WSUS OOB Fixes, AWS Outage Lessons, and Supply-Chain Threats

AWS outage: DynamoDB DNS failure caused disruption

⚠️ Amazon says a major DNS failure in DynamoDB's DNS management system triggered a widespread AWS outage focused on the us-east-1 (Northern Virginia) region. A race condition at 11:48 PM PDT caused the accidental deletion of all IP addresses for the regional DynamoDB public endpoint, producing immediate DNS resolution failures for customer and internal traffic. The fault cascaded across services, kept automated recovery from restoring consistency, and required manual operator intervention to recover. AWS has disabled the problematic DNS automation globally, added protective checks, improved throttling, built new test suites, and apologized for the impact.

Microsoft issues emergency WSUS updates for critical RCE

⚠️ Microsoft has released out-of-band security updates to remediate a critical WSUS vulnerability tracked as CVE-2025-59287. The flaw affects only Windows servers with the WSUS Server Role enabled and allows remote, unauthenticated attackers to execute code as SYSTEM in low-complexity attacks without user interaction. Microsoft published cumulative KB updates for all affected Server builds and requires a reboot; administrators who cannot patch immediately are advised to disable the WSUS role or block TCP ports 8530/8531 as temporary mitigations.

GlassWorm self-spreading worm targets VS Code extensions

🪲 Researchers have uncovered GlassWorm, a self-propagating worm that spreads through Visual Studio Code extensions on the Open VSX Registry and the Microsoft Extension Marketplace. First seen on October 17, 2025, the campaign uses the Solana blockchain for resilient command-and-control with Google Calendar as a fallback and hides malicious code using invisible Unicode variation selectors. Infected extensions harvest developer credentials, drain cryptocurrency wallets, install SOCKS proxies and hidden VNC servers, and deliver a JavaScript payload named Zombi to escalate and propagate.

Microsoft issues emergency WSUS patch for critical RCE

⚠️ Microsoft released an out-of-band security update to address a critical WSUS remote code execution vulnerability, CVE-2025-59287 (CVSS 9.8). The flaw stems from unsafe deserialization of AuthorizationCookie objects at the GetCookie() endpoint, where AES-128-CBC-encrypted cookie payloads are decrypted and deserialized via BinaryFormatter without type validation, enabling SYSTEM-level code execution on servers running the WSUS role. Microsoft published updates for supported Windows Server releases and recommends installing the patch and rebooting; short-term mitigations include disabling the WSUS role or blocking TCP ports 8530 and 8531.

Critical Microsoft WSUS RCE Flaw Exploited in Wild Now

⚠️Microsoft released out-of-band updates to fully remediate a critical deserialization vulnerability in Windows Server Update Service (WSUS), tracked as CVE-2025-59287. The initial Oct. 14 fixes were incomplete, prompting emergency patches for multiple Windows Server versions. Exploits in the wild were reported after a public proof-of-concept was published, allowing remote code execution as SYSTEM on affected servers.

Critical WSUS RCE Flaw in Windows Server Exploited Now

⚠️Microsoft confirmed attackers are exploiting a critical Windows Server Update Service vulnerability tracked as CVE-2025-59287, a remote code execution flaw that affects servers running the WSUS Server role when configured as an update source for other WSUS servers. The bug can be abused remotely with low complexity and no user interaction to run code as SYSTEM, raising wormable concerns. Microsoft released out-of-band patches for all affected Windows Server versions and advised immediate installation or temporary disabling of the WSUS Server role; public proof-of-concept code and active scanning have been observed in the wild.

Proteomics AI Agent: Guided Protocols and Error Detection

🔬 Researchers at the Max Planck Institute of Biochemistry and Google Cloud created a Proteomics Lab Agent using the Agent Development Kit and Gemini models to provide personalized, multimodal AI guidance for mass spectrometry experiments. The agent analyzes recorded steps to generate publication-ready protocols, detect procedural errors, and capture tacit expertise into a searchable knowledge base. Open-sourced on GitHub, it aims to reduce troubleshooting time and improve reproducibility across labs.

