Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.

Featured Analysis

Featured article analysis: You have one week to opt out or become fodder for LinkedIn AI training

LinkedIn’s updated data use policy, effective November 3, 2025, marks a significant expansion in its program of scraping user data for AI model training. Crucially, this policy change eliminates previous geographic exemptions, extending the practice to members in the UK, the European Union (EU), the European Economic Area (EEA), Switzerland, Canada, and Hong Kong. For professionals in these regions, virtually all publicly available data—including profile details and posts—is now fair game for harvesting. This move places LinkedIn squarely within a major global trend where tech giants are re-engineering terms of service to fuel their generative AI ventures, often raising the ire of members who explicitly provided their professional data for networking, not for mass training of commercial machine learning tools.

Beyond personal privacy, this policy shift introduces complex challenges for corporate governance, compliance, and legal teams. By sharing scraped data with affiliates, specifically Microsoft, LinkedIn is blurring the lines between its professional network data and the broader commercial interests of its parent company. The article notes that this data will be used to show more personalized ads, which may include sensitive insights gleaned from professional activity. Furthermore, the mandatory “opt-out” mechanism—instead of an “opt-in” model—is likely to face intense scrutiny in regions with stringent privacy legislation like the GDPR. The default setting of allowing data use creates a regulatory risk, potentially positioning LinkedIn for future legal challenges regarding the lack of explicit, freely given consent.

The analysis serves as a clear call to action, emphasizing that professionals in the newly included regions have a narrow window to safeguard their data. The process is a two-step affair: first, opting out of AI training under the Settings > Data Privacy menu, and second, adjusting the relevant preferences under the Advertising Data category to prevent data sharing with Microsoft affiliates for ad purposes. For a LinkedIn audience—whose primary asset is their meticulously curated professional identity—understanding and executing these opt-out steps is an urgent necessity. Failure to act defaults their professional biographies and content into the engine that powers the next generation of AI tools, permanently changing the intended use and ownership of their digital profile.

Projects

• TryHackMe – CyberChef: The Basics – In Progress

Videos

Articles

• Toys “R” Us Canada warns customers’ info leaked in data breach – Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems.
• NSO permanently barred from targeting WhatsApp users with Pegasus spyware – Ruling holds that defeating end-to-end encryption in WhatsApp harms Meta’s business.
• Hackers Target Swedish Power Grid Operator The hackers stole information from a file transfer solution and the country’s power supply was not affected.
• Cybercriminals Trade 183 Million Stolen Credentials on Telegram, Dark Forums The email addresses were pulled from various sources and 16.4 million of them were not present in previous data breaches.
• New Herodotus Android malware fakes human typing to avoid detection – A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software.
• You have one week to opt out or become fodder for LinkedIn AI training – Nations previously exempt from scraping now in the firing line
• Canada says hacktivists breached water and energy facilities – The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions.
• Former US Defense Contractor Executive Admits to Selling Exploits to Russia – Peter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker.
• Major US Telecom Backbone Firm Hacked by Nation-State Actors – Ribbon Communications provides technology for communications networks and its customers include the US government and major telecom firms.
• Massive China-Linked Smishing Campaign Leveraged 194,000 Domains – The malicious Smishing Triad domains were used to collect sensitive information, including Social Security numbers.