A low-privileged attacker can turn into a SAP superuser with a code-injection bug in SAP S/4HANA, tracked as CVE-2025-42957. Security researchers found it actively exploited, so if you don’t want your data walking away, apply SAP’s August patch pronto and watch for signs you’ve been pwned.

Bluesky and Dreamwidth have blocked users in Mississippi, fearing hefty fines from the state’s age verification law. While intended to curb Big Tech, the law ironically strengthens it by squeezing out smaller platforms. So, for now, Mississippi residents will have to find other ways to procrastinate online. Sorry, Mississippians, we can’t afford you!

Federal Civilian Executive Branch agencies need to patch Sitecore instances by September 2025 to avoid being hit by CVE-2025-53690. This flaw lets cyber baddies use ASP.NET machine keys to execute remote code. It’s like leaving your front door key in a public guidebook—just waiting for the wrong party to RSVP.

Google’s wallet gets lighter as the European Commission fines them €2.95 billion for adtech shenanigans. Accused of anti-competitive antics, Google plans to appeal, claiming there’s “nothing anticompetitive” about helping ad buyers and sellers. Meanwhile, Europe’s regulators seem to have a knack for finding spare change in Google’s couch cushions.

Wealthsimple recently faced a data breach, with attackers swiping personal details of less than 1% of customers. The good news? No funds or passwords were compromised. The bad news? It likely stems from a Salesloft supply-chain attack. Time to rethink sharing your Social Insurance Number at parties, folks!

Argo CD vulnerability CVE-2025-55190, rated a perfect 10 on the “Oh no!” scale, allows project-level API tokens to access all repository credentials. This flaw could let attackers play a sneaky game of code theft and extortion. Updating to fixed versions is strongly advised to avoid any uninvited guests in your codebase party.

Chess.com confirms a limited data breach impacting 4,500 users after a third-party file transfer tool was compromised. No passwords or payment data were exposed. While the breach affected a small percentage of its 150 million users, Chess.com’s history of data breaches adds a touch of déjà vu. Stay secure, and keep your passwords as complex…

AI coding assistants are like the overzealous interns of the tech world; eager to help but often leaving a trail of chaos in their wake. While they boost productivity and efficiency, their code can be riddled with vulnerabilities. Developers must be vigilant, as AI-generated code might just be the Trojan horse in their SDLC.

AI coding assistants are like the overzealous interns of the tech world; eager to help but often leaving a trail of chaos in their wake. While they boost productivity and efficiency, their code can be riddled with vulnerabilities. Developers must be vigilant, as AI-generated code might just be the Trojan horse in their SDLC.

Bridgestone is tackling a cyber incident affecting North American plants. While the Aiken County sites stay operational, Joliette’s plant in Quebec has paused since August 31. Bridgestone assures no data breach, offering CAD$200 daily to Joliette workers. If only hackers would stick to flat tires instead of manufacturing sites!

CastleLoader and CastleRAT are the malware world’s Bonnie and Clyde. They’re sneaky, versatile, and have a penchant for phishing attacks and fraudulent repositories. While CastleRAT moonlights as a remote access trojan, CastleLoader’s primary gig is distributing other malware. Together, they ensure cybersecurity professionals have job security, one phishing email at a time.

Microsoft 365 Personal is now a college student’s best friend. Starting Thursday, U.S. students get a free year. That’s right, they can swap ramen for ransomware protection, all thanks to Microsoft. Just flash your student ID and voilà, Copilot and cloud storage are yours! Who knew student discounts could be so… productive?

AI vulnerability discovery is taking Android by storm with A2, a digital detective that sniffs out bugs like a bloodhound on a caffeine high. It decompiles code, dodges third-party distractions, and validates flaws, all while costing less than a latte per APK. Finally, a framework that makes bug hunting sound like an episode of CSI!

In a plot twist no one asked for, a South Carolina school district’s data breach exposed the personal info of over 31,000 people. The cyber caper, claimed by Interlock ransomware group, led to delayed bonuses and free credit monitoring. Apparently, even school districts aren’t safe from data breach drama these days.

When the U.S. sanctioned Francesca Albanese, the UN Special Rapporteur on Palestinian human rights, it was like grounding your kid for pointing out your messy room. The sanctions, intended to curb her mission, ironically spotlight the importance of her work. The U.S. must reverse these sanctions and respect human rights for all.

This week’s SecurityWeek cybersecurity news roundup highlights a scammer swindling $1.5 million from the City of Baltimore and a €325 million fine for Google by France’s CNIL. Meanwhile, Qantas execs are hit where it hurts: the wallet. And if you thought AI was safe, scammers have found a way to abuse X’s chatbot Grok.

FireCompass lands $20M to outpace hackers with its AI-powered offensive security platform. By simulating real-world attacks safely, it identifies risks faster than you can say “cybersecurity breach.” With investment in R&D and global expansion, FireCompass is on a mission to stay one step ahead of the AI-driven cyber threat landscape.

SAP S/4HANA is under threat from a security vulnerability that lets attackers with just user privileges inject arbitrary code and wreak havoc. With a CVSS score of 9.9, it’s like giving a toddler the keys to a candy store. Patching is crucial to prevent a full system compromise of your SAP environment.

A new scam called “Grokking” tricks Grok AI on X into spreading malicious links. Cybercriminals hide links in ad metadata and ask Grok to reveal them, turning AI into a mischief-making megaphone. It’s like tricking a bouncer into letting in your sneaky cousin. Learn how this clever con exploits AI trust.

Downloading CleanMyMac from untrusted sources is like buying a Rolex from a guy in a trench coat—your system might end up with a “free” malware accessory! Unsuspecting users find themselves redirected to AMOS’ landing page, where the real fun begins, with malware scripts eager to steal sensitive data and wreak havoc.