Week in review: PoC for FortiSIEM flaw released, Rakuten Viber CISO/CTO on messaging risks
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
What security teams can learn from torrent metadata
Security teams often spend time sorting through logs and alerts that point to activity happening outside corporate networks. Torrent traffic shows up in investigations tied to policy violations, insider risk, and criminal activity. A new research paper looks at that same torrent activity through an open source intelligence lens and asks how much signal security teams can extract from data that is already public.
Rethinking OT security for project heavy shipyards
In this Help Net Security interview, Hans Quivooij, CISO at Damen Shipyards Group, discusses securing OT and ICS in the shipyard. He outlines how project-based operations, rotating contractors, and temporary systems expand the threat surface and complicate access control. Quivooij also covers visibility in legacy environments and the risks introduced by IT and OT integration.
Rakuten Viber CISO/CTO on balancing encryption, abuse prevention, and platform resilience
In this Help Net Security interview, Liad Shnell, CISO and CTO at Rakuten Viber, discusses how messaging platforms have become critical infrastructure during crises and conflicts. He explains how it influences cybersecurity priorities, from encryption and abuse prevention to incident response and user protection. Shnell also outlines how Viber assesses and mitigates risks that blend technical threats with human behavior.
Firmware scanning time, cost, and where teams run EMBA
Security teams that deal with connected devices often end up running long firmware scans overnight, checking progress in the morning, and trying to explain to colleagues why a single image consumed a workday of compute time. That routine sets the context for a new research paper that examines how the EMBA firmware analysis tool behaves when it runs in different environments.
CISO Assistant: Open-source cybersecurity management and GRC
CISO Assistant is an open-source governance, risk, and compliance (GRC) platform designed to help security teams document risks, controls, and framework alignment in a structured system. The community edition is maintained as a self-hosted tool for organizations that want direct access to the code and data.
LinkedIn wants to make verification a portable trust signal
In this Help Net Security interview, Oscar Rodriguez, VP Trust Product at LinkedIn, discusses how verification is becoming a portable trust signal across the internet. He explains how LinkedIn is extending professional identity beyond its platform to address rising AI-driven fraud, impersonation, and online scams. Rodriguez also outlines how LinkedIn views its role in digital trust alongside platforms, partners, and existing identity systems.
There was no data breach, Instagram says
News of a possible Instagram data breach spread over the weekend after Malwarebytes reported that cybercriminals had stolen sensitive information from 17.5 million Instagram accounts, potentially leading to a surge in password reset requests. Users have been complaining last week about receiving repeated password change requests, but Instagram parent company Meta has denied that a breach of their systems occurred.
Browser-in-the-Browser phishing is on the rise: Here’s how to spot it
Browser-in-the-Browser (BitB) phishing attacks are on the rise, with attackers reviving and refining the technique to bypass user skepticism and traditional security controls. For BitB phishing, attackers create a pop-up window inside a real web page (browser) by using HTML, CSS, and JavaScript. The goal is to trick users into entering login credentials by making them believe they are on a legitimate login page.
PoC exploit for critical FortiSIEM vulnerability released (CVE-2025-64155)
A critical vulnerability (CVE-2025-64155) in Fortinet’s FortiSIEM security platform has now been accompanied by publicly released proof-of-concept (PoC) exploit code, raising the urgency for organizations to patch immediately. CVE-2025-64155 may allow unauthenticated, remote attackers to execute unauthorized code or commands on vulnerable FortiSIEM deployments via specially crafted TCP requests.
Sensitive data of Eurail, Interrail travelers compromised in data breach
A data breach at the Netherlands-based company that sells Eurail (Interrail) train passes resulted in the compromise of personal and sensitive information belonging to an as-yet unknown number of travelers.
Turning cyber metrics into decisions leaders can act on
In this Help Net Security video, Bryan Sacks, Field CISO at Myriad360, explains how security leaders can measure cybersecurity in ways that matter to executives and boards. He argues that metrics should support decisions, not exist for reporting alone. The discussion focuses on aligning security work with business priorities, especially those driven by CEOs and boards.
Product showcase: Penetration test reporting with PentestPad
If you’ve done a pentest before, you know things can get messy fast. You start organized, but a few hours in, notes are scattered, screenshots have odd filenames, and small details get lost. PentestPad was built to help with that, not to change how you test, but to stop the chaos from slowing you down.
