WSUS Flaw Exploited, BIND 9 PoC Published in Security Review
▼ Summary
– Researchers are developing EarID, a system using ear canal acoustic properties for biometric authentication through wireless earbuds.
– A new study shows that monitoring wireless traffic from smart devices can allow neighbors to infer personal details without breaking encryption.
– Ransomware payment rates dropped to historic lows in Q3 2025, with only 23% of victims paying ransoms for encrypted data incidents.
– AI agents can leak sensitive company data through ordinary web searches by exploiting what the model is allowed to access during tasks.
– The Python Software Foundation rejected a $1.5 million US government grant due to restrictive conditions conflicting with its mission.
The digital security landscape constantly shifts as new threats emerge and old vulnerabilities resurface, demanding continuous vigilance from organizations and individuals alike. Recent developments highlight everything from biometric innovations to critical infrastructure risks, underscoring the need for proactive defense strategies across all technology layers.
Imagine your wireless earbuds recognizing you not just by your voice, but by the unique shape of your ear canal. Researchers are developing EarID, a system that uses the ear’s acoustic properties for identity verification. This approach could eventually provide a seamless and highly personal security layer for mobile devices, moving beyond traditional biometrics.
For those who learn by doing, The Wireless Cookbook offers a project-centered guide. Focusing on Wi-Fi, Bluetooth, and LoRa with the Raspberry Pi as its main platform, it encourages hands-on experimentation to build a deeper understanding of wireless technologies.
In healthcare, the long lifecycles of medical devices create significant cybersecurity challenges. Patty Ryan, Senior Director and CISO at QuidelOrtho, explains how organizations can protect legacy systems that often can no longer be patched. Her strategy involves close collaboration with vendors and adopting proactive, risk-based approaches to secure critical healthcare environments.
A new open-source tool named Proximity is now available to scan Model Context Protocol (MCP) servers. It identifies the prompts, tools, and resources a server exposes and evaluates potential security risks. The tool integrates with NOVA, a rule engine that checks for issues like prompt injection or jailbreak attempts.
Credit unions are strengthening their defenses against an evolving fraud landscape. Carl Scaffidi, CISO at VyStar Credit Union, emphasizes that early reporting of suspicious activity helps stop fraudulent transfers faster. He points to innovation in authentication, real-time monitoring, and member education as key to enhancing security without compromising user experience.
A concerning data exfiltration technique involves AI agents that are permitted to search the web and access internal documents. Research shows that without direct model manipulation, this setup can be exploited to quietly pull sensitive data out of an organization during ordinary tasks, posing a significant insider threat.
The City of Toronto is embedding security directly into its strategic objectives and digital governance. Andree Noel, the Deputy CISO, outlines the municipality’s approach to addressing modern threats while managing the complexities of legacy system modernization.
Even with strong encryption, smart home privacy may be weaker than assumed. A study from Leipzig University reveals that a “nosy neighbor” in an adjacent apartment can infer personal details, like when residents are home or which room they are in, simply by monitoring the wireless traffic patterns of nearby smart devices, all without breaking any encryption.
Wade Bicknell, Head of IT Security & Operations at the CFA Institute, discusses the balance between using AI and maintaining security governance. He notes that while you can’t audit how an AI thinks, you can audit what it does, and leadership must carefully manage the trade-offs between innovation, control, and accountability.
Ransomware groups are adapting their tactics as payment rates hit historic lows. In the third quarter of 2025, only 23% of victims paid a ransom, and for data theft incidents without encryption, the rate fell to just 19%, according to Coveware. This economic pressure is forcing threat actors to refine their extortion methods.
The Italian-made spyware known as Dante has been linked to the exploitation of a Chrome zero-day vulnerability, CVE-2025-2783. This flaw, detected in March 2025 and later patched by Google, was used by unknown attackers to deliver a suspected commercial spyware called LeetAgent.
Proof-of-concept code has been published for a remotely exploitable flaw in BIND 9 DNS resolvers, tracked as CVE-2025-40778. This high-severity vulnerability could allow remote, unauthenticated attackers to perform cache poisoning, potentially redirecting internet traffic to malicious sites, distributing malware, or intercepting sensitive communications.
In a principled stand, the Python Software Foundation turned down a $1.5 million US government grant. The foundation rejected the funds due to restrictive conditions that it believed would compromise its mission and its relationship with the open-source community.
While sanctions may not completely stop state-sponsored cyberattacks, experts at the Royal United Services Institute argue they can still “bite” and serve as a valuable tool for Western governments to impose costs on malicious actors.
Attackers are actively exploiting a patched WSUS vulnerability (CVE-2025-59287) to deploy the Skuld infostealer on unpatched Windows servers, highlighting the critical importance of timely patch management.
