Week in review: Open-source tools harden the stack, and invisible IT rises as a workplace priority

40 open-source tools changing how teams protect the stack

Open-source security tools continue to win hearts across security teams. There’s something reassuring about software you can see inside, adapt to your needs, and use without worrying about license costs. This week’s roundup highlights 40 free tools built to solve very real, everyday problems – from managing massive environments to spotting risky misconfigurations and understanding how new tech quietly changes your attack surface. For many teams, these tools feel less like experiments and more like trusted companions.

AI agents are breaking rules in ways no one expected

AI agents are no longer just helpers on the sidelines. They plan actions, call tools, and make decisions on their own, often without a human signing off each step. That progress is exciting, but also a little unsettling. Security leaders are starting to ask hard questions about control and trust. A new research paper takes an early but important step by testing how well these agents stay within guardrails when users try to push them in risky directions.

AI-powered threats are moving onto the factory floor

In this Help Net Security interview, Natalia Oropeza, Chief Cybersecurity Officer at Siemens, shares a clear warning: AI-driven threats are no longer limited to IT systems. They are reaching deep into industrial environments. She explains why companies now feel pressure to build stronger in-house skills, especially for OT response and recovery. Oropeza also highlights something more human – collaboration and mindset shifts matter just as much as the tools themselves.

LLMs are spreading across the stack, and each layer adds risk

Large language models are quietly weaving themselves into enterprise products and daily workflows. While they bring speed and creativity, they also introduce new security stress points. A new guide from DryRun Security walks through how LLMs challenge long-held assumptions about data handling, app behavior, and internal trust boundaries. Built around the OWASP Top 10 for LLM Applications, the guide offers a practical risk model and reference architecture for teams building with these systems.

The unseen forces behind influential cybersecurity research

Security leaders spend a lot of time tracking threats and tools, but rarely stop to ask how cybersecurity research itself evolves. A new study flips the lens inward. Researchers from the University of Southampton looked at two long-running conference communities, SOUPS and Financial Cryptography and Data Security, to understand who collaborates, who gets heard, and what kinds of research gain influence over time. The results reveal subtle dynamics that shape the field more than many realize.

Henkel’s CISO on the messy reality of monitoring decades-old factories

In this Help Net Security interview, Stefan Braun, CISO at Henkel, speaks candidly about the challenges of securing smart factories built over many generations of technology. He explains how single points of failure hide in plain sight, how attackers take advantage of legacy systems, and why monitoring strategies must evolve. His message is honest and grounded: resilience comes from visibility, autonomy, and holding vendors to clear standards.

December 2025 Patch Tuesday forecast: Closing out the year

It’s hard to believe December 2025 is already here. As the year wraps up, two things stand out. First, an unusually large number of Microsoft products reached end of life or end of support. In the past, last-minute extensions often softened the blow, but this year was different. Applications and operating systems alike reached their final chapter, forcing organizations to finally move on, whether they felt ready or not.

A small mindset shift that turns threat intel into real value

In this Help Net Security video, Alankrit Chona, CTO at Simbian, explains why threat intelligence so often feels like noise. He walks through a simple but powerful shift that helps teams turn raw intel into something actionable – supporting detection, response, and threat hunting instead of overwhelming analysts.

Password habits are improving, and the data proves it

In this Help Net Security video, Andréanne Bergeron, Security Researcher at Flare, takes a long look at how password habits have changed over nearly two decades. Using leaked password data from 2007 to 2025, she shows how user behavior, policy changes, and painful breach lessons gradually pushed password strength higher. The progress isn’t perfect, but it’s real.

How to know if your password manager meets HIPAA needs

Healthcare organizations invest heavily in encryption, monitoring, and phishing defenses, yet passwords remain a quiet weakness. Weak or reused credentials still play a role in many breaches involving sensitive health data. This article explains how the HIPAA Security Rule views authentication and how the right password manager, properly configured, can help organizations meet both technical and regulatory expectations.

NVIDIA research reveals how agentic AI breaks under pressure

Agentic AI systems promise efficiency by planning and acting with less human guidance. But that autonomy comes with new risks. A research team from NVIDIA and Lakera AI released a safety and security framework that maps where these systems fail – often in the interactions between models, tools, data sources, and memory. Their work offers a sobering but necessary reality check.