EU’s Chat Control could put government monitoring inside robots
Cybersecurity debates around surveillance usually stay inside screens. A new academic study argues that this boundary no longer holds when communication laws extend into robots that speak, listen, and move among people. Researchers Neziha Akalin and Alberto Giaretta examine the European Union’s proposed Chat Control regulation and its unintended impact on human robot interaction.
pfSense: Open-source firewall and routing platform
Firewalls, VPN access, and traffic rules need steady attention, often with limited budgets and staff. In that context, the open source pfSense Community Edition (CE) continues to show up in production environments, supported by a long-standing user community.
Crypto crime hits record levels as state actors move billions
Nation-state involvement in crypto increased in 2025, signaling a shift in how on-chain crime operates. Research from Chainalysis shows that crypto-related crime has grown more organized over recent years, with illicit groups running large-scale on-chain infrastructure to support cross-border criminal networks, procure services, and launder funds.
Cyber fraud network behind €5,93 million in losses dismantled in Spain
The Spanish National Police (Policía Nacional), working closely with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with support from Europol, has carried out an operation targeting the international criminal organization known as Black Axe. Black Axe is a highly structured, hierarchical group that originated in Nigeria and has a presence in dozens of countries worldwide.
Teaching cybersecurity by letting students break things
Cybersecurity students show higher engagement when the work feels tangible. A new study from Airbus Cybersecurity and Dauphine University describes what happens when courses move beyond lectures and place students inside structured hacking scenarios, social engineering exercises, and competitive games.
Minimal Ubuntu Pro expands Canonical’s cloud security offerings
Canonical has released Minimal Ubuntu Pro images for use on public cloud platforms, aiming to give teams a smaller base image with a narrower software footprint. The solution is designed for organizations that want tighter control over what runs inside production cloud workloads. The image starts with a limited set of packages required to boot, connect, and support common cloud use cases.
How AI image tools can be tricked into making political propaganda
A single image can shift public opinion faster than a long post. Text to image systems can be pushed to create misleading political visuals, even when safety filters are in place, according to a new study. The researchers examined whether commercial text to image tools can be tricked into producing politically sensitive images of actual public figures.
Anthropic backs Python Software Foundation security work with $1.5 million
Anthropic has signed a two-year partnership with the Python Software Foundation (PSF), committing a total of $1.5 million to support the foundation’s work, with a focus on Python ecosystem security.
QR codes are getting colorful, fancy, and dangerous
QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with caution, but QR codes still carry an assumption of safety. Researchers from Deakin University have examined how visually stylized QR codes are being used in quishing attacks.
Microsoft shuts down RedVDS cybercrime subscription service tied to millions in fraud losses
Microsoft has announced a coordinated legal action in the United States and the United Kingdom to disrupt RedVDS, a global cybercrime subscription service tied to large-scale fraud losses. The effort forms part of a broader joint operation with international law enforcement, including Europol and German authorities.
AWS European Sovereign Cloud puts data, operations, and oversight inside the EU
Amazon has made the AWS European Sovereign Cloud generally available to customers across the European Union, backed by a €7.8 billion investment. According to AWS, the funding will support infrastructure buildout, staffing, and long-term operations, and is expected to drive regional economic activity and job creation over the coming years.
Ransomware activity never dies, it multiplies
Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team shows that disruption inside the ransomware economy slowed activity only briefly, while extortion methods expanded and diversified.
Downtime pushes resilience planning into security operations
CISOs describe a shift in how they define success. New research from Absolute Security shows broad agreement that resilience outweighs security goals centered on prevention alone. Security leaders increasingly define their role around keeping the business operating through disruption.
Debian 13.3 is now available with targeted corrections, updates
Debian 13.3 is the third maintenance update for the stable Debian 13 distribution, codenamed “trixie”. It updates package content to address security and other issues reported since the last point update. This release includes more than 100 adjustments and multiple security patches across a range of packages. It includes updates for core services and applications such as Apache HTTP Server, GNOME components, and container tools.
Claude connects to more healthcare data under security oversight
Healthcare teams are evaluating a range of AI tools for workflows tied to coverage, coding, care coordination, and trials. Anthropic announced expanded healthcare and life sciences offerings for its Claude model with a set of connectors, task skills, and consumer health record integrations that it positions for HIPAA-ready use in provider, payer, and patient workflows.