Securing Agentic Commerce with Web Bot Auth and Payments

🔒 Cloudflare, in partnership with Visa and Mastercard, explains how Web Bot Auth together with payment-specific protocols can secure agent-driven commerce. The post describes agent registration, public key publication, and HTTP Message Signatures that include timestamps, nonces, and tags to prevent spoofing and replay attacks. Merchants can validate trusted agents during browsing and payment flows without changing infrastructure. Cloudflare also provides an Agent SDK and managed WAF rules to simplify developer adoption and deployment.

Microsoft Releases Out-of-Band WSUS Patch for CVE-2025-59287

⚠ Microsoft released an out-of-band security update (October 23, 2025) to remediate a critical Windows Server Update Service (WSUS) remote code execution vulnerability, CVE-2025-59287, after a prior fix proved incomplete. The flaw affects WSUS on Windows Server 2012, 2016, 2019, 2022, and 2025 and could allow an unauthenticated actor to execute code with SYSTEM privileges. CISA urges organizations to identify affected WSUS servers, apply the update and reboot, or temporarily disable the WSUS Server Role or block inbound TCP ports 8530/8531 as mitigations until the patch is installed.

Mass Attacks Exploit Outdated WordPress Plugins in 2024

🔒 A large-scale campaign is exploiting outdated GutenKit and Hunk Companion WordPress plugins to achieve remote code execution by chaining unauthenticated or missing-authorization REST endpoint flaws (CVE-2024-9234, CVE-2024-9707, CVE-2024-11972). Wordfence observed 8.7 million blocked attempts across October 8–9. Attackers host a malicious ZIP plugin on GitHub that installs backdoors, and often drop the vulnerable wp-query-console plugin to gain RCE. Administrators should update affected plugins and scan for indicators of compromise immediately.

Smishing Triad Linked to 194,000 Malicious Domains

📱 Unit 42 attributes a sprawling smishing campaign to the China-linked Smishing Triad, tying it to 194,345 FQDNs and more than 194,000 malicious domains registered since January 1, 2024. Most root domains are registered through Dominet (HK) Limited yet resolve to U.S.-hosted infrastructure, primarily on Cloudflare (AS13335). Campaigns impersonate USPS, toll services, banks, exchanges and delivery services, using rapid domain churn to evade detection. The operation has reportedly generated over $1 billion in three years and increasingly targets brokerage and banking accounts to enable market manipulation.

Lazarus Targets European Drone Makers in Espionage

📡 ESET researchers have uncovered a new Lazarus Group espionage campaign targeting European defense contractors, with a focus on companies involved in unmanned aerial vehicle (UAV) development since March 2025. The attackers used spear-phishing with fake job offers and trojanized open-source tools such as WinMerge and Notepad++ to deliver loaders and the custom RAT ScoringMathTea. The intrusion chain relied on DLL side-loading, reflective loading, and process injection to maintain persistence and exfiltrate design and supply-chain data. ESET has published IoCs and MITRE ATT&CK mappings to help defenders respond.

ToolShell Exploit Drives Surge in SharePoint Attacks

🛡️ Cisco Talos reports a rapid rise in exploitation of public-facing applications following the mid‑July 2025 disclosure of the ToolShell chain, which targets on‑premises Microsoft SharePoint servers via CVE-2025-53770 and CVE-2025-53771. In Q3, application exploitation featured in over 60% of Talos Incident Response engagements, with ToolShell activity implicated in nearly 40% of cases. Talos urges expedited patching and network segmentation to limit lateral movement and downstream impacts such as ransomware.

CoPhish: Microsoft Copilot Studio Agents Steal OAuth Tokens

🔐 Datadog Security Labs has described a new phishing technique called CoPhish that abuses Copilot Studio agents to present fraudulent OAuth consent requests on legitimate Microsoft-hosted demo pages. Attackers can configure an agent’s Login topic to deliver a malicious sign-in button that redirects to a hostile application and exfiltrates session tokens. Microsoft confirmed it will address the underlying causes in a future update and recommends governance and consent hardening to reduce exposure.

