It’s bad enough that organizations must worry about threat actors launching phishing attacks, injecting ransomware, or exploiting vulnerabilities; now, there is a new attack variant on the loose. Legal scammers. These are companies, which seem to be emerging particularly in Australia, are set up and registered as legal cybersecurity firms, but in the end just take a company’s money without delivering any services.

Maintaining an Active Directory (AD) enterprise environment is no easy task. Between all the permissions, security compliances, update cycles, emergency patches, appliance configurations and more, covering all the bases could feel overwhelming at times and could lead to errors that may result in major consequences.

Low-code workflow builders have flourished in the AI wave, providing the “shovels and picks” for non-technical users to make AI-powered apps. Flowise is one of those tools and, like others in its category, it has the potential to leak data when configured without user authentication. To understand the risk of misconfigured Flowise instances, we investigated over a hundred data exposures found in the wild.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! House of cards some would say…

Cybercrime doesn’t differentiate between individuals. It can happen to anyone, anytime. We have all heard about phishing attacks, where attackers deceive innocent people into clicking on malicious links and expose their sensitive information. It happens through text messages, emails, and phone calls. When such phishing targets high-profile individuals, like CEOs, CFOs, or top executives of organizations, it’s called a ‘Whaling Attack’.

Having joined visionary leaders and top practitioners at ZenityLabs’ AI Agent Security Summit in San Francisco, I came away inspired and laser-focused on the incredible opportunities and responsibilities ahead for any organization looking to adopt and secure AI agents.

The digital ecosystem of financial institutions is a complex web, intricately woven with the services of third-party providers. From cloud computing and AI solutions to critical IT managed services, these partnerships offer undeniable benefits – innovation, efficiency, and specialized expertise. However, as a recent, crucial letter from the New York Department of Financial Services (NYDFS) emphatically highlights, this reliance introduces significant, escalating cybersecurity risks.

In late September 2025, several European airports reported significant delays and flight cancellations due to issues with their check-in and passenger systems. Collin’s Aerospace, the vendor of the vMUSE check-in system, had been hit by a ransomware attack. ARINC error message: Source: Cyberplace.social.