What insurers expect from cyber risk in 2026
Technology shifts, policy decisions, and attacker behavior are changing at the same time, and their effects increasingly overlap. Insurers, brokers, and security teams are feeling that pressure across underwriting, claims, and risk management. A new global study by CyberCube examines how these changes are expected to influence cyber risk through 2026.
Enterprise security faces a three-front war: cybercrime, AI misuse, and supply chains
Security teams are dealing with pressures tied to AI use, geopolitical instability, and expanding cybercrime that reach beyond technical controls, according to findings from the World Economic Forum’s Global Cybersecurity Outlook 2026.
Parrot OS shares its 2026 plans for security tools and platform support
Parrot OS is a Debian-based Linux distribution built for cybersecurity work. Security practitioners use it for penetration testing, digital forensics, malware analysis, and privacy-focused research. The operating system bundles security tools, development utilities, and privacy features into a maintained platform used in labs, training environments, and day-to-day testing workflows.
AuraInspector: Open-source tool to audit Salesforce Aura access control misconfigurations
Google and its Mandiant threat intelligence unit have released AuraInspector, an open-source tool aimed at auditing data access paths in Salesforce Experience Cloud applications. The tool focuses on the Aura framework, which underpins many Salesforce user interfaces and plays a central role in how data is retrieved and displayed.
Wine 11 brings major architectural work, synchronization changes, 600+ bug fixes
Wine, originally short for “Wine Is Not an Emulator,” is a compatibility layer that allows Windows applications to run natively on POSIX-compliant operating systems, including Linux, macOS, and BSD.
Proton expands Lumo AI assistant with encrypted, project-based workspaces
Lumo is Proton’s AI assistant, built with a focus on privacy and user control. It runs on Proton’s infrastructure and is designed so conversations are not used to train models or retained beyond what is required to provide the service. In version 1.3, Lumo introduces Projects, encrypted spaces where users can group chats, files, and requirements for a task and keep them in sync across devices and sessions.
Product showcase: Orbot – Tor VPN for iOS
Orbot for iOS is a free, open-source networking tool that routes supported app traffic through the Tor network. Developed by the Guardian Project, it is intended for users who want to reduce tracking and limit network-level monitoring on iPhone and iPad.
The NSA lays out the first steps for zero trust adoption
Security pros often say that zero trust sounds straightforward until they try to apply it across real systems, real users, and real data. Many organizations are still sorting out what they own, how access works, and where authority sits. That day-to-day reality is the context for a new set of implementation documents released by the National Security Agency.
Cybersecurity spending keeps rising, so why is business impact still hard to explain?
Cybersecurity budgets keep climbing, but many security leaders still struggle to explain what that spending delivers to the business. A new study by Expel examines that disconnect through a survey of security and finance executives at large enterprises. The research looks at how the two groups view risk, investment decisions, and their working relationship.
CISOs flag gaps in third-party risk management
Third-party cyber risk continues to concern security leaders as vendor ecosystems grow, supply chains stretch, and AI plays a larger role in business operations. A recent Panorays survey of U.S. CISOs shows rising third-party incidents and growing regulatory attention, while visibility beyond direct vendors and the resources to manage that risk continue to fall short.
Who’s on the other end? Rented accounts are stress-testing trust in gig platforms
Fraud has become a routine part of gig work for many earners, and the ways workers respond are creating new security problems for platforms. A recent TransUnion study of U.S. gig workers shows broad exposure to fraud, inconsistent reporting, and growing participation in prohibited practices such as account renting and selling.
New intelligence is moving faster than enterprise controls
AI is being integrated into core enterprise systems faster than many organizations can secure and govern it. A new global study from NTT shows companies expanding AI deployment while gaps in infrastructure readiness, data integrity controls, and governance frameworks continue to limit safe operation at scale.
As AI raises the stakes, app modernization and security are becoming inseparable
Security leaders are under pressure to support AI programs that move from pilots into production. New Cloudflare research suggests that success depends less on experimentation and more on disciplined application modernization tied closely to security strategy. The survey examines how application architecture, decision structures, and security alignment affect AI readiness at scale.
Webinar: An Analyst’s Guide to Evaluating Email Security in 2026
Join former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing, Lane Billings, on January 20th for an exclusive insider look at how email security vendors will be evaluated in 2026. Backed by years of analyst experience and deep market insight, this session equips security leaders with a clear, practical approach to confidently selecting the right vendor.
Cybersecurity jobs available right now: January 13, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: January 16, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Acronis, JumpCloud, Noction, and SpyCloud.