New LockBit Ransomware Victims Identified October 2025

🔒 After months of rumored silence, security researchers have identified multiple organizations hit by LockBit-branded ransomware in September 2025. Check Point's report documents about a dozen victims across Western Europe, the Americas and Asia, affecting both Windows and Linux systems. Roughly half were infected with LockBit 5.0 and the rest with the leaked 3.0 (LockBit Black) variant. LockBit 5.0 introduces multi-platform builds, enhanced anti-analysis, randomized extensions and a revamped affiliate panel requiring a roughly $500 deposit.

PhantomCaptcha spear-phishing targets NGOs and regions

🔒SentinelOne reported a one-day spear-phishing campaign on October 8 that targeted aid organisations and Ukrainian regional administrations. The operation, named PhantomCaptcha, delivered a WebSocket RAT hosted on Russian-owned infrastructure and used weaponized PDFs and a fake Cloudflare CAPTCHA to trick victims into executing PowerShell. The multi-stage chain enabled data exfiltration, persistent remote access and potential deployment of additional malware.

Cloudflare Page Shield Thwarted npm Supply-Chain Attack

🛡️ In early September 2025 attackers published malicious releases to 18 widely used npm packages, enabling crypto‑stealing and token exfiltration. Cloudflare's Page Shield static analysis and ML pipeline — including an MPGCN on JavaScript ASTs — inspects 3.5 billion scripts per day and would have detected these compromised packages. Inference completes in under 0.3s and ensemble review reduces false positives, protecting customers from similar supply‑chain threats.

Amazon VPC Reachability and Network Analyzer Now in GovCloud

🛡️ Amazon has launched VPC Reachability Analyzer and VPC Network Access Analyzer in both AWS GovCloud (US‑West) and GovCloud (US‑East) Regions. These tools let administrators diagnose network reachability between source and destination resources across VPCs and accounts, for example identifying missing route table entries that block EC2-to-EC2 connectivity. Network Access Analyzer finds unintended access paths such as traffic that bypasses firewalls so teams can enforce security and compliance scopes. For pricing and operational details consult the VPC Network Analysis pricing information.

APT36 Targets Indian Government with Golang DeskRAT

🔐 Sekoia observed Transparent Tribe (APT36) conducting spear-phishing campaigns in Aug–Sep 2025 that deliver a Golang remote access trojan dubbed DeskRAT. The attacks use ZIP attachments containing malicious .desktop files that display a decoy PDF while executing the payload, specifically targeting BOSS Linux systems. DeskRAT establishes WebSocket C2, supports multiple persistence mechanisms, and includes modules for harvesting and exfiltrating WhatsApp and Chrome data. Researchers also reported the use of "stealth servers" and a shift from cloud-hosted distribution to dedicated staging infrastructure.

CISA Adds Two Vulnerabilities to Known Exploited Catalog

🔔 CISA has added two vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following evidence of active exploitation: CVE-2025-54236, affecting Adobe Commerce and Magento, and CVE-2025-59287, affecting Microsoft Windows Server Update Services (WSUS). The issues—an improper input validation flaw and a deserialization of untrusted data vulnerability—are common attack vectors that pose significant risk to enterprise networks. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by required due dates, and CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management.

3,000 YouTube Videos Used as Malware Traps in Ghost Network

⚠️ Check Point researchers uncovered a long-running operation that uploaded and promoted over 3,000 YouTube videos linking to malware downloads. The network, dubbed the YouTube Ghost Network, has been active since 2021 and saw its volume triple this year, using hacked channels and a role-based structure to sustain distribution. Videos offering pirated software and Roblox cheats pointed users to cloud-hosted files or phishing pages that deployed stealers and Node.js loaders, and Google has removed the majority of identified content.

