Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Creative cybersecurity strategies for resource-constrained institutions
In this Help Net Security interview, Dennis Pickett, CISO at RTI International, talks about how research institutions can approach cybersecurity with limited resources and still build resilience. He discusses the tension between open research and the need to protect sensitive information, noting that workable solutions come from understanding how people get their jobs done.
Smart grids are trying to modernize and attackers are treating it like an invitation
In this Help Net Security interview, Sonia Kumar, Senior Director Cyber Security at Analog Devices, discusses how securing decentralized smart grids demands a shift in defensive strategy. Millions of distributed devices are reshaping the attack surface, and she explains why utilities must rethink threats, resilience, and trust.
Cryptomixer crypto laundering service taken down by law enforcement
German and Swiss law enforcement agencies have taken down Cryptomixer, an illegal cryptocurrency mixer service, and have confiscated over 25 million euros (approximately $29 million) in Bitcoin.
How a noisy ransomware intrusion exposed a long-term espionage foothold
Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisier intrusion can draw attention to a far stealthier threat that might otherwise linger undetected for months.
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”.
Massive gambling network doubles as hidden C2 and anonymity infrastructure, researchers say
A sprawling network that’s seemingly maintained to serve (illegal) online gambling opportunities and deliver malware to Indonesian citizens is likely also being used to provide threat actors command and control (C2) and anonymity services.
Max-severity vulnerability in React, Node.js patched, update ASAP (CVE-2025-55182)
A critical vulnerability (CVE-2025-55182) in React Server Components (RSC) may allow unauthenticated attackers to achieve remote code exection on the application server, the React development team warned on Wednesday.
Malicious Rust packages targeted Web3 developers
A malicious Rust crate (package) named evm-units, aimed at stealing cryptocurrency from unsuspecting developers, has been pulled from the official public package registry for the Rust programming language, but not before having been downloaded 7257 times.
What zero trust looks like when you build it step by step
In this Help Net Security video, Jonathan Edwards, Managing Director at KeyData Cyber, walks us through what practical zero trust adoption looks like in stages. He explains why he dislikes the term itself, then shifts to steps teams can follow without getting stuck in theory.
What security leaders should watch for when companies buy or sell a business
In this Help Net Security video, Lane Sullivan, SVP, CISO and Strategy Officer at Concentric AI, explains what security leaders should think about during mergers, acquisitions, and divestitures.
Enterprise password audits made practical for busy security teams
Security teams carry a heavy load, and password risk is one of the most overlooked parts of that workload. Every year new systems, cloud tools, and shared services add more credentials into the mix. Some sit in proper vaults, others drift into documents, chat threads, or temporary workspaces.
Offensive cyber power is spreading fast and changing global security
Offensive cyber activity has moved far beyond a handful of major powers. More governments now rely on digital operations to project influence during geopolitical tension, which raises new risks for organizations caught in the middle. A new policy brief from the Geneva Centre for Security Policy examines how these developments influence international stability and what steps could lower the chance of dangerous escalation.
Treating MCP like an API creates security blind spots
In this Help Net Security interview, Michael Yaroshefsky, CEO at MCP Manager, discusses how Model Context Protocol’s (MCP) trust model creates security gaps that many teams overlook and why MCP must not be treated like a standard API. He explains how misunderstandings about MCP’s runtime behavior, governance, and identity requirements can create exposure. With MCP usage expanding across organizations, well-defined controls and a correct understanding of the protocol become necessary.
MuddyWater cyber campaign adds new backdoors in latest wave of attacks
ESET researchers say an Iran aligned threat group is refining its playbook again, and the latest activity shows how much its tactics have shifted. MuddyWater is a long running cyberespionage group, and new findings points to a campaign that hits a range of organizations in Israel, with one confirmed victim in Egypt.
Global law enforcement actions put pressure on cybercrime networks
In 2025, law enforcement agencies disrupted the infrastructure and operations of established cybercriminal groups. These groups shift across borders, and the agencies pursuing them are adjusting to that.
