This Week in Cybersecurity: Spyware targeting executives, advanced phishing, AI-powered training, and password vulnerabilities

Every week it seems that there are so many cybersecurity lessons we can all learn from in the news. This week, four major news stories stand out to me with each offering important lessons for businesses, leaders, and security teams.

1. New Android Spyware Masquerading as Antivirus

The news:

A new Android spyware variant, Android.Backdoor.916.origin, has been discovered disguising itself as an antivirus app called “GuardCB”. Security researchers report that it is being used to target business executives in Russia, where it steals sensitive information and transmits it to remote servers.

Why it matters:

Mobile devices are increasingly the primary business tool for executives and employees. As attackers exploit trust in security apps, this incident underscores the risk of mobile-based attack vectors and the need for stronger app vetting. Although this is occurring in Russia today it will spread worldwide.

Actions:

• Restrict installation of apps to official app stores (Google Play, Apple App Store).

• Deploy Mobile Device Management (MDM) with app whitelisting to prevent malicious sideloading.

• Provide executive security awareness training, particularly on mobile risks.

News source(s):

Cybersecurity News

2. Sophisticated Phishing Exploits Microsoft ADFS

The news:

Cybercriminals are leveraging Microsoft’s Active Directory Federation Services (ADFS) in combination with trusted ad platforms to reroute users to counterfeit login portals. These highly convincing phishing pages trick victims into entering their corporate credentials, which attackers then harvest.

Why it matters:

This is a step-up in phishing sophistication. By exploiting legitimate infrastructure (ADFS + ads), attackers bypass traditional email filters and create more convincing traps, putting even well-defended organizations at risk.

Actions:

• Enforce Multi-Factor Authentication (MFA) for all ADFS users to reduce credential theft impact.

• Implement Conditional Access policies to monitor and restrict logins from unusual locations.

• Regularly test employees with phishing simulations to maintain resilience.

News source(s):

WebProNews

3. IronCircle Opens AI-Powered Cyber Training HQ

The news:

Cybersecurity education firm IronCircle announced the relocation of its global headquarters to Columbia, Maryland. The new HQ will serve as a hub for AI-powered cybersecurity training, creating over 200 new jobs and expanding workforce development efforts.

Why it matters:

The skills shortage and connecting talent to companies  remains one of the most pressing challenges in cybersecurity. Investments like IronCircle’s demonstrate a growing recognition that AI and advanced training methods are key to scaling expertise in this field.

Actions:

• Organizations should encourage employees to pursue ongoing security training (beyond compliance checkboxes).

• Leverage AI-driven training platforms to deliver personalized, adaptive learning at scale.

• Partner with emerging cyber education leaders to build pipelines of talent into your organization.

News source(s):

CBS News Baltimore

4. Report Finds Weak Passwords Still Rampant

The news:

The Picus Blue Report 2025 highlights alarming statistics:

• Password cracking succeeded in 46% of simulated attacks, nearly double last year’s rate.

• 98% of valid account compromise attempts went undetected by security controls.

Why it matters:

Despite years of guidance, weak and reused passwords remain a top vulnerability. Attackers continue to succeed and organizations cannot rely on passwords alone to secure accounts.

Actions:

• Enforce strong password policies with length, complexity, and uniqueness.

• Deploy technology to ensure strong password policies are being met in all cases.

• Mandate Multi-Factor Authentication (MFA) across all user accounts.

• Monitor for compromised credentials with identity protection and dark web monitoring.

• Consider moving toward password-less authentication strategies.

News source(s):

The Hacker News

5. Final Thoughts

This week’s stories reflect three critical themes:

1. Evolving attacker sophistication with spyware and phishing innovations.

2. Human and workforce factors still require training and engagement.

3. Fundamentals still failing with password hygiene as a recurring weak point even after all the years of sounding the alarm.

For security leaders, the call to action is clear: double down on mobile and identity protection, invest in workforce training, and modernize authentication strategies.

If you need any help with cybersecurity please consider reaching out to us here at Armes Vantage.

Author: Glen E. Armes