Weekly Recap: Exploited Windows SMB Vulnerability and OAuth Apps Misused as Cloud Backdoors

Here’s an overview of some of last week’s most interesting news, articles, interviews, and videos:

Most AI privacy research looks the wrong way
Recent research from Carnegie Mellon University and Northeastern University has sparked discussion regarding the focus of privacy studies on large language models (LLMs). Instead of honing in on data memorization techniques that might not be the biggest threat, the researchers argue that the main risks lie in how LLMs collect, process, and infer user information in everyday interactions. This shift in focus could lead to more effective strategies for safeguarding user privacy in the developing AI landscape.

When everything’s connected, everything’s at risk
In an intriguing interview, Ken Deitz, CISO at Brown & Brown, elaborated on the evolving definition of cyber risk. He highlighted that the landscape has expanded to include not just IT systems but also IoT, operational technology (OT), and intricate supply chain ecosystems. With organizations increasingly interconnecting various assets, the breadth of potential attack surfaces and dependencies has grown significantly, magnifying the urgency for comprehensive cybersecurity measures.

Google introduces agentic threat intelligence for faster, conversational threat analysis
Google’s latest offering in threat intelligence aims to revolutionize how security teams interact with data. Rather than manually sifting through reports and establishing connections between various sources, teams can now engage in a conversational manner, dramatically streamlining the analytical process. This innovation underscores the potential for AI to shape more intuitive information-gathering practices in cybersecurity.

Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
In light of increasing cyber threats, Microsoft responded swiftly with an out-of-band security update to tackle CVE-2025-59287. This vulnerability within Windows Server Update Services (WSUS) had been identified as actively exploited, prompting the urgent need for patches to enhance organizational cybersecurity resilience.

Microsoft blocks risky file previews in Windows File Explorer
As part of its latest security updates, Microsoft has redesigned how Windows File Explorer handles internet-downloaded files. By blocking risky file previews, the tech giant hopes to mitigate exposure to malicious threats while improving overall user security standards in their operating system.

Researchers expose large-scale YouTube malware distribution network
A significant discovery by Check Point researchers brought to light a massive malware distribution network on YouTube, aptly named the “YouTube Ghost Network.” Their extensive mapping and examination reveal how adversaries exploit popular platforms for malicious purposes, raising alarms about online safety and the efficacy of current monitoring strategies.

Lanscope Endpoint Manager vulnerability exploited in zero-day attacks (CVE-2025-61932)
The vulnerability CVE-2025-61932 in Lanscope Endpoint Manager has been under scrutiny since being flagged as a zero-day exploit since April 2025. The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) issued a warning last week, encouraging organizations to implement protective measures against potential exploitation.

Critical Adobe Commerce, Magento vulnerability under attack (CVE-2025-54236)
Sansec researchers have raised alerts regarding the active exploitation of CVE-2025-54236, a critical vulnerability affecting Adobe Commerce and Magento Open Source. With attackers targeting this widely-used platform, it highlights the necessity for immediate patching and preventive efforts on the part of businesses relying on these systems.

Attackers target retailers’ gift card systems using cloud-only techniques
A new trend in cybercrime has emerged, with suspected Morocco-based attackers using cloud-only techniques to infiltrate retailers’ gift card systems. This campaign highlights an evolving threat landscape where traditional forms of attack give way to more sophisticated methods that exploit cloud infrastructure.

Attackers turn trusted OAuth apps into cloud backdoors
Proofpoint researchers have discovered that attackers are increasingly abusing OAuth-based applications to establish enduring access to cloud environments. As these trusted apps become points of vulnerability, organizations must closely monitor their usage and enforce stringent security measures.

CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CISA has issued a warning regarding CVE-2025-33073, a Windows SMB Client vulnerability that is currently being exploited in the wild. Organizations are urged to promptly apply patches released by Microsoft in June 2025 to safeguard their systems and networks.

Official Xubuntu website compromised to serve malware
In a troubling development, the official website for Xubuntu—a community-maintained Ubuntu variant—has been compromised. Visitors were inadvertently directed to download Windows malware instead of the intended Linux distribution, emphasizing the need for constant vigilance in website security.

Hard-coded credentials found in Moxa industrial security appliances, routers (CVE-2025-6950)
Moxa has identified and addressed five vulnerabilities in its industrial security products, including CVE-2025-6950, which relates to hard-coded credentials. This flaw allows for significant risks to system integrity, reinforcing the importance of diligent credential management in exposed devices.

China-linked Salt Typhoon hackers attempt to infiltrate European telco
The Salt Typhoon APT group, known for its Chinese affiliations and targeting of telecommunications sectors, has been detected attempting to breach another European telecom company. This underscores the ongoing geopolitical stakes surrounding cyber offense and defense in critical industries.

Smart helmet tech points to the future of fighting audio deepfakes
Researchers at Texas Tech University have explored innovative ways to combat audio deepfakes using voice authentication linked to physical speech movements. This emerging technology could enhance security mechanisms, providing a high-tech approach to verifying identities in a time when audio tampering is becoming increasingly feasible.

Faster LLM tool routing comes with new security considerations
A study from the University of Hong Kong has introduced a method aimed at speeding up the connection of large language models to outside tools. While promising improved efficiency, this connection also creates new security challenges that demand vigilance and innovative safety solutions.

Your wearable knows your heartbeat, but who else does?
With the rise of smartwatches, glucose monitors, and connected medical devices, the healthcare landscape is rapidly evolving. While these innovations facilitate early detection and personalized treatment, they also expose sensitive patient data to innovative attack vectors. There is a growing need for stringent security measures as remote monitoring becomes more commonplace.

