Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158
Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix for earlier this month, Censys has warned.
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)
CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers.
Protecting farms from hackers: A Q&A with John Deere’s Deputy CISO
In this Help Net Security interview, Carl Kubalsky, Director and Deputy CISO at John Deere discusses the most pressing security challenges in agriculture, how his team is working with partners and ethical hackers to stay ahead of adversaries, and what priorities will define the next 12-18 months.
NetScaler ADC/Gateway zero-day exploited by attackers (CVE-2025-7775) – updated!
Three new vulnerabilities affecting (Citrix) NetScaler application delivery controller (ADC) and Gateway devices have been made public, one of which (CVE-2025-7775) has been targeted in zero-day attacks.
Why satellite cybersecurity threats matter to everyone
In this Help Net Security interview, Brett Loubert, leader of Deloitte‘s U.S. Space practice, walks us through the most pressing risks, the vulnerable points across satellite systems, and the practices that can make space operations more secure.
Attackers use “Contact Us” forms and fake NDAs to phish industrial manufacturing firms
A recently uncovered phishing campaign – carefully designed to bypass security defenses and avoid detection by its intended victims – is targeting firms in industrial manufacturing and other companies critical to various supply chains, Check Point researchers have warned.
How compliance teams can turn AI risk into opportunity
In this Help Net Security interview, Matt Hillary, CISO at Drata, looks at how AI is changing the role of governance, risk, and compliance, from handling sensitive data to making compliance a continuous, adaptive process.
Agentic AI coding assistant helped attacker breach, extort 17 distinct organizations
Cybercriminals have started “vibe hacking” with AI’s help, AI startup Anthropic has shared in a report released on Wednesday.
Where security, DevOps, and data science finally meet on AI strategy
In this Help Net Security interview, Andrew Hillier, CTO at Densify, explores how organizations can approach Kubernetes optimization with security, observability, and strategic maturity in mind, and why thinking in terms of “yield” may be the key to sustainable AI operations.
Hundreds of Salesforce customer orgs hit in clever attack with potentially huge blast radius
A threat group Google tracks as UNC6395 has pilfered troves of data from Salesforce corporate instances, in search of credentials that can be used to compromise those organizations’ environments.
Finding connection and resilience as a CISO
In this Help Net Security interview, Michael Green, CISO at Trellix, discusses how CISOs can build trusted communities, balance information sharing with confidentiality, and avoid burnout while leading at the highest level.
ScreenConnect admins targeted with spoofed login alerts
ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event.
AI Security Map: Linking AI vulnerabilities to real-world impact
A single prompt injection in a customer-facing chatbot can leak sensitive data, damage trust, and draw regulatory scrutiny in hours. The technical breach is only the first step. The real risk comes from how quickly one weakness in an AI system can trigger a chain of business, legal, and societal impacts.
Fake macOS help sites push Shamos infostealer via ClickFix technique
Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers have warned.
New framework aims to outsmart malware evasion tricks
Attackers have learned how to trick machine learning malware detectors with small but clever code changes, and researchers say they may finally have an answer.
AI is becoming a core tool in cybercrime, Anthropic warns
A new report from Anthropic shows how criminals are using AI to actively run parts of their operations.
ScamAgent shows how AI could power the next wave of scam calls
Scam calls have long been a problem for consumers and enterprises, but a new study suggests they may soon get an upgrade. Instead of a human scammer on the other end of the line, future calls could be run entirely by AI.
How to build a secure AI culture without shutting people down
In this Help Net Security video, Michael Burch, Director of Application Security at Security Journey, explains how organizations can build a secure AI culture.
Can AI make threat intelligence easier? One platform thinks so
The volume of threat data is growing, and analysts risk burnout if they spend most of their time collecting rather than analyzing. Feedly Threat Intelligence is designed to address that imbalance by automating data collection and adding context that helps analysts move faster from discovery to action.
AI isn’t taking over the world, but here’s what you should worry about
In this Help Net Security video, Josh Meier, Senior Generative AI Author at Pluralsight, debunks the myth that AI could “escape” servers or act on its own.
LLMs at the edge: Rethinking how IoT devices talk and act
Anyone who has set up a smart home knows the routine: one app to dim the lights, another to adjust the thermostat, and a voice assistant that only understands exact phrasing. These systems call themselves smart, but in practice they are often rigid and frustrating.
Smart manufacturing demands workers with AI and cybersecurity skills
According to Rockwell Automation’s 10th Annual State of Smart Manufacturing Report, 56% of manufacturers are piloting smart manufacturing initiatives, 20% have deployed them at scale, and another 20% are planning future investments.
Why a new AI tool could change how we test insider threat defenses
A research team has introduced Chimera, a system that uses LLM agents to simulate both normal and malicious employee activity in enterprise settings.
The energy sector has no time to wait for the next cyberattack
The energy sector remains a major target for cybercriminals. Beyond disrupting daily routines, a power outage can undermine economic stability and public safety.
Review: Adversarial AI Attacks, Mitigations, and Defense Strategies
Adversarial AI Attacks, Mitigations, and Defense Strategies shows how AI systems can be attacked and how defenders can prepare.
Maritime cybersecurity is the iceberg no one sees coming
Ships equipped with new technologies have become attractive targets for criminals. Any attack on these systems can compromise safety and put human lives at risk.
Hottest cybersecurity open-source tools of the month: August 2025
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments.
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux
Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached storage, or on your own computer.
Cybersecurity jobs available right now: August 26, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Infosec products of the month: August 2025
Here’s a look at the most interesting products from the past month, featuring releases from: Black Kite, Brivo, Cloudflare, Descope, Doppel, Druva, Elastic, ExtraHop, LastPass, Prove, Riverbed, Rubrik, StackHawk, and Trellix.
