Week in review: Stealth-patched FortiWeb vulnerability under active exploitation, Logitech data breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
The tech that turns supply chains from brittle to unbreakable
In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys, discusses how organizations can strengthen supply chain resilience through a more unified and forward-looking strategy. Kelian also shares how new technologies and a blended view of cyber and physical risk are changing the way teams think about strategy and long-term planning.
What security pros should know about insurance coverage for AI chatbot wiretapping claims
In this Help Net Security interview, Stephanie Gee, Insurance Recovery Counsel at Reed Smith, discusses the development of these privacy claims as they pertain to AI bots and common coverage issues and solutions for security professionals as they seek to protect against these risks.
Five men admit helping North Korean IT workers infiltrate US companies
US federal prosecutors have secured guilty pleas from five men who helped North Korean IT workers get hired by companies in the United States. This group of domestic facilitators helped a sanctioned government move money, slip past hiring checks, and place foreign workers inside more than one hundred American firms, the US Department of Justice (DoJ) says.
Logitech confirms data breach
Logitech, the Swiss multinational electronics and technology company best known for marketing computer peripherals and hardware, has suffered a data breach. The company says that the exfiltrated data “likely included limited information about employees and consumers, and data relating to customers and suppliers”, and that it “does not believe any sensitive personal information, such as national ID numbers or credit card information, was housed in the impacted IT system.”
Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
Google has shipped an emergency fix for a Chrome vulnerability (CVE-2025-13223) reported as actively exploited in the wild by its Threat Analysis Group (TAG).
Internet slowly recovers after far-reaching Cloudflare outage
A currently undisclosed issue has crippled Cloudflare’s network and has rendered a large swathe of internet’s most popular sites and services temporily inaccessible today.
Stealth-patched FortiWeb vulnerability under active exploitation (CVE-2025-58034)
Attackers are actively exploiting another FortiWeb vulnerability (CVE-2025-58034) that Fortinet fixed without making its existence public at the time.
Public PoC exploit for 7-Zip vulnerability is available (CVE-2025-11001)
NHS England Digital, the technology arm of the publicly-funded health service for England, has issued a warning about a 7-Zip vulnerability (CVE-2025-11001) and a public PoC exploit for it.
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices
A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app.
Security gap in Perplexity’s Comet browser exposed users to system-level attacks
There is a serious security problem inside Comet, the AI-powered agentic browser made by Perplexity, SquareX researchers say: Comet’s MCP API allows the browser’s built-in (but hidden from the user) extensions to issue commands directly to a user’s device, and the capability can be leveraged by attackers.
Salesforce investigates new incident echoing Salesloft Drift compromise
In what may be a repeat of the Salesloft Drift supply chain compromise, Salesforce confirmed that they’ve identified unusual activity involving Gainsight-published apps connected to Salesforce. More: Early findings and customer guidance.
The year ahead in cyber: What’s next for cybersecurity in 2026
In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst at Symantec, outlines the major cyber risks expected in 2026. He explains that attackers are often breaching networks by targeting people instead of exploiting software flaws. The Shiny Hunters’ 2025 attack on Salesforce users is one example, where phishing and fake OAuth apps were used to steal data and demand ransom.
How to cut security tool sprawl without losing control
In this Help Net Security video, Jon Taylor, Director and Principal of Security at Versa Networks, talks about how organizations can deal with security tool sprawl. He explains why many teams end up with too many tools, especially as zero trust introduces more features and requirements. Taylor notes that there is no single method that works for everyone since each company has its own needs and policies.
How one quick AI check can leak your company’s secrets
In this Help Net Security video, Dinesh Nagarajan, Global Partner, Cyber Security Services at IBM Consulting, walks through a situation in which an employee shared production source code with a public AI tool. The tool learned from the code, including special formulas used in a fintech app, which created the risk that similar answers could later be given to other users. The video shows how this kind of action can weaken a company’s position and even reveal information that belongs to partners or clients.
Strix: Open-source AI agents for penetration testing
Security teams know that application flaws tend to show up at the worst time. Strix presents itself as an open source way to catch them earlier by using autonomous agents that behave like human attackers. These agents run code, explore an application, uncover weaknesses, and prove those findings with working proof of concepts.
The privacy panic around machine learning is overblown
We often hear warnings about how machine learning (ML) models may expose sensitive information tied to their training data. The concern is understandable. If a model was trained on personal records, it may seem reasonable to assume that releasing it could reveal something about the people behind those records. A study by Josep Domingo-Ferrer examines this assumption and finds that the situation is less threatening than current discussions suggest.
The long conversations that reveal how scammers work
Online scammers often take weeks to build trust before making a move, which makes their work hard to study. A research team from UC San Diego built a system that does the patient work of talking to scammers at scale, and the result offers a look into how long game fraud unfolds. Their system, called CHATTERBOX, uses synthetic personas, an LLM driven conversational engine, and human oversight to gather conversations that stretch across platforms and formats.
