Week in Review: Cybersecurity News and Updates

Last week was a busy one for cybersecurity news, with several high-profile vulnerabilities and threats making headlines. In this recap, we'll take a look at some of the most interesting stories from around the web.

Stealthy Backdoor Found in SOHO Devices Running Linux

SecurityScorecard's STRIKE team has discovered a network of compromised small office and home office (SOHO) devices running Linux. The affected devices, which are often used for business operations or as hubs for IoT connections, have been identified as "LapDogs" due to their vulnerabilities.

High-Risk WinRAR RCE Flaw Patched

A recently patched directory traversal vulnerability (CVE-2025-6218) in WinRAR could be exploited by remote attackers to execute arbitrary code on affected installations. This highlights the importance of keeping software up-to-date and patching known vulnerabilities.

Breaking the Cycle of Attack Playbook Reuse

Threat actors have learned an old business trick: find what works, and repeat it. Across countless cyberattacks, Bitdefender has observed adversaries consistently applying the same steps—the same techniques, the same security bypass patterns—across different targets.

Flaw in Notepad++ Installer Could Grant Attackers SYSTEM Access

A high-severity vulnerability (CVE-2025-49144) in the Notepad++ installer could be exploited by unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. This highlights the importance of keeping software installers secure.

Converting to FIDO Security Keys

In this Help Net Security interview, Alexander Summerer, Head of Authentication at Swissbit, explains how FIDO security keys work, what threats they address, and why they're gaining traction across industries, from healthcare to critical infrastructure. Learn more about the benefits of FIDO keys and how you can implement them in your organization.

Windows 10: How to Get Security Updates for Free Until 2026

Users who want to stick with Windows 10 beyond its planned end-of-support date but still receive security updates, can enroll into the Windows 10 Extended Security Updates (ESU) program, Microsoft has confirmed on Tuesday. Learn more about this opportunity and how to take advantage of it.

Money Mule Networks Evolve into Hierarchical, Business-Like Criminal Enterprises

In this Help Net Security interview, Michal Tresner, CEO of ThreatMark, discusses how cybercriminals are weaponizing AI, automation, and social engineering to industrialize money mule operations. Discover the evolution of money mule networks and how they're becoming more sophisticated.

Trojanized SonicWall NetExtender App Exfiltrates VPN Credentials

Unknown attackers have trojanized SonicWall's SSL-VPN NetExtender application, the company has warned on Monday, and have been tricking users into downloading it from a lookalike site(s?). Learn more about this phishing attack and how to avoid falling victim.

Building Cyber Resilience in Always-On Industrial Environments

In this Help Net Security interview, Dr. Tim Sattler, CISO at Jungheinrich, discusses the cybersecurity risks tied to smart warehouses and industrial control systems. Learn more about building resilience in these environments and how to mitigate threats.

Microsoft Will Start Removing Legacy Drivers from Windows Update

Microsoft will start removing legacy drivers from Windows Update to improve driver quality for Windows users but, most importantly, to increase security, the company has announced. Learn more about this change and how it may impact your organization.

In this Help Net Security interview, Rinki Sethi, Chief Security Officer at Upwind, discusses how runtime platforms help CISOs shift from managing tools to managing risk. Discover the benefits of unified runtime platforms and how they can improve your organization's security posture.

CoinMarketCap and Cointelegraph Compromised to Serve Pop-Ups

The CoinMarketCap and CoinTelegraph websites have been compromised over the weekend to serve clever phishing pop-ups to visitors, asking them to verify/connect their crypto wallets. Learn more about this attack and how to avoid falling victim.

Why Work-Life Balance in Cybersecurity Must Start with Executive Support

In this Help Net Security interview, Stacy Wallace, CISO at Arizona Department of Revenue, talks about the realities of work-life balance in cybersecurity leadership. Discover the importance of executive support and how to prioritize work-life balance in your organization.

Critical Citrix NetScaler Bug Fixed

Citrix has fixed a critical vulnerability (CVE-2025-5777) in NetScaler ADC and NetScaler Gateway reminiscent of the infamous and widely exploited CitrixBleed flaw. Learn more about this patch and how to apply it to your organization.

How CISOs Can Justify Security Investments in Financial Terms

In this Help Net Security interview, John Verry, Managing Director at CBIZ, discusses how insurers and financial risk professionals evaluate cybersecurity maturity through different lenses. Learn more about justifying security investments and how to prioritize your organization's security efforts.

Quantum Risk is Already Changing Cybersecurity

A new report from the Cyber Threat Alliance warns that the era of quantum risk is already underway, and security teams need to stop treating it like a problem for tomorrow. Learn more about the impact of quantum computing on cybersecurity and how your organization can prepare.

Managing Through Chaos to Secure Networks

The network is what keeps businesses up and running, so it must be resilient. However, several factors contribute to the complexity of networks and the difficulty of enabling business continuity. Learn more about managing through chaos and securing your network.

Redefining Hacking Redefining Hacking Takes a Look at How Red Teaming and Bug Bounty Hunting Are Changing

Redefining Hacking takes a look at how red teaming and bug bounty hunting are changing, especially now that AI is becoming a bigger part of the job. Learn more about the future of hacking and how your organization can prepare.

71% of New Hires Click on Phishing Emails Within 3 Months

New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Learn more about the risks of phishing and how to protect your organization's new hires.

The Real Story Behind Cloud Repatriation in 2025

In this Help Net Security video, Mark Wilson, Technology and Innovation Director at Node4, shares key insights from the company’s 2025 mid-market report. Learn more about cloud repatriation and how it's impacting your organization.

Medical Device Cyberattacks Push Hospitals into Crisis Mode

22% of healthcare organizations have experienced cyberattacks that directly impacted medical devices, according to RunSafe Security. Learn more about the risks of medical device cyberattacks and how your hospital can prepare.

ClickFix Attacks Have Skyrocketed by More Than 500%

ClickFix, a deceptive attack method, saw a surge of more than 500% in the first half of 2025, making it the second most common attack vector after phishing, according to ESET’s latest Threat Report. Learn more about ClickFix attacks and how to avoid falling victim.

Google's Gemini CLI Brings Open-Source AI Agents to Developers

Google has open-sourced a command-line interface (CLI) agent built on its Gemini 1.5 Pro model, marking a notable step toward making generative AI more inspectable, extensible, and usable for developers working outside the IDE. Learn more about Google's Gemini CLI.

Users Lack Control as Major AI Platforms Share Personal Info with Third Parties