RedTiger Infostealer Used to Steal Discord Accounts

🛡️ Attackers have compiled the open-source RedTiger red-team tool into a Windows infostealer that harvests Discord account tokens, payment details, browser credentials, crypto wallet files, and game data. The malware injects JavaScript into Discord's client to capture logins, purchases, and password changes, archives stolen data, and uploads it to GoFile. Users should revoke tokens, change passwords, reinstall Discord from the official site, clear browser data, and enable MFA.

VPC Reachability & Network Access Analyzers Now in GovCloud

🔍 Amazon announced that VPC Reachability Analyzer and VPC Network Access Analyzer are now available in AWS GovCloud (US-West) and AWS GovCloud (US-East). Reachability Analyzer diagnoses network paths between source and destination resources in VPCs to identify misconfigurations such as missing route table entries across accounts. Network Access Analyzer finds unintended access paths by letting you define scopes to ensure traffic traverses required controls, for example verifying web app traffic goes through a firewall. See the product documentation and the Network Analysis section of the Amazon VPC pricing page for details.

Ransomware recovery falters: 40% of paying victims lose data

🔒 Two in five companies that pay ransomware attackers still fail to recover their data, according to a Hiscox survey of thousands of SMEs. The study found 27% of businesses were hit in the past year and 80% of affected firms paid a ransom, yet only 60% recovered all or part of their data. Experts blame flawed encryptors, corrupted or compromised backups, and complex double- or triple-extortion tactics. Organisations are urged to maintain tested recovery plans, forensic validation, and incident response retainers rather than rely on payment.

Phishing Campaign Targets LastPass Users with 'Death' Lure

⚠️ LastPass customers are being targeted by a phishing campaign that falsely notifies recipients that a family member uploaded a death certificate to request legacy access. Messages spoof the LastPass domain and include a cancellation link that redirects to an attacker-controlled site asking for the master password. Some victims have also received phone calls pressing the same ruse. LastPass warns it never asks for master passwords and has removed the initial phishing site.

Fake LastPass inheritance emails used to steal vaults

🔒 LastPass warns customers of a sophisticated phishing campaign that uses fake inheritance emails claiming a family member uploaded a death certificate to request emergency access to a user's vault. The messages include an agent ID and a link that redirects victims to a fraudulent page on lastpassrecovery[.]com where the victim is prompted to enter their master password. In some incidents attackers also called victims while posing as LastPass staff. The campaign, active since mid‑October and attributed to financially motivated group CryptoChameleon (UNC5356), has expanded to target passkeys as well.

Malicious Extensions Spoof AI Browser Sidebars, Report

⚠️ Researchers at SquareX warn that malicious browser extensions can inject fake AI sidebars into AI-enabled browsers, including OpenAI Atlas, to steer users to attacker-controlled sites, exfiltrate data, or install backdoors. The extensions inject JavaScript to overlay a spoofed assistant and manipulate responses, enabling actions such as OAuth token harvesting or execution of reverse-shell commands. The report recommends banning unmanaged AI browsers where possible, auditing all extensions, applying strict zero-trust controls, and enforcing granular browser-native policies to block high-risk permissions and risky command execution.

Threat Actor Misuse of AzureHound for Cloud Discovery

🔍 AzureHound is an open-source Go-based enumeration tool designed for cloud discovery and red-team assessments that threat actors also misuse to map Entra ID and Azure resources. Unit 42 outlines how adversaries leverage Microsoft Graph and Azure REST APIs to enumerate users, groups, roles, storage and services and to identify privilege escalation paths. The report highlights observable artifacts such as the user-agent azurehound/ and discusses detection opportunities in Microsoft Graph, Entra ID sign-in logs and Cortex XQL hunts. Practical mitigations include phishing-resistant MFA, Conditional Access Policies, token binding and broad endpoint and cloud visibility.

AWS Transfer Family: Change IdP Type Without Downtime

🔁 AWS Transfer Family now lets administrators change a server's identity provider (IdP) type without service interruption. This update allows dynamic switching among service-managed, Active Directory, and custom IdP authentication for SFTP, FTPS, and FTP servers, enabling zero-downtime migrations and faster compliance adaptation. The capability is available in all AWS Regions where Transfer Family operates.

