Most people assume the Pixie Dust threat, a vulnerability in the Wi-fi Protected Setup (WPS) that allows attackers onto a wireless network, is long dead.

After all, cybersecurity pros have been aware of Pixie Dust since its creation in 2014, and taken active steps to prevent it. However, new research from software supply-chain security company NetRise suggests that, like the monster in the last reel of a horror movie, Pixie Dust refuses to stay down.

Craig Heffner, a senior staff engineer at NetRise, expected that everyone would have patched an ancient cybersecurity vulnerability within wi-fi products that allows bad actors onto a network. But after an email from a hobbyist who found five out of 11 routers were successfully compromised by a Pixie Dust attempt, Heffner’s team took a closer look.

In an email, Heffner told IT Brew that while his team is not ready to reveal the full list of vendors that are vulnerable to the Pixie Dust WPS exploit, they were able to share that TP-Link (a provider for networking equipment and smart home devices) accounted for almost half of the affected devices.

A recap of what the ole Pixie Dust attack looks like.—CN

Some things are better left unsaid…and for an alarming number of cybersecurity leaders, this includes material cybersecurity incidents.

According to a September report from cybersecurity and compliance company VikingCloud, 48% of cybersecurity leaders admitted to not reporting a material cyber incident to their board of directors and executive leadership team in the past year. The kicker? Almost nine out of ten (86%) of these leaders claim they failed to report multiple breaches.

VikingCloud’s report is based on an online survey that queried 200 cybersecurity leaders with director-level and more senior titles. Almost three-fourths (72%) of businesses surveyed were located in the US, where the SEC requires public companies to disclose “material” cybersecurity incidents within four business days after discovery. Lauren-Brooke Waschak, a VikingCloud spokesperson, told IT Brew in an email it did not define what a material cybersecurity incident entails in their survey question.

Why security leaders are keeping their lips sealed about security incidents.—BM

AI adoption is all the rage for today’s businesses—but rushing the transformation could lead to security flaws as staff continue to utilize shadow IT.

A new State of Information Security report from security platform ISMS.online (IO) shows the risks in how AI adoption is managed in the workplace. The use of unmanaged AI, or shadow AI, is a real threat to internal security, and one that’s increasingly affecting organizations. IBM’s 2025 Cost of a Data Breach Report found that 20% of studied organizations suffered breaches from employee use of shadow AI.

The shadow knows. Misuse of AI is more than a hypothetical, as IO CEO Chris Newton-Smith told IT Brew. Just over one-third (34%) of organizations polled in the IO survey reported concerns over “internal misuse of generative AI tools” (another way of saying shadow AI). Combined with the IBM numbers, that points to a problem.

How to get a handle on shadow AI in your organization.—EH

The 2010 flash crash showed how one runaway algorithm can tank markets in minutes. Now, as AI agents take over decisions far beyond Wall Street, the risks are bigger—and the safeguards fewer. From circuit breakers to automated chaos, this story unpacks what happens when tech moves faster than human oversight. A cautionary read for anyone betting on AI to run the future.