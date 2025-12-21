Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

How researchers are teaching AI agents to ask for permission the right way

People are starting to hand more decisions to AI agents, from booking trips to sorting digital files. The idea sounds simple. Tell the agent what you want, then let it work through the steps. The hard part is what the agent does with personal data along the way. A new research study digs into this problem, and asks a basic question. How should an AI agent know when to use someone’s data without asking every time?

Ro’s CISO on managing data flows in telehealth

In this Help Net Security interview, Scott Bachand, CIO/CISO at Ro, discusses how telehealth reshapes the flow of patient data and what that means for security. He explains why organizations must strengthen data classification and visibility as systems and vendors multiply. He also outlines how regulations and new technologies are driving a more adaptive approach to protecting patient information.

Why vulnerability reports stall inside shared hosting companies

Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short.

Attackers are exploiting auth bypass vulnerability on FortiGate firewalls (CVE-2025-59718)

Attackers are exploiting a recently revealed vulnerability (CVE-2025-59718) to bypass authentication on Fortinet’s FortiGate firewalls, and are leveraging the achieved access to export their system configuration files, Arctic Wolf researchers warned on Tuesday.

Exploited SonicWall zero-day patched (CVE-2025-40602)

SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the provided hotfix, as the flaw has been exploited by attackers.

Cisco email security appliances rooted and backdoored via still unpatched zero-day

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared.

The soft underbelly of space isn’t in orbit, it’s on the ground

In this Help Net Security interview, Øystein Thorvaldsen, CISO at KSAT, discusses how adversaries view the ground segment as the practical way to reach space systems and why stations remain a focal point for security efforts. He notes that many risks stem from supply chain gaps and legacy infrastructure that supports critical missions. He also explains how KSAT works to keep latency low while maintaining security across global operations.

AI isn’t one system, and your threat model shouldn’t be either

In this Help Net Security interview, Naor Penso, CISO at Cerebras Systems, explains how to threat model modern AI stacks without treating them as a single risk. He discusses why partitioning AI systems by function and impact matters, how to frame threat modeling for business leaders, and which assumptions break down as AI becomes core infrastructure.

Kali Linux 2025.4: New tools and “quality-of-life” improvements

OffSec has released Kali Linux 2025.4, a new version of its widely used penetration testing and digital forensics platform. Most of the changes are related to appearance and usability.

Update your Apple devices to fix actively exploited vulnerabilities! (CVE-2025-14174, CVE-2025-43529)

Apple has issued security updates with fixes for two WebKit vulnerabilities (CVE-2025-14174, CVE-2025-43529) that have been exploited as zero-days. Several days before the release of these updates, Google fixed CVE-2025-14174 in the desktop version of Chrome, though at the time the issue did not have a CVE number nor a description.

SoundCloud breached, hit by DoS attacks

Audio streaming service SoundCloud has suffered a breach and has been repeatedly hit by denial of service attacks, the company confirmed on Monday. In the days leading up to the confirmation, users accessing SoundCloud through VPNs reported connection failures and error messages.

European police busts Ukraine scam call centers

Law enforcement agencies from several European countries have arrested twelve persons suspected of being involved in scamming victims across Europe, Eurojust announced. The fraudsters used various scams, such as posing as police officers to withdraw money using their victims’ cards and details, or pretending that their victims’ bank accounts had been hacked.

Microsoft 365 users targeted in device code phishing attacks

Attackers are targeting Microsoft 365 users with device code authorization phishing, a technique that fools users into approving access tokens, Proofpoint warns. The method abuses Microsoft’s OAuth 2.0 device authorization grant flow by presenting users with device codes that, when entered, inadvertently grant attackers control of enterprise accounts.

Crypto theft in 2025: North Korean hackers continue to dominate

When they strike cryptocurrency-related targets, North Korean hacking groups are increasingly aiming for large services where a single breach can move serious money, a new Chainalysis report on crypto theft in 2025 revealed.

Clipping Scripted Sparrow’s wings: Tracking a global phishing ring

Between June 2024 and December 2025, Fortra analysts tracked a persistent business email compromise (BEC) operation that we have now classified as Scripted Sparrow. The group carries out well-crafted highly targeted phishing campaigns that masquerade as professional services firms to mislead finance teams into transferring money to fraudsters’ accounts.

More than half of public vulnerabilities bypass leading WAFs

Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as foundational infrastructure and evaluates their effectiveness against critical vulnerabilities, CVEs, and AI-driven threats.

How exposure management changes cyber defense

In this Help Net Security video, Larry Slusser, VP of Strategy at SixMap, explains why endpoint detection and response is only part of the security story. Drawing on his work as an incident responder, engagement manager, and ransomware negotiator, he describes EDR as the armed guard that reacts after an intruder crosses the line.

What types of compliance should your password manager support?

Lost credentials and weak authentication controls still sit at the center of many security incidents. IT leaders and CISOs know this problem well. They also know that regulators watch how organizations protect passwords, track access, and document security decisions. That is why password managers have become part of compliance conversations rather than optional add ons.