Mozilla: New Firefox extensions must disclose data

🔒 Starting 3 November 2025, Mozilla will require new Firefox extension developers to declare data collection practices in manifest.json via a browser_specific_settings.gecko.data_collection_permissions key. Developers must adopt the framework across all extensions in the first half of 2026, and extensions that collect no personal data must state that explicitly. The declared practices will appear during installation, on the add-on listing, and in about:addons; submissions that omit the declaration will be blocked.

AWS Lambda ups asynchronous payload limit to 1 MB today

🚀 AWS has increased the maximum payload size for AWS Lambda asynchronous invocations from 256 KB to 1 MB. This change lets customers deliver richer, complex events—such as LLM prompts, telemetry batches, or detailed JSON outputs—without splitting, compressing, or externalizing data. The increase is generally available in all AWS Commercial and AWS GovCloud (US) Regions and can be used via the Lambda invoke API. Billing counts 1 request for the first 256 KB and an additional request per 64 KB chunk beyond that up to 1 MB.

AI 2030: The Coming Era of Autonomous Cybercrime Threats

🔒 Organizations worldwide are rapidly adopting AI across enterprises, delivering efficiency gains while introducing new security risks. Cybersecurity is at a turning point where AI fights AI, and today's phishing and deepfakes are precursors to autonomous, self‑optimizing AI threat actors that can plan, execute, and refine attacks with minimal human oversight. In September 2025, Check Point Research found that 1 in 54 GenAI prompts from enterprise networks posed a high risk of sensitive-data exposure, underscoring the urgent need to harden defenses and govern model use.

Signal Protocol's Path to Quantum-Resistant Messaging

🔒 Signal has moved to integrate post-quantum cryptography into its messaging stack to mitigate future quantum threats. Phase 1 uses PQXDH, a hybrid handshake combining X25519 with the KEM CRYSTALS-Kyber, to block harvest now, decrypt later attacks. Phase 2 adds SPQR, which runs alongside the Double Ratchet to form a hybrid Triple Ratchet, preserving forward secrecy and post-compromise security while handling larger key sizes, asynchrony, and message loss.

Amazon Aurora DSQL Adds Resource-Based Policies Support

🔒 Amazon Web Services has added resource-based policies to Aurora DSQL, letting administrators define which IAM principals can perform specific IAM actions on Aurora DSQL resources. Policies also support Block Public Access (BPA) controls to restrict access to public or VPC endpoints. The capability is available now in a set of regions and the documentation provides guidance to get started.

Why Threat Actors Succeed and How Defenders Respond

🔍 The Unit 42 2025 Incident Response analysis explains that attackers exploit complexity, visibility gaps and excessive trust to succeed against organizations of all sizes. The report notes almost a third of incidents were cloud-related, IAM failures appeared in 41% of cases and attackers often moved within an hour, causing outsized disruption and cost. The recommended response is to consolidate telemetry into an integrated platform like Cortex, extend protection into cloud with Cortex Cloud, secure browser activity with Prisma Browser, and engage Unit 42 for advisory and retainer services.

How Five Agencies Built Impossible Ads with Gemini

🎨 Google showcased how five agencies used Gemini 2.5 Pro and complementary generative media models to produce ambitious ad campaigns that blend nostalgia, personalization, and scalable visual storytelling. Projects ranged from a retro AI radio for Slice to personalized "postcard" ads for Virgin Voyages, AI co-hosts and party themes for Smirnoff, crowdsourced mascots for Visit Orlando, and cinematic short film work with Moncler. Results highlighted rapid production, measurable engagement lifts, and cross-product workflows across Imagen, Veo, Lyria, and Vertex AI. The post invites brands to explore these tools for creative scale and efficiency.

UN Cybercrime Treaty Faces Criticism Over Researcher Risks

🔒 Cybersecurity researchers and rights groups warn the UN Convention against Cybercrime, which begins a ratification process in Hanoi this weekend, could criminalize legitimate research and expand intrusive surveillance powers. The Cybersecurity Tech Accord and organizations such as Human Rights Watch say the draft's vague scope, broad criminalization language, and expansive data-access provisions risk arbitrary abuse and could hamper incident response. Some analysts acknowledge improvements around intent-based language but stress that robust national safeguards and explicit protections for security research are still needed.

