Teaching Cybersecurity by Letting Students Break Things
Airbus Cybersecurity and Dauphine University found that embedding structured hacking, social engineering, and capture‑the‑flag exercises into curricula dramatically increases student engagement and confidence. The study tracked participants as they assumed attacker, analyst, and insider roles, culminating in a mixed‑reality CTF that required technical, observational, and persuasive skills. Qualitative feedback highlighted persistent problem‑solving, collaboration, and deeper appreciation of human‑centric attack vectors. Results suggest experiential formats outperform lecture‑only approaches in teaching cybersecurity fundamentals.
Cybersecurity Jobs Available Right Now: January 13, 2026
The January 2026 cybersecurity job roundup lists more than 30 senior‑level openings across continents, from CISO roles at Australia’s CSIRO to GenAI security specialists in Israel. Positions span core disciplines such as threat hunting, vulnerability management, IAM governance, and OT network...
Booz Allen Hamilton and Andreessen Horowitz Accelerate Commercial Tech for Government
Booz Allen Hamilton announced a partnership with Andreessen Horowitz, designating Booz Allen as the a16z Technology Acceleration Partner for Governments. The alliance will connect a16z’s portfolio startups with Booz Allen’s deep mission expertise, secure‑network capabilities, and engineering talent to fast‑track...
Debian 13.3 Is Now Available with Targeted Corrections, Updates
Debian 13.3, the third point release for the stable “trixie” branch, is now available. It bundles over one hundred package adjustments and multiple security patches, covering core services such as Apache HTTP Server, GNOME components, and container tools. Existing Debian...
Rethinking OT Security for Project Heavy Shipyards
Hans Quivooij, CISO of Damen Shipyards, explains how the project‑driven, contractor‑heavy nature of modern shipyards expands the OT threat surface and renders traditional perimeter security ineffective. He advocates passive network monitoring and strict segmentation to gain visibility into legacy PLCs...
PfSense: Open-Source Firewall and Routing Platform
pfSense Community Edition (CE) is a free, open‑source firewall and routing platform that runs on standard x86 hardware, virtual machines, and select embedded devices. It offers stateful firewalling, IPv4/IPv6 support, VLAN tagging, and multi‑WAN capabilities through an intuitive web interface....
What Security Teams Can Learn From Torrent Metadata
A new research paper demonstrates how open‑source intelligence can turn public torrent metadata into actionable threat intelligence. By harvesting file descriptors, tracker‑provided peer lists and enriching over 60,000 IP addresses with geolocation, ISP and VPN indicators, the authors built network...
EU’s Chat Control Could Put Government Monitoring Inside Robots
EU’s proposed Chat Control regulation, originally targeting online child sexual abuse, now extends to robots that facilitate interpersonal communication. By defining any interactive service as a communication service, the law obliges robot providers to conduct risk assessments and potentially embed...
Week in Review: PoC for Trend Micro Apex Central RCE Released, Patch Tuesday Forecast
The week’s security roundup highlighted a critical proof‑of‑concept for an unauthenticated remote‑code execution flaw in Trend Micro Apex Central (CVE‑2025‑69258) and a newly disclosed exploit of HPE OneView (CVE‑2025‑37164). The UK government unveiled a £210 million Cyber Action Plan to harden public‑service...
European Commission Opens Consultation on EU Digital Ecosystems
The European Commission has launched a public consultation on open digital ecosystems, running from 6 January to 3 February 2026, to gather evidence for a forthcoming Communication due in Q1 2026. The call highlights that 70‑90 % of software code in EU digital systems relies...
January 2026 Patch Tuesday Forecast: And so It Continues
The latest Patch Tuesday briefing highlights Microsoft’s December 2025 update problems, including MSMQ failures and a RemoteApp issue on Windows 11 Azure Virtual Desktop that can be mitigated with a registry key or KIR rollback. Apple released December security patches addressing...
How AI Agents Are Turning Security Inside-Out
AppSec teams now face a new threat from internally built no‑code AI agents that operate across enterprise systems. These agents execute business logic, call APIs, and move data in real time, behaving like always‑on applications with high privileges. Because they...
Security Teams Are Paying More Attention to the Energy Cost of Detection
Security teams are increasingly scrutinizing the energy footprint of detection models as cloud costs and sustainability pressures rise. A recent study measured common anomaly detection algorithms for both traditional performance metrics and their power consumption, introducing an Eco Efficiency Index...