AI vs. you: Who’s better at permission decisions?
A single tap on a permission prompt can decide how far an app reaches into a user’s personal data. Most of these calls happen during installation. The number of prompts keeps climbing, and that growing pressure often pushes people into rushed decisions or choices that feel a bit random. A new research examines whether LLMs can step in and make these choices on the user’s behalf.
A day in the life of the internet tells a bigger story
On any given day, the internet carries countless signals that hint at how networks behave behind the scenes. Researchers from RIPE NCC and several universities found a way to capture a detailed snapshot of that activity by studying one day of data from the RIPE Atlas measurement platform. What they uncovered shows how much insight sits inside routine network checks that most people never see.
The weekend is prime time for ransomware
Over half of organizations that experienced a ransomware event in the past year were hit during a weekend or holiday, according to a Semperis report. Those periods often come with thin staffing, slower investigation, and fewer eyes on identity systems. Intruders know that reduced attention allows them to move deeper before alarms are raised.
The collapse of trust at the identity layer
Identity verification has become the latest front in the fight against industrialized fraud, according to a new report from Regula. The shift is visible across sectors that once relied on predictable verification routines. Criminals have learned to target the identity step itself, and the impact is spreading through financial services, healthcare, telecoms, crypto platforms, and aviation.
Attackers keep finding new ways to fool AI
AI development keeps accelerating while the safeguards around it move on uneven ground, according to The International AI Safety Report. Security leaders are being asked to judge exposure without dependable benchmarks.
Threat intelligence programs are broken, here is how to fix them
Security teams often gather large amounts of threat data but still struggle to improve detection or response. Analysts work through long lists of alerts, leaders get unclear insights, and executives see costs that do not lead to better outcomes. A recent report from ISACA notes that this gap remains wide across enterprises, and explains that organizations collect information at a pace that makes it hard to understand what matters.
CISOs are questioning what a crisis framework should look like
CISOs increasingly assume the next breach is coming. What concerns them most is whether their teams will understand the incident quickly enough to limit the fallout. A recent report by Binalyze looks at how investigation practices are holding up across large US enterprises.
Portmaster: Open-source application firewall
Portmaster is a free and open source application firewall built to monitor and control network activity on Windows and Linux. The project is developed in the EU and is designed to give users stronger privacy without asking them to manage every rule by hand.
The quantum clock is ticking and businesses are still stuck in prep mode
Quantum computing is still years away from breaking current encryption, but many security teams are already worried about what happens when that moment arrives. A new report from the Trusted Computing Group (TCG) shows that most businesses say they grasp the threat, but almost none have the planning or technical groundwork needed to handle a shift to post quantum cryptography.
Data brokers are exposing medical professionals, and turning their personal lives into open files
Large amounts of personal information about medical professionals are available on people search sites. A new analysis by Incogni’s researchers shows how much data about doctors appears online and how easily it can be found. The findings should concern healthcare leaders who support staff safety, workforce protection, and clinical operations.
Building the missing layers for an internet of agents
Cybersecurity teams are starting to think about how large language model agents might interact at scale. A new paper from Cisco Research argues that the current network stack is not prepared for this shift. The work proposes two extra layers on top of the application transport layer to help agents communicate in a structured way and agree on shared meaning before they act.
Product showcase: UserLock IAM for Active Directory
UserLock brings modern identity and access management (IAM) to Active Directory, adding granular multi-factor authentication (MFA), contextual access controls, single sign-on (SSO) and real-time session management. It helps AD-first teams secure logons and govern access to network and SaaS resources without overhauling their identity stack.
Cybersecurity jobs available right now: December 2, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: December 5, 2025
Here’s a look at the most interesting products from the past week, featuring releases from BlackFog, Datadog, Forward Edge-AI, SandboxAQ, and Upwind.