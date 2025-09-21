Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Most enterprise AI use is invisible to security teams

Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance.

Arkime: Open-source network analysis and packet capture system

Arkime is an open-source system for large-scale network analysis and packet capture. It works with your existing security tools to store and index network traffic in standard PCAP format, making it easy to search and access.

Building security that protects customers, not just auditors

In this Help Net Security interview, Nir Rothenberg, CISO at Rapyd, discusses global differences in payment security maturity and the lessons that can be learned from leading regions. He points out that good engineering usually leads to strong security, and cautions against just going through the motions to meet compliance requirements.

Creating a compliance strategy that works across borders

In this Help Net Security interview, Marco Goldberg, Managing Director at EQS Group, discusses how compliance and regulation are evolving worldwide. He talks about how organizations can stay compliant with international rules while keeping their systems practical and user-friendly.

How a fake ICS network can reveal real cyberattacks

Researchers have introduced a new way to study and defend against ICS threats. Their project, called ICSLure, is a honeynet built to closely mimic a real industrial environment.

Behind the scenes of cURL with its founder: Releases, updates, and security

In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of testing, reviewing, and refining its code to minimize risks.

LLMs can boost cybersecurity decisions, but not for everyone

LLMs are moving fast from experimentation to daily use in cybersecurity. Teams are starting to use them to sort through threat intelligence, guide incident response, and help analysts handle repetitive work. But adding AI into the decision-making process brings new questions: When do these tools actually improve performance, and when might they create blind spots?

Phishing campaign targets Rust developers

Developers publishing crates (binaries and libraries written in Rust) on crates.io, Rust’s main public package registry, have been targeted with emails echoing the recent npm phishing campaign.

Ransomware attackers used incorrectly stored recovery codes to disable EDR agents

All target organizations are different, but ransomware attackers are highly adaptive and appreciate – and will exploit – any mistake you make.

Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack

A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry.

Microsoft disrupts the RaccoonO365 Phishing-as-a-Service operation, names alleged leader

Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation selling the RaccoonO365 kit for stealing Microsoft 365 account credentials.

Many networking devices are still vulnerable to pixie dust attack

Despite having been discovered and reported in 2014, the vulnerability that allows pixie dust attacks still impacts consumer and SOHO networking equipment around the world, NetRise researchers have confirmed.

Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)

Google has released a security update for the Chrome stable channel to fix a zero‑day vulnerability (CVE-2025-10585) reported by its Threat Analysis Group (TAG) on Tuesday.

SonicWall says attackers compromised some firewall configuration backup files

Between attackers exploiting 0-day and n-day vulnerabilities in the company’s firewalls and Secure Mobile Access appliances, SonicWall and its customers have had a tough year.

AI video surveillance could end privacy as we know it

AI-powered video surveillance brings up big questions about privacy. On one hand, it can make us feel safer, but on the other, it can easily cross the line into intrusion. The more we let technology watch and track our behavior, the harder it is to know where privacy stops and surveillance starts.

Google introduces VaultGemma, a differentially private LLM built for secure data handling

Google has released VaultGemma, a large language model designed to keep sensitive data private during training. The model uses differential privacy techniques to prevent individual data points from being exposed, which makes it safer for handling confidential information in sectors like healthcare, finance, and government.

GitHub adds post-quantum protection for SSH access

GitHub is adding post-quantum cryptography to secure SSH connections, a move that signals the company’s preparation for a time when current encryption may no longer be safe.

AI made crypto scams far more dangerous

The first half of 2025 saw one of the worst waves of crypto hacks to date, with more than $3.01 billion stolen. AI was a big part of it, making scams easier to run and letting even low-skill criminals get in on the action.

LinkedIn now uses your data for AI by default, opt out now!

LinkedIn is making major changes to its User Agreement and Privacy Policy, effective November 3, 2025. Among the most notable updates, the company will now use member data by default to improve its generative AI models, unless users manually opt out.