Shadow AI has become the second-most prevalent form of shadow IT in corporate environments, according to 1Password’s latest annual report. This trend presents a new iteration of an old problem, where employees use unsanctioned AI tools without organizational oversight.
In response to mounting security risks, CISA and the NSA, alongside international partners, have outlined security best practices for organizations using on-premises versions of Microsoft Exchange Server.
An unpatched Windows vulnerability, CVE-2025-9491, continues to be exploited by advanced persistent threats (APTs). Recent targets include European diplomatic entities in Hungary, Belgium, Italy, and the Netherlands, as well as Serbian government aviation departments.
The gaming industry faces a storm of DDoS attacks, data theft, and malware. The pandemic-driven surge in players created a vast network of consoles, PCs, and phones, turning the industry into a prime target due to the sheer volume of logins, payments, and personal data involved.
Dependency-Track provides a continuous open-source solution for software component analysis. Instead of one-time scans, it offers a live view of risk by monitoring every version of every application across an organization’s entire software portfolio.
Researchers at George Mason University discovered a chain of security weaknesses in the California Air Tools CAT-10020SMHAD smart air compressor. These vulnerabilities could allow an attacker to disrupt operations or tamper with usage data, showing that even industrial equipment connected to the internet introduces new risks.
Scammers are preying on international students by threatening their visa status. A new study reveals that after the U.S. government revoked thousands of student visas in 2025, fraudsters posed as government officials, police, or university staff to exploit students’ fears.
OpenAI has released a research preview of gpt-oss-safeguard, a set of open-weight reasoning models for safety classification. Available in two sizes and under the Apache 2.0 license, these models allow developers to freely use, modify, and deploy safer AI applications.
SUSE Linux Enterprise Server 16 has been released, marketed as AI-ready and built for long-term use. This major update, the first in over five years, signals a new direction for Linux, integrating AI capabilities directly into the operating system.
A new study from Australia’s national science agency reveals that a single photo of a person’s face might be enough for an attacker to clone their voice. The research tested deepfake detectors against the FOICE (Face-to-Voice) attack method, which generates speech directly from facial images.
AI chatbots are sliding toward a privacy crisis as their use expands in offices. Users often share personal data casually in chat interfaces, unaware of the risks. Cybercriminals recognize this vulnerability, and it may only be a matter of time before sensitive information shared in AI chats is exposed in a major data leak.
In a video interview, Robert Kraczek, Global IAM Strategist at One Identity, explores the growing problem of third-party cyber exposure and its implications for enterprise security, offering strategies to prevent it from becoming a major headache.
Doug Kersten, CISO at Appfire, shares practical advice for audit success in another video. He suggests thinking like an auditor, emphasizing that organization and clear communication are crucial for a smoother audit process from start to finish.
For macOS users missing the retired Network Utility app, Neo Network Utility by DEVONtechnologies offers a free graphical replacement. It brings back the familiar interface for running tools like Ping, Traceroute, and Port Scan without needing the Terminal.
AI is generating code at a pace that often outstrips security review, according to OX Security. Their report, “Army of Juniors: The AI Code Security Crisis,” finds that AI-generated code can appear clean and functional while hiding structural flaws that evolve into systemic security risks.
Seventy-two states have signed the first global UN Convention against Cybercrime. Adopted by the UN General Assembly in December 2024, the convention will enter into force 90 days after its 40th ratification, establishing a framework for international cooperation.
Email breaches continue to be a silent killer of business growth. The Email Security Breach Report 2025 by Barracuda found that 78% of organizations experienced an email breach in the past year, with phishing, impersonation, and account takeover frequently leading to ransomware and data loss.
A monthly roundup highlights the hottest open-source cybersecurity tools for October 2025, showcasing tools that are strengthening security across diverse environments.
WhatsApp has introduced passkey-encrypted chat backups for iOS and Android. This feature allows users to secure their stored message history using their face, fingerprint, or device screen-lock code, adding a robust layer of protection.
Passwordless authentication is moving from hype to widespread habit. With the average person managing over 300 credentials and credential abuse remaining the top attack vector, organizations across major sectors are accelerating the shift away from traditional passwords.
An eBook explores a quarter century of Active Directory, examining its role as the backbone of enterprise identity, its evolving risks, and strategies for organizations to modernize their password security.
A weekly selection of cybersecurity jobs available as of October 28, 2025, spans various skill levels, offering opportunities for professionals looking to enter or advance in the field.
The Syteca platform is presented as a human-centric insider threat management solution. It aims to help organizations with lean IT resources address the human factor, which often leads to costly breaches, compliance failures, and loss of trust.
A product showcase for October 2025 features interesting infosec releases from companies including Acronis, Akeyless, Blumira, Corelight, Elastic, Illumio, Palo Alto Networks, Rubrik, and others.
(Source: HelpNet Security)