Threat group reroutes software updates through hacked network gear
Sometimes an attack hides in the most ordinary corner of a network. ESET researchers say a China aligned threat group known as PlushDaemon has been quietly using hacked routers to steer software updates toward its own servers. The discovery shows how a small foothold in a single device can become a path into global targets.
BlueCodeAgent helps developers secure AI-generated code
When AI models generate code, they deliver power and risk at the same time for security teams. That tension is at the heart of the new tool called BlueCodeAgent, designed to help developers and security engineers defend against code-generation threats.
Google Play Store’s privacy practices still confuse Android users
Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play Store, those privacy sections often leave people scratching their heads. A new study looks at how users read these parts of an app listing and how their reactions affect the risks they believe they are taking.
Is your password manager truly GDPR compliant?
Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security teams rush to uncover who had access, how those passwords were stored and whether sensitive data was exposed. The General Data Protection Regulation (GDPR) amplifies this pressure because it demands strong protection for personal information at every stage of its life cycle. A password manager that falls short can trigger violations, investigations and operational disruption.
The next tech divide is written in AI diffusion
AI is spreading faster than any major technology in history, according to a Microsoft report. More than 1.2 billion people have used an AI tool within three years of the first mainstream releases. The growth is fast, but it puts uneven pressure on governments, industries, and security teams.
The internet isn’t free: Shutdowns, surveillance and algorithmic risks
Global internet freedom has declined for the 15th straight year, according to the latest Freedom House report. Out of 72 countries evaluated, 28 recorded declines and 17 saw improvements.
Agentic AI puts defenders on a tighter timeline to adapt
Security teams know that attackers rarely wait for defenders to be ready. The latest AI Maturity in Cybersecurity Report from Arkose Labs shows how quickly the threat landscape is shifting and how slowly organizations can respond in comparison. Attackers test new automation, defenders invest in new tools and the timeline between the two keeps shrinking.
How attackers use patience to push past AI guardrails
Most CISOs already assume that prompt injection is a known risk. What may come as a surprise is how quickly those risks grow once an attacker is allowed to stay in the conversation. A new study from Cisco AI Defense shows how open weight models lose their footing over longer exchanges, a pattern that raises questions about how these models should be evaluated and secured.
Metis: Open-source, AI-driven tool for deep security code review
Metis is an open source tool that uses AI to help engineers run deep security reviews on code. Arm’s product security team built Metis to spot subtle flaws that are often buried in large or aging codebases where traditional tools struggle.
When IT fails, OT pays the price
State groups, criminal crews, and hybrid operators are all using familiar IT entry points to reach systems that support industrial processes, according to the latest Operational Technology Threat Report from Trellix.
The confidence trap holding security back
Security leaders often feel prepared for a major cyber incident, but performance data shows a different reality. Teams continue to miss key steps during practice scenarios, and the gap between confidence and capability keeps growing. Findings from Immersive’s Cyber Workforce Benchmark Report show the habits that hold readiness back and the areas security leaders must address to make progress.
Convenience culture is breaking personal security
AI is changing how scams are built, shared, and trusted. A new global survey from Bitdefender shows how far the problem has spread.
What insurers really look at in your identity controls
Insurers judge organizations by the strength of their identity controls and by how consistently those controls are applied, according to a new Delinea report. CISOs are entering a market that rewards maturity and penalizes gaps that once passed without scrutiny.
Research shows identity document checks are missing key signals
Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep up. The study analyzes work published from 2020 to 2025, giving security leaders a view of where these systems stand and what is holding them back.
Product showcase: SecAlerts – Relevant, actionable, up-to-the-minute vulnerability alerts
Do you spend countless hours tracking vulnerabilities in order to keep your software secure? Are you looking for a service to make your job easier by providing relevant, actionable vulnerability alerts? SecAlerts does just that. It saves you valuable time by delivering vulnerability alerts containing affected software and versions, as well as remedy information, directly to you.
Product showcase: Proton Pass, a password manager with identity protection
Managing passwords can be a real headache, and it’s still common to fall back on reusing them or storing them in a browser without much protection. Proton Pass, built by the Swiss company Proton AG (the team behind Proton Mail and Proton VPN), takes a more intentional approach that puts privacy front and center.
Cybersecurity jobs available right now: November 18, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Exam prep hacked: Study tips and tricks that really work
Ready to get certified but not sure where to start? Get insider tips and tricks on what to do from day one to test day. Join ISC2-certified instructors and an audience of your peers for this live interactive webinar. Find out what to do in the months, weeks, days and hours leading up to your exam.
New infosec products of the week: November 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bedrock Data, Immersive, Kentik, Minimus, and Synack.