Everyone’s adopting AI, few are managing the risk
AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing …
New infosec products of the week: October 17, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Aura, Bitsight, Blumira, Cayosoft, Corelight, Netcraft, and Picus Security. Picus …
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited …
When trusted AI connections turn hostile
Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers …
Identifying risky candidates: Practical steps for security leaders
Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface …
Everyone wants AI, but few are ready to defend it
The rush to deploy AI is reshaping how companies think about risk, according to Cisco. A global study finds that while most organizations are moving quickly to adopt AI, many …
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks. A robot that …
The password problem we keep pretending to fix
Experts across industries say they are still losing ground against identity-related breaches, even after years of investment in stronger access controls, according to RSA. …
F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security …
Microsoft patches three zero-days actively exploited by attackers
On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and …
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam
The U.S. government has seized about $15 billion worth of Bitcoin connected to what prosecutors call one of the largest cryptocurrency fraud and human trafficking operations …
A safer way to break industrial systems (on purpose)
Cybersecurity teams often struggle to test defenses for industrial control systems without risking disruption. A group of researchers from Curtin University has developed a …
Featured news
Resources
Don't miss
- Inside Microsoft’s veteran-to-tech workforce pipeline
- Brakeman: Open-source vulnerability scanner for Ruby on Rails applications
- Incident response lessons learned the hard way
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years