Week in review: PoC for Trend Micro Apex Central RCE released, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Pharma’s most underestimated cyber risk isn’t a breach
Chirag Shah, Global Information Security Officer & DPO at Model N examines how cyber risk in pharma and life sciences is shifting beyond traditional breaches toward data misuse, AI-driven exposure and regulatory pressure. He explains why executives still underestimate silent control failures, how ransomware groups are weaponizing compliance risk, and why proof of security will increasingly require real-time governance, not audits, as cybersecurity and compliance continue to converge.
Fake Booking.com emails and BSODs used to infect hospitality staff
Suspected Russian attackers are targeting the hospitality sector with fake Booking.com emails and a fake “Blue Screen of Death” to deliver the DCRat malware. The malware delivery campaign starts with phishing emails that feature room charge details in euros, which means that European organizations are likely targets.
UK announces grand plan to secure online public services
The UK has announced a new Government Cyber Action Plan aimed at making online public services more secure and resilient, and has allocated £210 million (approximately $283 million) to implement it.
PoC released for unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro has released a critical patch fixing several remotely exploitable vulnerabilities in Apex Central (on-premise), including a flaw (CVE-2025-69258) that may allow unauthenticated attackers to achieve code execution on affected installations.
Recently fixed HPE OneView flaw is being exploited (CVE-2025-37164)
An unauthenticated remote code execution vulnerability (CVE-2025-37164) affecting certain versions of HPE OneView is being leveraged by attackers, CISA confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog.
How AI agents are turning security inside-out
AppSec teams have spent the last decade hardening externally facing applications, API security, software supply chain risk, CI/CD controls, and cloud-native attack paths. But a growing class of security threats is emerging from a largely underestimated and undefended source: internally built no-code assets.
January 2026 Patch Tuesday forecast: And so it continues
Todd Schell’s January 2026 Patch Tuesday forecast summarizes Microsoft and other vendors’ security patches and issues, examines patch management trends and processes, and outlines what to expect in next week’s Patch Tuesday releases.
Understanding AI insider risk before it becomes a problem
In this Help Net Security video, Greg Pollock, Head of Research and Insights at UpGuard, discusses AI use inside organizations and the risks tied to insiders. He explains two problems. One involves employees who use AI tools to speed up work but share data with unapproved services. The other involves hostile actors who use AI to gain trusted roles inside companies.
What happens to insider risk when AI becomes a coworker
In this Help Net Security video, Ashley Rose, CEO at Living Security, discusses how AI is changing insider risk. AI is now built into daily work across departments, which shifts how risk shows up and how security teams should respond. Rose argues that insider risk now includes AI systems, automated workflows, and agents that can take action on their own.
OpenAEV: Open-source adversarial exposure validation platform
OpenAEV is an open source platform designed to plan, run, and review cyber adversary simulation campaigns used by security teams. The project focuses on organizing exercises that blend technical actions with operational and human response elements, all managed through a single system.
Passwords are still breaking compliance programs
The security stack has grown, but audits still stumble on passwords. CISOs see this every year. An organization may have strong endpoint tools, layered network defenses, and a documented access policy. Then the audit turns to shared credentials, spreadsheet-based password storage, or accounts that no one can clearly explain. At that point, the discussion stops being about maturity and starts being about gaps.
Turning plain language into firewall rules
Firewall rules often begin as a sentence in someone’s head. A team needs access to an application. A service needs to be blocked after hours. Translating those ideas into vendor specific firewall syntax usually involves detailed knowledge of zones, objects, ports, and rule order. New research from New York University examines a different starting point, one that treats natural language as the entry point for firewall configuration.
Gen AI data violations more than double
Security teams track activity that moves well beyond traditional SaaS platforms, with employees interacting daily with generative AI tools, personal cloud services, and automated systems that exchange data without direct human input. These patterns shape how sensitive information moves across corporate environments and where security controls apply.
When AI agents interact, risk can emerge without warning
System level risks can arise when AI agents interact over time, according to new research that examines how collective behavior forms inside multi agent systems. The study finds that feedback loops, shared signals, and coordination patterns can produce outcomes that affect entire technical or social systems, even when individual agents operate within defined parameters. These effects surface through interaction itself, which places risk in the structure of the system and how agents influence one another.
Voice cloning defenses are easier to undo than expected
Many voice protection tools promise to block cloning by adding hidden noise to speech. Researchers at a Texas university found that widely used voice protection methods can be stripped away, restoring speaker identity and allowing fake voices to pass automated checks.
