Blog | | 5 min read

Weekly IT News Roundup: AI Risks, Developer Malware Traps, and the Shadow AI Problem

⚠️ Some links on this site are affiliate links. If you buy through them, we earn a small commission at no extra cost to you. This never influences our reviews.

Welcome back to the itpick weekly news roundup — your no-nonsense guide to what happened in the world of IT this week and, more importantly, what it actually means for you and your business. Grab a brew, here’s what you need to know.

Satya Nadella Warns AI Could Gut Entire Industries

Microsoft’s CEO published a pretty striking essay this week, arguing that one of the biggest dangers of the AI boom isn’t job losses at the individual level — it’s something more structural. His worry is that a small number of powerful AI models could hoover up the specialist knowledge that entire industries have spent decades building, effectively stripping away what makes those businesses unique and valuable.

In plain English: if every company in your sector is using the same AI to do the clever stuff, nobody has a competitive edge anymore. The expertise that used to live inside people’s heads — and justify your premium pricing or specialist reputation — could end up commoditised overnight.

This isn’t scaremongering for the sake of it. For small businesses especially, your knowledge and expertise is often your biggest asset. It’s worth thinking carefully about how you use AI tools — whether that’s Notion’s AI features for documentation or something more bespoke — and ensuring you’re using them to amplify what makes you different, not just to do what everyone else is doing.

What this means for you: Don’t let AI flatten your competitive edge — use it to sharpen what already makes your business stand out.

North Korean Hackers Are Using Fake Job Offers to Deliver Malware

Researchers at Proofpoint have uncovered two active campaigns linked to a North Korean hacking group, and the method is alarmingly clever. The attackers are posing as tech recruiters, targeting developers and IT workers with fake job offers or “code review” tasks. Once a target engages, they’re tricked into downloading and running malicious code disguised as part of the hiring process.

This is particularly nasty because it exploits something entirely reasonable — a developer doing a coding test as part of a job application. The malware delivered can give attackers persistent access to a victim’s machine, their files, and potentially the wider business network.

If you or anyone on your team is job hunting or regularly reviews code from external sources, this is a serious one to flag. It’s also a reminder that robust endpoint protection matters — tools like Intego on Mac or a solid Windows antivirus are a basic but important line of defence.

What this means for you: Be very cautious about running code or downloading files from anyone you don’t fully trust, even if the context looks professional and legitimate.

The Shadow AI Problem Is Worse Than Anyone Admits

New research from Ivanti surveying nearly 4,000 employees across six countries turned up some uncomfortable numbers. While 85% of IT professionals reckon every AI agent in their organisation has a named owner, only 42% can actually confirm who that owner is. In other words, there’s a significant gap between confidence and reality.

Even more eyebrow-raising: organisational leaders are nearly twice as likely as regular employees to hide their AI use from colleagues — and over half of those doing so say it’s to gain a secret advantage. So the people setting the rules are also the ones most likely to be quietly bending them.

For small businesses without a dedicated IT department, this kind of ungoverned AI sprawl can quietly become a security and compliance headache. If staff are feeding sensitive client data into unvetted AI tools, you’ve got a data problem on your hands. Pairing good AI governance with a decent password manager like NordPass to control access to those tools is a sensible starting point.

What this means for you: Have a proper conversation with your team about which AI tools are approved — and make sure sensitive data isn’t wandering into tools nobody’s officially signed off on.

Old Software and Forgotten Tools Are Still Opening Doors for Attackers

This week’s cybersecurity roundup from the security community made a familiar but important point: a huge number of successful attacks aren’t exploiting cutting-edge vulnerabilities — they’re walking through doors that should have been locked years ago. Deprecated features still running in production, abandoned software packages, old login paths that nobody bothered to disable. It’s unglamorous stuff, but it’s how a lot of breaches actually happen.

A VPN like NordVPN or Surfshark won’t fix an unpatched server on its own, but it does help ensure that remote connections into your business aren’t the weak link. The bigger message though is simple: do a regular audit of what’s actually running on your systems. If you’re not using it, switch it off.

What this means for you: Schedule time this month to review your software, remove anything you no longer use, and make sure everything that’s still running is up to date.

That’s Your Week in IT

A recurring theme this week: the risks hiding in plain sight. Whether it’s AI quietly eroding your business value, attackers exploiting software you forgot you had, or colleagues using tools nobody’s officially approved — the threats that cause the most damage often aren’t the dramatic ones. Stay curious, stay sceptical, and keep your software tidy. See you next week.

Further Reading

AI cybersecurity malware VPN small business
You might also like
Blog
IT News Roundup: Record Patch Tuesday, VPN Exploit Alert, and AI Agent Security
Read post
Blog
This Week in IT: Microsoft Goes Solo on AI, VPN Zero-Day Attacks, and the AI Phishing Flood
Read post
Blog
This Week in IT: Microsoft Goes Solo on AI, VPN Zero-Day Exploited, and Phishing Gets Smarter
Read post