SageMaker Studio Integrates with Athena Workgroups

📊 Data engineers and analysts can now connect Amazon SageMaker Unified Studio to existing Amazon Athena workgroups to run SQL queries using the workgroups' default settings and properties. This lets teams reuse access controls, cost limits, and query-tracking policies already defined in Athena, reducing setup time while maintaining governance. To enable it, choose 'Add compute' → 'Connect to existing compute resources' in Unified Studio; the connected Athena workgroup then appears in the query editor and is available in all regions where Unified Studio is supported.

CloudWatch Adds EC2 Metrics for EBS IOPS and Throughput

🔔 Amazon introduced two new Amazon CloudWatch instance-level metrics — Instance EBS IOPS Exceeded Check and Instance EBS Throughput Exceeded Check — that flag when the driven IOPS or throughput exceeds the EBS-Optimized limits of an EC2 instance. Each metric returns 0 (not exceeded) or 1 (exceeded), enabling rapid identification of I/O bottlenecks and the creation of dashboards or alarms. These metrics are provided by default at a 1-minute frequency at no additional charge for Nitro-based EC2 instances with EBS attached and are accessible via the EC2 console, CLI, or CloudWatch API across Commercial, GovCloud (US), and China Regions.

The Cybersecurity Perception Gap: Executive vs. Ops

🔍 The Bitdefender 2025 Cybersecurity Assessment highlights a widening perception gap between executives and operational security teams. While 93% of surveyed cybersecurity and IT professionals report confidence in managing an expanding attack surface, just 45% of C-level leaders describe themselves as "very confident" versus 19% of mid-level managers. Without improved reporting, shared visibility and stronger cross-level communication, this divide risks underinvestment and misaligned priorities that can create critical blind spots.

Passwordless Authentication: Clearing Common Myths

🔐 Passwordless authentication reduces reliance on passwords by using device-bound keys and local verification. The post explains that passwordless is inherently multi-factor: a device factor plus a local secret such as a PIN or biometric. Biometrics and PINs unlock a private key stored on the device and are not transmitted or centralized, reducing theft and replay risks. It also describes protections that make this approach highly phishing-resistant.

Hackers Earn $1,024,750 for 73 Zero‑Days at Pwn2Own Ireland

🛡️ Pwn2Own Ireland 2025 concluded in Cork with security researchers awarded $1,024,750 after demonstrating 73 zero-day vulnerabilities across eight product categories. Targets included printers, network-attached storage, messaging apps, smart home and surveillance devices, home networking gear, flagship phones (iPhone 16, Galaxy S25, Pixel 9) and wearables. The contest expanded the attack surface to include USB port exploitation on locked mobile handsets while retaining Bluetooth, Wi‑Fi and NFC vectors. Summoning Team topped the leaderboard with $187,500 and 22 Master of Pwn points.

Predictive Scaling Now Available in Six More AWS Regions

⚙️ AWS has expanded Predictive Scaling for EC2 Auto Scaling to six additional regions: Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain), and Europe (Zurich). Predictive Scaling learns from historical patterns and launches instances ahead of anticipated demand to reduce over-provisioning, lower EC2 costs, and keep applications responsive. It complements real-time policies like Target Tracking and Simple Scaling and can be previewed using a "Forecast Only" mode. The feature is available via the console, AWS CLI, CloudFormation, and AWS SDKs.

Path to CPS Resilience: Securing Critical Infrastructure

🔒 Cyber-physical systems (CPS) underpin critical infrastructure across industry, healthcare and buildings, and their continuous availability is essential to public safety and business continuity. The article urges CISOs to prioritize CPS security, invest in OT protection, close long-standing IT–OT silos and maintain accurate asset inventories. It highlights that many organizations lack OT incident response or business continuity plans and emphasizes that rapid recovery, segmentation and tested emergency procedures are key to minimizing downtime and harm. Analysts warn of steep recovery times and severe financial and human impacts if CPS resilience is not improved.

