Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The AI revolution is here, and it’s running on Kubernetes. From fraud detection systems to generative AI platforms, AI-powered applications are no longer experimental projects; they’re mission-critical infrastructure. But with great power comes great responsibility, and for Kubernetes platform teams, that means rethinking security.

As one of the most prestigious Ivy League institutions, Columbia University has centered on offering transformative educational experiences combining liberal arts training with the resources of a world-class research university. Its goal is to prepare students to become civic-minded leaders and lifelong learners. It was established in 1754 as King’s College following a royal charter under King George II, which made it the fifth-oldest institution of higher learning in the United States.

When new security research hits the headlines, it often sparks a predictable wave of worry: should we turn off features we rely on? Should we rethink basic workflows? That’s exactly the case with recent findings that highlight how clickjacking techniques can exploit password manager autofill behavior.

If shadow IT was the SaaS era’s guilty pleasure, shadow AIT is GenAI’s sugar rush: unsanctioned AI models, tools, and autonomous agents quietly wired into business workflows—often without approvals, logging, or controls. It’s fast, it’s useful, and it can bite.

Artificial Intelligence (AI) is transforming cybersecurity, but not always for the better. While organisations adopt AI to strengthen their defences, cybercriminals and nation-state actors are exploiting the same tools to launch faster, more sophisticated, and harder-to-detect attacks. From AI-powered phishing and malware evasion to deepfake-enabled fraud, adversarial AI is no longer a future risk, it’s a present-day reality.

Every IT team is under pressure to “do more with AI.” A new tool promises smarter workflows, a new agent claims to replace manual tasks. But if you’re managing service requests, availability SLAs, patch cycles, infrastructure capacity, and application performance every day, you know the truth: AI doesn’t automatically reduce complexity on its own.

Few security practices carry as much weight as patch management. Consider the cautionary tale of Travelex. In early 2020, the British currency exchange was hit by a ransomware attack that spread quickly across its network, locking staff out of their systems. Reports suggest the company paid millions to restore access and prevent sensitive data from being sold; an outcome that underscores how a single gap in patching can cascade into a business-wide crisis.

On September 9, 2025, Microsoft released details of CVE-2025-55234, a critical vulnerability in the Windows Server Message Block (SMB) protocol. With a CVSS v3 score of 8.8, it’s classified as High severity and poses a serious elevation-of-privilege (EoP) risk. An attacker exploiting this flaw could launch a relay attack, allowing them to gain the privileges of a legitimate user without elevated permissions or insider access.

On September 8, 2025, a large-scale npm supply chain attack quickly compromised 18 popular packages (with the 18 packages representing more than 2.6 billion weekly downloads within the bioinformatics ecosystem). Attackers hijacked a maintainer’s account by impersonating npm support in a phishing campaign to upload backdoored versions of popular packages like chalk, debug, ansi-styles, and supports-color.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Updates on last week’s certificate issuing error.