Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Think about your digital spaces. You’ve got your corporate email, which we all treat a bit like a high-security bank vault. We approach it with caution, we're suspicious of unfamiliar senders, and we’re primed to spot a dodgy attachment. Then, you have WhatsApp. That’s the digital equivalent of your living room. It’s comfy, familiar, and filled with people you (mostly) trust. Our guard is down.

Breaches got faster. Architectures got messier. And data stopped living in tidy tables. Modern stacks push personal and regulated data through microservices, data lakes, event streams, vector stores, and LLM prompts. Encryption still matters, but it protects containers, not behaviors. As soon as an app decrypts a record, risk comes roaring back.

Spyware can be a user’s nemesis. Once a user’s device is infected, spyware can collect a variety of personal and sensitive information, depending on the type of spyware. Here is what you need to know about spyware and how to detect it.

Automotive programs are moving faster than many engineering teams planned for. Regulatory pressure — from UN R155/R156 (WP.29) and ISO/SAE 21434 to the forthcoming EU Cyber Resilience Act — is reshaping expectations for how identity, signing, and software integrity are managed across the entire ECU and OTA lifecycle. At the same time, SERMI is redefining workshop and diagnostic access, introducing strong authentication into processes that were previously loosely governed.

On November 24, a new wave of the Shai-Hulud supply chain attack emerged. The threat actors exfiltrate stolen credentials directly to GitHub repositories created with compromised tokens.

On November 18, 2025, a single configuration file change at Cloudflare disrupted access to large parts of the web. Around 11:20 UTC, Cloudflare’s network began returning a surge of HTTP 5xx errors. Users trying to reach services like X (formerly Twitter), ChatGPT/OpenAI, Ikea, Canva, and many others suddenly saw Cloudflare-branded error pages instead of the applications they expected. Cloudflare mitigated the issue, restored service, and published a detailed public report.

Infrastructure has always been the backbone of IT Operations, but its scope has expanded dramatically. Gone are the days when infrastructure meant only racks of on-premise servers and storage arrays. For many businesses, today's reality is a sprawling, interconnected landscape encompassing multi-cloud environments, modern software-as-a-service (SaaS) platforms, traditional data centers, and emerging edge workloads.

Vulnerability in WhatsApp revealed billions of active accounts. Avast explains, why it’s important to keep your phone number private. When we think about protecting our personal data, we often think of our home address, passwords, or banking credentials. But a recent discovery of vulnerability in WhatsApp shows that our phone numbers deserve the same caution. For many of us, WhatsApp is the go-to app for quick communication. It's where we plan family dinners, send memes, and catch up with friends.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! A bit of a nasty one eh?

This week marks the start of the 16 Days of Activism Against Gender Based Violence, a global campaign from 25th November to 10th December that calls for action to end all forms of violence against women and girls. For us, as a charity supporting people harmed through technology, this period is an important reminder that digital abuse is now one of the most common and damaging ways gender based violence is carried out.