Wi-Fi Evolution Tightens Focus on Access Control
The Wireless Broadband Alliance reports rapid enterprise adoption of Wi‑Fi 7, driven by higher throughput, lower latency, and the newly available 6 GHz spectrum. Mixed‑generation device environments are forcing operators to rethink policy, telemetry, and access control across all radios. Security concerns...
Upwind Choppy AI Simplifies Cloud Security Exploration and Investigation
Upwind has launched Choppy AI, an add‑on that embeds generative‑AI capabilities throughout its Cloud‑Native Application Protection Platform (CNAPP). The tool converts natural‑language commands into visible, editable queries and security rules, letting teams investigate inventories, policies, and vulnerabilities without opaque black‑box...
Cyera Secures $400M to Scale AI-Native Data Security Platform and Enterprise Adoption
Cyera announced a $400 million Series F round, pushing its valuation to $9 billion and bringing total funding above $1.7 billion. The capital, led by Blackstone and backed by existing investors, will accelerate its AI‑native data security platform and global expansion. The company now...
PoC Released for Unauthenticated RCE in Trend Micro Apex Central (CVE-2025-69258)
Trend Micro issued a critical patch (Build 7190) for its on‑premise Apex Central platform, addressing three remotely exploitable flaws disclosed by Tenable. The most severe, CVE‑2025‑69258, enables unauthenticated attackers to inject a malicious DLL into MsgReceiver.exe and gain SYSTEM‑level code execution....
IPFire Update Brings New Network and Security Features to Firewall Deployments
IPFire released Core Update 199, bringing Wi‑Fi 6 and Wi‑Fi 7 support, native LLDP/CDP discovery, and a Linux 6.12.58 kernel. The update upgrades Suricata to version 8.0.2 and refines OpenVPN handling, including multiple DNS/WINS pushes. It also patches a proxy‑related CVE and improves web‑interface...
StackRox: Open-Source Kubernetes Security Platform
StackRox is an open‑source Kubernetes security platform that unifies build‑time image scanning, configuration analysis, and runtime telemetry. It ingests data from container images, Kubernetes APIs, and live cluster activity to drive policy checks covering vulnerabilities, privilege escalation, and network exposure....
What Happens to Insider Risk when AI Becomes a Coworker
In a Help Net Security video, Living Security CEO Ashley Rose explains that AI’s integration into everyday workflows expands the definition of insider risk to include autonomous agents and automated processes. She notes that most risky actions stem from broken...
Voice Cloning Defenses Are Easier to Undo than Expected
Researchers at a Texas university demonstrated that popular noise‑based voice‑protection tools can be stripped away, restoring speaker identity and enabling cloned voices to pass verification. They introduced VocalBridge, a diffusion‑based system that removes protective noise while preserving natural speech characteristics....
Debian Seeks Volunteers to Rebuild Its Data Protection Team
The Debian Project announced that its Data Protection Team has become inactive after all three members stepped down simultaneously. The responsibilities for handling privacy inquiries, maintaining the public privacy policy, and processing data‑subject requests have temporarily shifted to Project Leader...
WWT Introduces ARMOR, a Vendor-Agnostic Framework for Secure AI Readiness
World Wide Technology (WWT) unveiled ARMOR, a vendor‑agnostic AI Readiness Model for Operational Resilience built with NVIDIA. The framework spans six security domains—from governance and risk to model, infrastructure, operations, SDLC, and data protection—providing end‑to‑end guidance across cloud and on‑prem...
Hexnode XDR Unifies Detection, Investigation, and Response in One Platform
Hexnode has introduced Hexnode XDR, an extended detection and response platform that consolidates threat detection, investigation, and remediation into a single interface. The solution embeds a unified dashboard, real‑time correlation, contextual alerts and one‑click remediation, and it integrates tightly with...
Keysight Empowers Engineering Teams to Build Trustworthy AI Systems
Keysight Technologies launched the AI Software Integrity Builder, a lifecycle‑based platform that unifies dataset analysis, model validation, and inference testing for AI systems. The tool is aimed at safety‑critical domains such as automotive, helping engineers demonstrate transparency, reliability, and regulatory...
When AI Agents Interact, Risk Can Emerge without Warning
New research from the Fraunhofer Institute shows that interactions among AI agents can generate systemic risks even when each agent follows its own design parameters. The study identifies feedback loops, shared signals, and coordination patterns as mechanisms that produce emergent...
What European Security Teams Are Struggling to Operationalize
Kiteworks’ 2026 forecast reveals European security and compliance teams have robust regulatory policies but weak operational execution. AI‑specific incident response, software‑supply‑chain visibility, third‑party coordination, and compliance automation all lag global averages. Adoption rates for AI anomaly detection, SBOM management, and...
