Week in review: WSUS vulnerability exploited to drop Skuld infostealer, PoC for BIND 9 DNS flaw published
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Can your earbuds recognize you? Researchers are working on it
Biometric authentication has moved from fingerprints to voices to facial scans, but a team of researchers believes the next step could be inside the ear. New research explores how the ear canal’s unique acoustic properties can be used to verify identity through wireless earbuds. Their system, called EarID, shows that ear canal scanning could one day become a practical security method for mobile devices.
Review: The Wireless Cookbook
The Wireless Cookbook is a project-centered guide to working with Wi-Fi, Bluetooth, and LoRa, written with the Raspberry Pi as the main platform. It is aimed at people who learn through building, experimenting, and breaking things to understand how they work.
Managing legacy medical devices that can no longer be patched
In this Help Net Security interview, Patty Ryan, Senior Director and CISO at QuidelOrtho, discusses how the long lifecycles of medical devices impact cybersecurity in healthcare environments. She explains how organizations can protect legacy systems, collaborate with vendors, and adopt proactive, risk-based strategies.
Proximity: Open-source MCP security scanner
Proximity is a new open-source tool that scans Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources that a server makes available, and it can evaluate how those elements might introduce security risks. The tool also work with NOVA, a rule engine that checks for issues such as prompt injection or jailbreak attempts.
Early reporting helps credit unions stop fraudulent transfers faster
In this Help Net Security interview, Carl Scaffidi, CISO at VyStar Credit Union, discusses how credit unions are adapting to an evolving fraud landscape and strengthening payment security. As cybercriminals leverage social engineering and AI-driven tactics, Scaffidi explains how innovation in authentication, real-time monitoring, and member education can enhance security without sacrificing the member experience.
AI agents can leak company data through simple web searches
When a company deploys an AI agent that can search the web and access internal documents, most teams assume the agent is simply working as intended. New research shows how that same setup can be used to quietly pull sensitive data out of an organization. The attack does not require direct manipulation of the model. Instead, it takes advantage of what the model is allowed to see during an ordinary task.
How the City of Toronto embeds security across governance and operations
In this Help Net Security interview, Andree Noel, Deputy CISO at City of Toronto, discusses how the municipality strengthens its cyber defense by embedding security into strategic objectives and digital governance. She outlines the City’s approach to addressing evolving threats and modernizing legacy systems.
How neighbors could spy on smart homes
Even with strong wireless encryption, privacy in connected homes may be thinner than expected. A new study from Leipzig University shows that someone in an adjacent apartment could learn personal details about a household without breaking any encryption. By monitoring the wireless traffic of nearby smart devices, the “nosy neighbor” can infer what people are doing, when they are home, and even which room they are in.
You can’t audit how AI thinks, but you can audit what it does
In this Help Net Security interview, Wade Bicknell, Head, IT Security & Operations, CFA Institute, discusses how CISOs can use AI while maintaining security and governance. He explains why AI presents both defensive opportunities and emerging risks, and how leadership must balance innovation, control, and accountability in cybersecurity.
Ransomware, extortion groups adapt as payment rates reach historic lows
Ransomware groups are facing an economic downturn of their own: In Q3 2025, only 23 percent of victims paid a ransom, and for data theft incidents that involved no encryption, the payment rate dropped to just 19 percent, according to Coveware.
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign
CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver LeetAgent, suspected commercial spyware.
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778)
A high-severity vulnerability (CVE-2025-40778) affecting BIND 9 DNS resolvers could be leveraged by remote, unauthenticated attackers to manipulate DNS entries via cache poisoning, allowing them to redirect Internet traffic to potentially malicious sites, distribute malware, or intercept network traffic.
Python Foundation rejects US government grant earmarked for security improvements
The Python Software Foundation (PSF) has rejected a $1.5 million government grant due to restrictive conditions that would force the foundation to betray its mission and its community, the programming non-profit announced on Monday.
Sanctions won’t stop cyberattacks, but they can still “bite”
Sanctions are one of the tools Western governments use when they want to hit back at state-sponsored cyber threat actors. But do they actually work? That’s the question a group of current and former cybersecurity officials, analysts, and researchers tackled at the Royal United Services Institute (RUSI), a London-based think tank focused on defense and security.
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers.
Shadow AI: New ideas emerge to tackle an old problem in new form
Shadow AI is the second-most prevalent form of shadow IT in corporate environments, 1Password’s latest annual report has revealed.
CISA and partners take action as Microsoft Exchange security risks mount
In partnership with international cybersecurity agencies, the US Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) outlined security best practices for organizations that use on-premises versions of Microsoft Exchange Server.
DDoS, data theft, and malware are storming the gaming industry
When the pandemic kept people at home in 2020, millions turned to games for an escape. The surge turned every console, PC, and phone into part of a vast online network. More players meant more logins, payments, and personal data. That created a target larger than the industry had ever faced.
Dependency-Track: Open-source component analysis platform
Software is a patchwork of third-party components, and keeping tabs on what’s running under the hood has become a challenge. The open-source platform Dependency-Track tackles that problem head-on. Rather than treating software composition as a one-time scan, it continuously monitors every version of every application, giving organizations a live view of risk across their entire portfolio.
