matters. The tool is free to use and designed for local development and testing.
Retailers are learning to say no to ransom demands
Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data encryption, recovery costs have dropped, and businesses are bouncing back faster. Yet attackers are demanding more money, and security teams are feeling the strain.
Humans built the problem, AI just scaled it
Information moves across cloud platforms, personal devices, and AI tools, often faster than security teams can track it. Proofpoint’s 2025 Data Security Landscape report shows that most organizations faced data loss last year, usually caused by their own people. With AI agents part of daily operations, security leaders are confronting risks that come from users and from the systems acting on their behalf.
Russia-linked hackers intensify attacks as global APT activity shifts
State-aligned hacking groups have spent the past six months ramping up espionage, sabotage, and cybercrime campaigns across multiple regions, according to ESET’s APT Activity Report covering April through September 2025. The research highlights how operations linked to Russia, China, Iran, and North Korea have evolved in scope and technique, showing that nation-state activity remains a constant source of disruption.
Hospitals are running out of excuses for weak cyber hygiene
Healthcare leaders continue to treat cybersecurity as a technical safeguard instead of a strategic business function, according to the 2025 US Healthcare Cyber Resilience Survey by EY. The study, based on responses from 100 healthcare executives, outlines six areas where hospitals and health systems must act to close resilience gaps that threaten patient care and operations.
Old privacy laws create new risks for businesses
Businesses are increasingly being pulled into lawsuits over how they collect and share user data online. What was once the domain of large tech firms is now a widespread legal risk for companies of all sizes. The latest analysis from cyber insurer Coalition shows that outdated privacy laws are driving a surge in web privacy claims, with small and midsize businesses now common targets.
Product showcase: Cogent Community democratizes vulnerability intelligence with agentic AI
Teams are buried under overlapping feeds, inconsistent formats, and fragmented context. Even with advanced tools, analyzing raw intelligence into prioritized, evidence-based action remains one of the hardest problems in modern security operations. Cogent Security addresses this problem head-on with its industry-first AI taskforce for vulnerability management. And with its newly introduced Cogent Community, the company is now delivering an open-access, free-to-use tool that helps security teams operationalize vulnerability intelligence.
Cybersecurity jobs available right now: November 4, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: November 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Barracuda Networks, Bitdefender, Forescout, and Komodor.