By MaryOn November 6, 2025

The Louvre’s video security password was reportedly ‘Louvre’

If you’ve been watching the non-technology news for the last couple of weeks… well first of all, I’m sorry. But you might have noticed that one of the most brazen robberies in recent memory happened at the legendary Louvre museum in Paris, where thieves made off with centuries-old crown jewels that have yet to be recovered. According to a security investigation, the password for video surveillance system was “Louvre,” which is basically one step above “password.” Maybe this was less a jewel heist for the ages and more of a Hackers cosplay attempt. Safe, non-guessable passwords are kind of a big deal, as our own security expert will tell you.

2 Billion Email Addresses Were Exposed, and We Indexed Them All in Have I Been Pwned

I hate hyperbolic news headlines about data breaches, but for the “2 Billion Email Addresses” headline to be hyperbolic, it’d need to be exaggerated or overstated – and it isn’t. It’s rounded up from the more precise number of 1,957,476,021 unique email addresses, but other than that, it’s exactly what it sounds like. Oh – and 1.3 billion unique passwords, 625 million of which we’d never seen before either. It’s the most extensive corpus of data we’ve ever processed, by a significant margin. A couple of weeks ago, I wrote about the 183M unique email addresses that Synthient had indexed in their threat intelligence platform and then shared with us. I explained that this was only part of the corpus of data they’d indexed, and that it didn’t include the credential stuffing records. Stealer log data is obtained by malware running on infected machines.

Google researchers detect first operational use of LLMs in active malware campaigns

Threat actors are now actively deploying AI-enabled malware in their operations. Google Threat Intelligence Group (GTIG) has identified cybercriminal use of “just-in-time” AI which employs large language models (LLMs) on the fly to create malicious scripts and functions, and to obfuscate code. Additionally, GTIG investigations have revealed that models are just as susceptible to social engineering as humans. They can, for example, be easily fooled by attackers purporting to be “capture-the-flag” (CTF) participants, students, or cybersecurity researchers.

Why API Security Will Drive AppSec in 2026 and Beyond

The way software is built is being rewritten in real-time. Large language model (LLM) integration, agents and model context protocol (MCP) connection turn a simple app into a web of application programming interface (API) calls and a growing security challenge. As developers rush to integrate generative artificial intelligence (GenAI), they’re adding tools, plugins and connectors, each introducing more APIs. This rapid sprawl overwhelms traditional visibility and governance tools, making continuous API discovery and testing the first line of defense. So, what does this all mean for security? Recent findings from The GenAI Application Security Report (2025) confirm how deep this transformation runs — 98% of organizations have either already integrated or plan to integrate LLMs into their applications, and nearly half are building or using their own MCP servers. These integrations are driving a massive increase in API activity, with many teams struggling to maintain full visibility or control.

Cisco Warns of Hackers Actively Exploiting ASA and FTD 0-day RCE Vulnerability in the Wild

Cisco has confirmed that threat actors are actively exploiting a critical remote code execution (RCE) flaw in its Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software. First disclosed on September 25, 2025, the vulnerability tracked as CVE-2025-20333 poses a severe risk to organizations relying on these firewalls for VPN access. With a CVSS score of 9.9, it enables authenticated attackers to run arbitrary code with root privileges, potentially leading to full device compromise. The issue stems from inadequate validation of user-supplied input in the VPN web server’s handling of HTTP(S) requests. An attacker armed with valid VPN credentials can craft malicious requests to trigger the flaw, bypassing normal safeguards and executing code that could exfiltrate data, install malware, or pivot deeper into networks.