How Lazarus Group used fake job ads to spy on Europe’s drone and defense sector
ESET researchers have released findings on the Lazarus Group’s Operation DreamJob. Part of a long-term campaign linked to North Korea, this activity has primarily targeted European defense contractors involved in drone and UAV innovation, reflecting the ongoing tensions and technological competitions on the world stage.

OpenFGA: The open-source engine redefining access control
OpenFGA is revolutionizing access control with its open-source and adaptable authorization engine. Inspired by Google’s Zanzibar, it empowers developers to implement fine-grained access policies more effectively, which is crucial in an age where data access must be both secure and flexible.

For blind people, staying safe online means working around the tools designed to help
The intersection of technology and accessibility is crucial for blind and low-vision users. A study from CISPA Helmholtz Center and DePaul University reveals that the very tools intended to facilitate online security often hinder these users, leading to risky behaviors such as password reuse. Enhancing accessibility in security tools is pivotal for ensuring everyone can navigate online risks safely.

Your smart building isn’t so smart without security
Smart buildings present enticing conveniences, but their integration of technology can create unexpected vulnerabilities. As these environments rely on interconnected systems, understanding how to safeguard them against cyber threats is indispensable for maintaining their promise of comfort and efficiency.

AI’s split personality: Solving crimes while helping conceal them
The dual-edged role of AI within cybercrime is a poignant subject for discussion. A new study from the University of Cagliari suggests that AI aids both in detecting cybercriminal activities and in supporting them, raising ethical questions about our reliance on AI in both investigative and malicious contexts.

10 data security companies to watch in 2026
The cybersecurity landscape evolves rapidly, with numerous vendors pushing the envelope in data protection. Highlighted through Help Net Security’s observance, several companies stand out for their innovative approaches and commitment to redefining what security can accomplish.

Why ex-military professionals are a good fit for cybersecurity
With their backgrounds in teamwork, strategic thinking, and mission-focused work, military veterans often find cybersecurity a fitting new avenue. This sector presents them with the opportunity to bring their skills to a new domain, continuing their service oriented toward protecting information and systems on a different battlefield.

Nodepass: Open-source TCP/UDP tunneling solution
NodePass is breaking new ground in network tunneling by merging compactness with enterprise-grade capabilities. This open-source project is designed to empower DevOps teams and system administrators by simplifying the management of complex network environments—increasing efficiency without the drawbacks of cumbersome configurations.

Life, death, and online identity: What happens to your online accounts after death?
As technology continues to redefine our presence, it’s crucial to consider the fate of our digital identities posthumously. The OpenID Foundation is working on strategies to help individuals navigate this complex area, promoting accounts access rights for loved ones in case of death or incapacity.

Why cybersecurity hiring feels so hard right now
In an engaging video, Carol Lee Hobson, CISO at PayNearMe, sheds light on the persistent “talent gap” in cybersecurity hiring. The discussion reveals the complex dynamics affecting recruitment and retention in this sector.

3 DevOps security pitfalls and how to stay ahead of them
Dustin Kirkland, SVP of Engineering at Chainguard, dives into three critical security pitfalls commonly faced in DevOps. His insights highlight how to proactively combat unpatched code, legacy systems, and the increased usage of AI and automation in engineering.

Building trust in AI: How to keep humans in control of cybersecurity
In a thought-provoking video, Rekha Shenoy, CEO at BackBox, tackles the significance of keeping human expertise at the forefront of AI in cybersecurity. She articulates how the technology’s value can be realized not by replacing human roles, but by enhancing and augmenting them instead.

What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
A new report from Microsoft details how adversaries are employing AI to automate operations and increase the efficacy of their attacks, shifting the paradigms of traditional defenses. The research underscores a year of blurred lines between cybercrime and espionage, emphasizing a need for refined strategies in cybersecurity.

When AI writes code, humans clean up the mess
As AI becomes increasingly involved in coding processes, a fresh report from Aikido Security reveals a troubling trend: while these tools enhance speed, they also introduce new vulnerabilities. This raises questions about the balance of efficiency and security in software development practices.

Wireshark 4.6.0 brings major updates for packet analysis and decryption
Wireshark enthusiasts will find exciting features in the newest version 4.6.0. Updates enhance how users analyze traffic and manage protocol decoding, cementing Wireshark’s reputation as an essential tool for network analysis.

The next cyber crisis may start in someone else’s supply chain
A recent Riskonnect report highlights the disparity between risk awareness and readiness in today’s organizations. While awareness of potential threats is improving, the rapid pace of evolving risks, shaped significantly by geopolitics, often leaves enterprises underprepared.

Gartner predicts the technologies set to transform 2026
Gartner’s forecasts for 2026 spotlight a transformative era defined by advances in AI, connectivity, and digital trust. As organizations gear up for shifts in competition and operation, these innovations will become crucial focal points.

Companies want the benefits of AI without the cyber blowback
As highlighted by ISACA, a significant portion of IT and cybersecurity professionals admit that AI-driven threats and deepfakes present significant concerns as they look ahead to 2026. This sentiment accentuates the dual-edged nature of technological advancement.

Inside the messy reality of Microsoft 365 management
As Microsoft 365 becomes the backbone of business operations, findings from a Syncro survey reveal ongoing challenges in management—highlighting issues such as complexity, inadequate backups, and reactive security measures that complicate operational workflows.

Cybersecurity jobs available right now: October 21, 2025
For those seeking work in the cybersecurity field, a roundup of currently available positions emphasizes the varied roles and skills being sought, reflecting the growth and diversification of demand within the industry.

New infosec products of the week: October 24, 2025
Stay ahead of the curve with a look at the most compelling information security products launched recently, showcasing innovations from companies like Axoflow, Elastic, Illumio, Keycard, Netscout, and Rubrik.