WhatsApp $1M Zero-Click Hack Mystery: Pwn2Own Outcome

🔐 A high-profile entry by a hacker known as ‘Eugene’ at Pwn2Own Ireland 2025 withdrew a claimed zero-click remote code execution exploit targeting WhatsApp, forfeiting the event’s $1 million top prize. Organizers Trend Micro ZDI say Team Z3 is sharing findings privately for coordinated disclosure to Meta, while WhatsApp reports no viable exploit was publicly demonstrated. The cancellation has fueled speculation about exploit readiness and underscores the role of responsible disclosure and rigorous triage before public demonstrations.

FIA drivers' portal breached, Formula 1 data exposed

🔐 Hackers gained access to a drivers' portal run by the Fédération Internationale de l'Automobile (FIA) during the summer, potentially exposing Formula 1 driver records. The three individuals said they were fans who reported a vulnerability instead of pursuing malicious use and claimed they neither viewed nor stored sensitive data after noticing passport details could be retrievable. The FIA took the site offline, secured the system and worked with the researchers to strengthen the portal.

Privacy rankings of popular messaging apps — 2025 Report

🔒 Incogni's Social Media Privacy Ranking 2025, summarized by Kaspersky, evaluates 15 platforms across 18 criteria to compare messaging apps on privacy and data handling. Overall scores place Discord, Telegram and Snapchat near the top, but a subset of practical criteria ranks Telegram first, followed by Snapchat and Discord. The analysis highlights default settings, data collection by mobile apps, handling of government requests, and encryption differences, noting that only WhatsApp provides end-to-end encryption for all chats by default.

CASB Buying Guide: Key Capabilities, Vendors, and Questions

🔒 A Cloud Access Security Broker (CASB) sits between enterprise endpoints and cloud services to deliver visibility, enforce access controls and detect threats. This guide summarizes core CASB functions — visibility, control, data protection and compliance — and contrasts deployment modes (API vs proxy). It profiles major vendors such as Netskope, Microsoft Defender for Cloud Apps, Palo Alto Networks and others, and presents 16 practical questions to assess internal readiness and evaluate providers against SSE/SASE roadmaps.

Cut IT Costs with Secure Self-Service Password Resets

🔐 Self-service password reset (SSPR) can significantly cut help desk costs and reduce downtime by letting users securely change forgotten or expired credentials without contacting support. Industry research cited in the article highlights that password-related calls are common and expensive — Gartner and Forrester figures are referenced and a Specops analysis reports average savings per user. The piece outlines security best practices including tiered risk controls, MFA, enrollment hygiene, and detection measures like rate limiting and location checks. It describes Specops uReset capabilities for Entra ID and Active Directory, automated enrollment, reporting, and a First Day Password add-on to reduce onboarding friction.

Cyber-risk in the Shadows: Shadow IT, AI Use and Risks

🛡️ In a short video for Cybersecurity Awareness Month, ESET Chief Security Evangelist Tony Anscombe explains how unsanctioned hardware and software — commonly called shadow IT — is creating security gaps in the remote and hybrid work era. He warns that growing employee use of generative AI further increases risk by exposing sensitive corporate data outside IT control. The video outlines practical steps IT teams can take to discover, govern and mitigate these hidden risks and points to related guidance on authentication, patching and ransomware resilience.

Kryptos Part Four Claimed Solved Amid Auction Dispute

🧩 Two researchers say they have solved the long-elusive fourth section of Kryptos, but reached the answer through documentary research rather than cryptanalysis, finding clues in the Sanborn papers at the Smithsonian’s Archives of American Art. The discovery comes as Jim Sanborn is preparing to auction what he describes as the solution, and the solvers report they will not publish their work. Legal threats have been made over disclosure and sale, though the legal basis is unclear. The episode raises immediate questions about provenance, transparency, and the ethics of selling a solution to a famous cryptographic artwork.