Shifting supply chains and rules test CPS security strategies

Cyber-physical systems are getting harder to protect as the business landscape keeps shifting. Economic pressures, supply chain changes, and new regulations are creating more openings for attackers while complicating how organizations manage security.

What could a secure 6G network look like?

The official standards for 6G are set to be announced by the end of 2029. While the industry is moving towards consensus around how the 6G network will be built, it also needs to anticipate how it will be compromised and make sure to build it with a secure-by-design approach.

Why neglected assets are the hidden threat attackers love to find

In this Help Net Security video, Tim Chase, Tech Evangelist at Orca Security, explores one of the most overlooked cybersecurity risks: neglected assets.

Bots vs. humans? Why intent is the game-changer

In this Help Net Security video, Jérôme Segura, VP of Threat Research at Datadome, explains why intent, not just identifying bots, must be the new focus for cybersecurity teams.

The real-world effects of EU’s DORA regulation on global businesses

In this Help Net Security video, Matt Cooper, Director of Governance, Risk, and Compliance at Vanta, discusses the EU’s Digital Operational Resilience Act (DORA) and its effects six months after it went into effect. DORA is the first EU-wide framework for managing ICT risk in the financial sector, designed to strengthen digital resilience and reduce systemic risk.

Static feeds leave intelligence teams reacting to irrelevant or late data



Boards and executives are not asking for another feed of indicators. They want to know whether their organization is being targeted, how exposed they are, and what steps need to be taken. A new report from Flashpoint argues that most current intelligence models cannot keep up with these demands and that primary source collection (PSC) should become the standard approach.

OT security needs continuous operations, not one-time fixes

Cyberattacks keep hitting the OT systems that critical infrastructure operators run, according to new research from Forrester. In a survey of 262 OT security decision-makers, 91% reported at least one breach or system failure caused by a cyberattack in the past 18 months.

Old file types, new tricks: Attackers turn everyday files into weapons

Attackers are finding new ways to blend in with everyday business tools, hiding their activity inside formats and processes that workers and IT teams often trust. The latest quarterly Threat Insights Report from HP Wolf Security shows how attackers continue to adapt, making it harder for defenses to keep up.

Rayhunter: EFF releases open-source tool to detect cellular spying

The Electronic Frontier Foundation (EFF) has released Rayhunter, a new open-source tool designed to detect cell site simulators (CSS). These devices, also known as IMSI catchers or Stingrays, mimic cell towers to trick phones into connecting so they can collect data.

Global hiring risks: What you need to know about identity fraud and screening trends

Hiring new employees has always carried some risk, but that risk is growing in new ways, and identity fraud is becoming more common in the hiring process. HireRight’s 2025 Global Benchmark Report takes a close look at how organizations around the world are handling background screening.

Shadow AI is breaking corporate security from within

Cybersecurity leaders know the attack surface has been growing for years, but the latest State of Information Security Report 2025 from IO shows how fast new risks are converging. Drawing on responses from more than 3,000 security professionals in the UK and US, the report points to three areas shaping board-level conversations this year: AI, compliance, and supply chain security.

The unseen side of malware and how to find it

Security teams rely on threat reports to understand what’s out there and to keep their organizations safe. But a new report shows that these reports might only reveal part of the story. Hidden malware variants are quietly slipping past defenses, leaving teams with a false sense of security.

Researchers believe Gamaredon and Turla threat groups are collaborating

ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia’s primary intelligence agency, the FSB, and were found working in tandem to target high-profile organizations in Ukraine.

Product showcase: Exaforce – The full lifecycle AI SOC platform

By combining a unique multi-model AI purpose-built for security operations with agentic automation and advanced data exploration capabilities, Exaforce delivers an agentic AI SOC platform that detects what others miss, filters out false positives, automates investigations, orchestrates response, and saves costs all in one place; available as a SaaS platform or fully managed MDR service.

Product showcase: Clean Links exposes what’s hiding behind a QR code

Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams while saving you time and frustration.

Cybersecurity jobs available right now: September 16, 2025

We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: September 19, 2025

Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, Catchpoint, Nagomi Security, Neon Cyber, and QuSecure.