AI might be the answer for better phishing resilience

Phishing is still a go-to tactic for attackers, which is why even small gains in user training are worth noticing. A recent research project from the University of Bari looked at whether LLMs can produce training that helps people spot suspicious emails with better accuracy.

Banks built rules for yesterday’s crime and RegTech is trying to fix that

Criminals are moving money across borders faster, and financial institutions are feeling the squeeze. Compliance teams feel this strain every day as they try to keep up with schemes that shift through accounts, intermediaries, and digital channels. A new academic review of regulatory technology, or RegTech, shows how this pressure is reshaping compliance work and why research in this field is gaining new weight.

Should AI access be treated as a civil right across generations?

AI use is expanding faster than the infrastructure that supports it, and that gap is starting to matter for security, resilience, and access. A new position paper argues that access to AI should be treated as an intergenerational civil right, rather than a service shaped mainly by market forces.

Privacy risks sit inside the ads that fill your social media feed

Regulatory limits on explicit targeting have not stopped algorithmic profiling on the web. Ad optimization systems still adapt which ads appear based on users’ private attributes. At the same time, multimodal LLMs have lowered the barrier for turning these hidden signals into profiling tools. A new study examines this risk and asks how outside parties could use these signals to infer private attributes from ad exposure alone.

LLMs work better together in smart contract audits

Smart contract bugs continue to drain real money from blockchain systems, even after years of tooling and research. A new academic study suggests that large language models can spot more of those flaws when they work in coordinated groups instead of alone.

Manufacturing is becoming a test bed for ransomware shifts

Manufacturing leaders may feel that ransomware risk has settled, but new data shows the threat is shifting in ways that require attention, according to a Sophos report. A global survey of 332 IT and security leaders outlines how attackers are adjusting tactics and how organizations are absorbing the impact of those changes.

Europe’s DMA raises new security worries for mobile ecosystems

Mobile security has long depended on tight control over how apps and services interact with a device. A new paper from the Center for Cybersecurity Policy and Law warns that this control may weaken as the European Union’s Digital Markets Act pushes mobile platforms to open core functions to outside developers.

Prometheus: Open-source metrics and monitoring systems and services

Prometheus is an open-source monitoring and alerting system built for environments where services change often and failures can spread fast. For security teams and DevOps engineers, it has become a common way to track system behavior, spot early warning signs, and understand what is happening across large sets of workloads.

What Cloudflare’s 2025 internet review says about attacks, outages, and traffic shifts

The internet stayed busy, brittle, and under constant pressure in 2025. Cloudflare’s annual Radar Year in Review offers a wide view of how traffic moved, where attacks clustered, and what failed when systems were stressed.

Passwordless is finally happening, and users barely notice

Security teams know the strain that comes from tightening authentication controls while keeping users productive. A new report from Okta suggests this strain is easing. Stronger authentication methods are gaining traction, and many of them let users move through sign in flows with less effort than before. The report indicates that the long held belief that better security slows people down is becoming less relevant as these methods improve both protection and usability.

Product showcase: GlassWire mobile firewall for Android

GlassWire is a free network monitoring and security application for Windows and Android. It lets you see how your system communicates over the internet and local network. The Windows version also offers a Premium tier with advanced features, while the Android app focuses on monitoring and control. By combining visual network activity with simple controls, GlassWire helps you understand what’s happening behind the scenes and take action when something looks out of the ordinary.

AI breaks the old security playbook

AI has moved into enterprise operations faster than many security programs expected. It is embedded in workflows, physical systems, and core infrastructure. Some AI tools reach hundreds of millions of users each week. Inference costs have fallen 280 fold, but overall spending is still rising because usage keeps growing.

Zabbix: Open-source IT and OT observability solution

Zabbix is an open source monitoring platform designed to track the availability, performance, and integrity of IT environments. It monitors networks along with servers, virtual machines, applications, services, databases, websites, and cloud resources.

What cybersecurity leaders are reading to stay ahead

If you’re looking for holiday gift ideas, books remain one of the simplest ways to spark curiosity and support someone’s growth. Whether the person on your list is exploring cybersecurity, AI, engineering, or career development, these titles offer something useful for readers at every stage of their professional journey.

Group Policy abuse reveals China-aligned espionage group targeting governments

ESET Research has identified a previously undocumented China-aligned advanced persistent threat group that uses Windows Group Policy to deploy malware and move through victim networks. The group, tracked as LongNosedGoblin, has targeted government institutions in Southeast Asia and Japan with a toolset built for long-term surveillance.

Identity risk is changing faster than most security teams expect

Security leaders are starting to see a shift in digital identity risk. Fraud activity is becoming coordinated, automated, and self-improving. Synthetic personas, credential replay, and high speed onboarding attempts now operate through shared infrastructures that behave less like scattered threats and more like systems that learn as they run, according to a report by AU10TIX.

Product showcase: NAKIVO v11.1 advances MSP service delivery with secure multi-tenant management

NAKIVO Backup & Replication v11.1 brings a host of benefits to MSPs and their clients. It eliminates the need for client-side port configuration, enhances security with encrypted multi-platform support, and introduces automated failover capabilities. These features are designed specifically for managed service providers, offering them a more efficient and secure way to protect client infrastructure.