Passwords are where PCI DSS compliance often breaks down
Most PCI DSS failures do not start with malware or a targeted attack. They start with everyday behavior. Reused passwords. Credentials stored in spreadsheets. Shared logins are passed around during busy periods. For CISOs, password hygiene remains one of the least technical and most difficult parts of compliance.
European Commission opens consultation on EU digital ecosystems
The European Commission has opened a public call for evidence on European open digital ecosystems, a step toward a planned Communication that will examine the role of open source in EU’s digital infrastructure.
AI security risks are also cultural and developmental
Security teams spend much of their time tracking vulnerabilities, abuse patterns, and system failures. A new study argues that many AI risks sit deeper than technical flaws. Cultural assumptions, uneven development, and data gaps shape how AI systems behave, where they fail, and who absorbs the harm.
What security teams miss in email attacks
Email remains the most common entry point for attackers. This article examines how phishing, impersonation, and account takeover continue to drive email breaches and expose growing security gaps across industries.
Product showcase: Blokada for Android gives users control over network traffic
Blokada is a network privacy and ad-blocking application available on Android, iOS, Windows, macOS, and Linux. It is designed to reduce ads, block trackers, and limit unwanted network connections at the system level.
The roles and challenges in moving to quantum-safe cryptography
A new research project examines how organizations, regulators, and technical experts coordinate the transition to quantum safe cryptography. The study draws on a structured workshop with public sector, private sector, and academic participants to document how governance, security, and innovation systems shape cryptographic migration planning.
Identity security planning for 2026 is shifting under pressure
Identity security planning is becoming more focused on scale, governance, and operational strain, according to the Identity Security Outlook 2026 report. The ManageEngine research draws on responses from 515 identity and security leaders in the United States and Canada and reflects budget holders and practitioners who manage day-to-day identity systems. The findings point to three forces shaping near-term strategy: growth in non-human identities, uneven use of AI in identity operations, and sustained momentum toward vendor consolidation.
What European security teams are struggling to operationalize
European security and compliance teams spend a lot of time talking about regulation. A new forecast report from Kiteworks suggests the harder problem sits elsewhere. According to the report, many European organizations have strong regulatory frameworks on paper, driven by GDPR and upcoming AI rules, and weaker operational systems that show how those rules work in daily practice. The gap, the report argues, shows up in areas like AI incident response, supply chain visibility, and compliance automation as organizations move toward 2026.
Debian seeks volunteers to rebuild its data protection team
The Debian Project is asking for volunteers to step in after its Data Protection Team became inactive. All three members of the team stepped down at the same time, leaving no dedicated group to handle privacy and data protection work.
StackRox: Open-source Kubernetes security platform
Security teams spend a lot of time stitching together checks across container images, running workloads, and deployment pipelines. The work often happens under time pressure, with engineers trying to keep clusters stable while meeting internal policy requirements. The StackRox open source project sits in that space, offering a Kubernetes security platform that teams can run and adapt on their own.
Cybercriminals are scaling phishing attacks with ready-made kits
Phishing-as-a-Service (PhaaS) kits lower the barrier to entry, enabling less-skilled attackers to run large-scale, targeted phishing campaigns that impersonate legitimate services and institutions, according to Barracuda Networks.
IPFire update brings new network and security features to firewall deployments
Security and operations teams often work with firewall platforms that require frequent tuning or upgrades to meet evolving network demands. IPFire has released its 2.29 Core Update 199, aimed at network and protection teams that manage this open source firewall distribution.
Wi-Fi evolution tightens focus on access control
Wi-Fi networks are taking on heavier workloads, more devices, and higher expectations from users who assume constant access everywhere. A new Wireless Broadband Alliance industry study shows that this expansion is reshaping priorities around security, identity, and trust, alongside adoption of new Wi-Fi standards.
Security teams are paying more attention to the energy cost of detection
Security teams spend a lot of time explaining why detection systems need more compute. Cloud bills rise, models retrain more often, and new analytics pipelines get added to existing stacks. Those conversations usually stay focused on coverage and accuracy. A recent study takes a different approach by measuring anomaly detection models alongside their energy use and associated carbon output, treating compute consumption as part of security operations.
Product showcase: TrackerControl lets Android users see who’s tracking them
TrackerControl is an open-source Android application designed to give users visibility into and control over the hidden data within mobile apps. Many apps routinely communicate with third-party services that collect information about usage. TrackerControl makes this activity visible and allows users to decide what should be blocked.