A new image signature that survives cropping and fights deepfakes

Deepfake images can spread fast, damage trust, and shape public opinion before anyone verifies the source. Researchers from the University of Pisa focused on one stubborn problem: image signatures that break when images are cropped. Their new approach keeps signatures intact, offering a promising step toward restoring confidence in visual media.

Building SOX compliance with better training and password habits

SOX audits have a way of exposing uncomfortable truths. Even companies with strong infrastructure often discover that everyday password behavior weakens financial controls. This piece explores why passwords still sit at the heart of access decisions and how smarter training and stronger practices can reinforce internal controls over financial reporting.

UTMStack: An open-source approach to unified threat management

UTMStack brings SIEM and XDR features together in a single open-source platform. It focuses on real-time correlation of logs, threat intelligence, and malware patterns from multiple sources. The goal is simple but ambitious: help organizations spot and stop complex, stealthy attacks before real damage is done.

LLMs still struggle with vulnerability patching

Security teams are hopeful that LLMs can speed up patching work, but reality remains mixed. A new study tested models from OpenAI, Meta, DeepSeek, and Mistral to see how well they could fix vulnerable Java functions in one attempt. The results highlight both promise and clear limitations.

LLM privacy policies are getting longer and harder to trust

Privacy policies are supposed to clarify how data is used, but many users feel lost when reading them. A new study reviews how LLM privacy policies have grown longer, denser, and harder to understand. The trend raises concerns about transparency at a time when trust matters more than ever.

CISOs are spending more money and still feeling exposed

Security budgets are growing, yet many CISOs feel they’re falling behind. A new benchmark study from Wiz shows a widening gap between investment and real risk reduction. Cloud expansion, AI adoption, and rising complexity are outpacing improvements in core security outcomes, leaving leaders frustrated.

Invisible IT is becoming a top workplace concern

Employees want technology that just works. Instead, many struggle with fragmented systems that slow them down. A new Lenovo report highlights how widespread this problem has become and why reducing digital friction is quickly becoming a top priority for IT leaders.

The Bastion: Open-source access control for complex environments

Access sprawl happens fast. Servers, VMs, and network devices all add identities to manage. A bastion host offers a single, controlled entry point for admins and developers. The Bastion open-source project shows how this classic idea can be refined into a powerful access layer for modern infrastructure.

Teamwork is quietly breaking down, and security feels the impact

Not all security risks come from malware or exploits. Some grow out of everyday collaboration problems. As teamwork becomes harder and AI tools spread, gaps appear – leading to shadow IT and unmanaged data flows. A recent Forrester study explores how this slow breakdown happens and what leaders can do before it turns into real damage.

Uneven regulations reveal cracks in mobile security

Mobile networks carry enormous volumes of digital activity, making operators prime targets. A GSMA study shows operators spend $15–19 billion annually on core cybersecurity, with costs expected to soar by 2030. These figures don’t even include resilience, training, or governance, highlighting the true scale of the challenge.

Ransomware continues to spread wider

Ransomware keeps expanding into new sectors and regions. CyberCube’s Global Threat Briefing for H2 2025 shows attacks spreading in less predictable ways, making it harder for leaders to anticipate where the next wave will hit.

What 35 years of privacy law reveal about data protection today

Privacy laws have multiplied worldwide, giving individuals stronger rights on paper. But new research shows that legal protection doesn’t always reduce real-world harm. Looking back over 35 years, the study traces how privacy efforts evolved and why enforcement gaps remain, especially in an AI-driven world.

Download: Evaluating password monitoring vendors

Organizations using Active Directory must strengthen password policies to block compromised credentials. This downloadable guide helps teams compare password monitoring vendors and make sense of a crowded market.

Product spotlight: Tuta – private, encrypted email by design

Tuta, formerly Tutanota, is built for people who care deeply about privacy. Encryption isn’t an add-on – it’s the default. Messages stay protected from sender to recipient, offering peace of mind in an age of constant surveillance.

Cybersecurity jobs available now: December 9, 2025

We’ve scanned the market to bring you a fresh list of cybersecurity roles across experience levels. Whether you’re just starting out or ready for your next challenge, this week’s openings offer plenty to explore.

New infosec products of the week: December 12, 2025

Here’s a snapshot of the most interesting security product releases from the past week, featuring updates from Apptega, Backslash Security, BigID, Black Kite, Bugcrowd, NinjaOne, Nudge Security, and Veza.