Chain of security weaknesses found in smart air compressor model
Contractors and workshops often rely on air compressors to power their tools and keep projects running. But when those compressors are connected to the internet, convenience can introduce new risks. Researchers at George Mason University found that the California Air Tools CAT-10020SMHAD smart air compressor contains a chain of security vulnerabilities that could allow an attacker to disrupt operations or tamper with usage data.
Scammers target international students by threatening their visa status
In 2025, the U.S. government revoked thousands of visas from international students, often without warning or explanation. According to a newly released study, this opened a door for scammers. Posing as government officials, police, or university staff, they took advantage of students’ fear of losing their status. Researchers interviewed students to learn how they experience these scams and what universities can do to help.
OpenAI’s gpt-oss-safeguard enables developers to build safer AI
OpenAI is releasing a research preview of gpt-oss-safeguard, a set of open-weight reasoning models for safety classification. The models come in two sizes: gpt-oss-safeguard-120b and gpt-oss-safeguard-20b. Both are fine-tuned versions of the gpt-oss open models and available under the Apache 2.0 license, allowing anyone to use, modify, and deploy them freely.
SUSE Linux Enterprise Server 16 puts AI in the operating system
SUSE has released SUSE Linux Enterprise Server (SLES) 16, calling it AI-ready and built for long-term use. The release marks the first major update in the Enterprise Server line in more than five years and signals a new direction for how Linux might integrate with AI tools in the future.
Your photo could be all AI needs to clone your voice
A photo of someone’s face may be all an attacker needs to create a convincing synthetic voice. A new study from Australia’s national science agency explores this possibility, testing how well deepfake detectors perform against FOICE (Face-to-Voice), an attack attack method that generates speech from photos.
AI chatbots are sliding toward a privacy crisis
AI chat tools are taking over offices, but at what cost to privacy? People often feel anonymous in chat interfaces and may share personal data without realizing the risks. Cybercriminals see the same opening, and it may only be a matter of time before information shared in an AI chatbot conversation ends up in a major data leak.
How to stop third-party risk from becoming your biggest headache
In this Help Net Security video, Robert Kraczek, Global IAM Strategist at One Identity, takes a deep dive into the growing problem of third-party cyber exposure and what it means for enterprise security.
The secret to audit success? Think like your auditor
In this Help Net Security video, Doug Kersten, CISO at Appfire, shares practical, experience-driven advice on how CISOs can avoid the most common mistakes when preparing for an audit. He breaks down what often frustrates auditors, why organization and clear communication make such a difference, and how to make your audit process smoother from start to finish.
Product showcase: Neo Network Utility makes network checks simple
Network Utility was the go-to macOS app for quick network checks. It gave you a graphical way to run tools like Ping, Traceroute, and Port Scan, no Terminal required. But starting with macOS Big Sur, Apple decided to retire it as part of its system overhaul. If you’re not a fan of typing commands into Terminal, there’s good news: Neo Network Utility by DEVONtechnologies is a free replacement that brings back the Network Utility feel.
AI writes code like a junior dev, and security is feeling it
The industry is entering a phase where code is being deployed faster than it can be secured, according to OX Security. Findings from the Army of Juniors: The AI Code Security Crisis report show that AI-generated code often appears clean and functional but hides structural flaws that can grow into systemic security risks.
72 states sign first global UN Convention against Cybercrime
Adopted by the UN General Assembly in December 2024, the UN Convention against Cybercrime will enter into force 90 days after its 40th ratification. Once in force, a Conference of the States Parties will meet periodically to strengthen national capacities, enhance cooperation, and review implementation to achieve the Convention’s objectives.
Email breaches are the silent killers of business growth
78% of organizations were hit by an email breach in the past 12 months, according to the Email Security Breach Report 2025 by Barracuda. Phishing, impersonation, and account takeover continue to drive incidents that often lead to ransomware and data loss.
Hottest cybersecurity open-source tools of the month: October 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
WhatsApp now lets you secure chat backups with passkeys
Messaging service WhatsApp is launching passkey-encrypted chat backups for iOS and Android, allowing users to encrypt their stored message history using their face, fingerprint, or device screen-lock code.
Passwordless adoption moves from hype to habit
With the average person juggling more than 300 credentials and credential abuse still the top attack vector, the password’s decline is long overdue. Across every major sector, organizations are changing how users log in, and new data shows the shift is picking up speed.
eBook: A quarter century of Active Directory
Active Directory (AD) remains the backbone of enterprise identity and a prime target for attackers. Explore its 25-year history, evolving risks, and how organizations can modernize password security.
Cybersecurity jobs available right now: October 28, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Product showcase: Syteca – The human-centric insider threat management platform
For organizations with lean IT resources, the human factor becomes the biggest blind spot, often resulting in costly breaches, compliance failures, and loss of trust. The Syteca cybersecurity platform could prevent all that.
Infosec products of the month: October 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Acronis, Akeyless, Axoflow, Blumira, Cayosoft, Confluent, Corelight, Elastic, Illumio, Legit Security, Netscout, NowSecure, Nozomi Networks, Palo Alto Networks, Picus Security, Privado, Radiflow, Rubrik, Semperis, TELUS, and ZEST Security.