Week in review: F5 data breach, Microsoft patches three actively exploited zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Building a healthcare cybersecurity strategy that works
In this Help Net Security interview, Wayman Cummings, CISO at Ochsner Health, talks about building a healthcare cybersecurity strategy, even when resources are tight. He explains how focusing on areas like vulnerability management and network segmentation can make the biggest difference.
What Chat Control means for your privacy
In this Help Net Security interview, Benjamin Schilz, CEO at Wire, discusses the Chat Control cybersecurity and privacy risks. He explains that mandated scanning mechanisms are incompatible with end-to-end encryption and would create liability and compliance challenges for service providers.
What if your privacy tools could learn as they go?
A new academic study proposes a way to design privacy mechanisms that can make use of prior knowledge about how data is distributed, even when that information is incomplete. The method allows privacy guarantees to stay mathematically sound while improving how much useful information can be shared.
A safer way to break industrial systems (on purpose)
Cybersecurity teams often struggle to test defenses for industrial control systems without risking disruption. A group of researchers from Curtin University has developed a way to make that easier. Their work introduces a container-based framework that lets researchers and practitioners simulate real control system environments and run cyberattacks on them safely.
When trusted AI connections turn hostile
Researchers have revealed a new security blind spot in how LLM applications connect to external systems. Their study shows that malicious Model Context Protocol (MCP) servers can quietly take control of hosts, manipulate LLM behavior, and deceive users, all while staying undetected by existing tools.
A new approach to blockchain spam: Local reputation over global rules
Spam has long been a nuisance in blockchain networks, clogging transaction queues and driving up fees. A new research paper from Delft University of Technology introduces a decentralized solution called STARVESPAM that could help nodes in permissionless blockchains block spam without relying on central control or costly fee mechanisms.
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
Oracle has revealed the existence of yet another remotely exploitable Oracle E-Business Suite vulnerability (CVE-2025-61884).
Microsoft patches three zero-days actively exploited by attackers
On October 2025 Patch Tuesday, Microsoft released fixes for 175+ vulnerabilities, including three zero-days under active attack: CVE-2025-24990, CVE-2025-59230, and CVE-2025-47827.
F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
US tech company F5 has suffered a breach, and the attackers made off with source code of and vulnerability information related to its BIG-IP family of networking and security products, the company confirmed.
“Perfect” Adobe Experience Manager vulnerability is being exploited (CVE-2025-54253)
CISA has added CVE-2025-54253, a misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE), to its Known Exploited Vulnerabilities catalog, thus warning of detected in-the-wild exploitation.
Microsoft revokes 200 certs used to sign malicious Teams installers
By revoking 200 software-signing certificates, Microsoft has hampered the activities of Vanilla Tempest, a ransomware-wielding threat actor that has been targeting organizations with malware posing as Microsoft Teams.
Hackers used Cisco zero-day to plant rootkits on network switches (CVE-2025-20352)
Threat actors have leveraged a recently patched IOS/IOS XE vulnerability (CVE-2025-20352) to deploy Linux rootkits on vulnerable Cisco network devices.
Security validation: The key to maximizing ROI from security investments
Every sizable organization invests heavily in firewalls, SIEMs, EDRs, and countless other technologies that form the backbone of a modern enterprise’s cyber defenses. Yet despite these significant investments, attackers continue to exploit misconfigurations, untested rules, and hidden dependencies that slip through even the most mature and technically sophisticated environments.
Identifying risky candidates: Practical steps for security leaders
Effective insider threat defense begins with candidate vetting. Background checks and reference calls can confirm elements of an applicant’s history, but they rarely surface the deeper risks that can turn into costly problems down the line. Identity verification, credential validation, and digital risk assessments need to be layered into the hiring process.
AI-generated images have a problem of credibility, not creativity
GenAI simplifies image creation, yet it creates hard problems around intellectual property, authenticity, and accountability. Researchers at Queen’s University in Canada examined watermarking as a way to tag AI images so origin and integrity can be checked.
The solar power boom opened a backdoor for cybercriminals
Solar isn’t low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in the transition.
The diagnosis is in: Mobile health apps are bad for your privacy
Sensitive data is moving through Android healthcare apps without adequate protection. Researchers found that many transmit information without encryption, store files without safeguards, or share it through third-party components.
Maltrail: Open-source malicious traffic detection system
Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available blacklists, as well as static lists compiled from antivirus reports and user-defined sources. These “trails” can include domain names, URLs, IP addresses, or even HTTP User-Agent values. On top of that, Maltrail can use optional heuristic methods to identify new or unknown threats, such as emerging malware.
U.S. seizes $15 billion in Bitcoin linked to massive forced-labor crypto scam
The U.S. government has seized about $15 billion worth of Bitcoin connected to what prosecutors call one of the largest cryptocurrency fraud and human trafficking operations ever uncovered.
Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
Alias Robotics has published an analysis of the Unitree G1 humanoid robot, concluding that the device can be exploited as a tool for espionage and cyber attacks.
The five-minute guide to OT cyber resilience
In this Help Net Security video, Rob Demain, CEO of e2e-assure, explains the essentials of OT cybersecurity resilience. He discusses the importance of understanding remote access points, supply chain connections, and the need for specialized sensors to monitor OT networks that differ from traditional IT systems.
Building trust in AI-powered security operations
In this Help Net Security video, James Hodge, VP, Global Specialist Organisation at Splunk, explores the transformative role of AI in cybersecurity threat detection. He explains how AI’s ability to process vast amounts of data and detect anomalies faster than humans is reshaping how organizations identify and respond to threats.
SAP zero-day wake-up call: Why ERP systems need a unified defense
In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they hold valuable data that directly affects revenue, operations, and reputation.
Attackers don’t linger, they strike and move on
Cyber attacks are happening faster than ever. Intrusions that once took weeks or months now unfold in minutes, leaving little time to react. Attackers move quickly once they gain access, aiming to run their payloads and get results before defenders can respond, according to Elastic.
When hackers hit, patient safety takes the fall
93% of U.S. healthcare organizations experienced at least one cyberattack in the past year, with an average of 43 incidents per organization, according to Proofpoint. The study found that most of these attacks involved cloud account compromises, ransomware, supply chain intrusions, and business email compromise. 72% of respondents said at least one incident disrupted patient care.
The power grid is getting old, and so is the cybersecurity protecting it
Critical infrastructure is getting older, and the cost of that decay is starting to show. The Arthur D. Little Built to Last? report says that the systems powering energy, water, and transport are reaching the end of their design life.
The password problem we keep pretending to fix
Experts across industries say they are still losing ground against identity-related breaches, even after years of investment in stronger access controls, according to RSA.
Everyone wants AI, but few are ready to defend it
The rush to deploy AI is reshaping how companies think about risk, according to Cisco. A global study finds that while most organizations are moving quickly to adopt AI, many are not ready for the pressure it puts on their systems and security.
Everyone’s adopting AI, few are managing the risk
AI is spreading across enterprise risk functions, but confidence in those systems remains uneven, according to AuditBoard. More than half of organizations report implementing AI-specific tools, and many are training teams in machine learning skills. Yet, few feel prepared for the governance requirements that will come with new AI regulations.
Inside healthcare’s quiet cybersecurity breakdown
Hospitals, clinics, and care networks continue to treat cybersecurity as a back-office issue, according to the 2025 Healthcare IT Landscape Report from Omega Systems.
Cybersecurity jobs available right now: October 14, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
New infosec products of the week: October 17, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Aura, Bitsight, Blumira, Cayosoft, Corelight, Netcraft, and Picus Security.