North Korean hackers are making a splash in the crypto world, swiping a record $2 billion in 2025. The Bybit hack alone contributed $1.46 billion to this staggering total. As crypto values rise, high-net-worth individuals find themselves irresistible targets, often lacking the robust defenses of businesses. It’s a digital heist extravaganza!

SonicWall disclosed that unauthorized access to firewall configuration backups could increase targeted attack risks. The files contain encrypted credentials, but SonicWall urges users to verify cloud backups and follow remediation steps. The breach affects less than 5% of customers, but caution is advised.

SonicWall’s cloud backup service breach has gone from “5 percent” to “100 percent” of users affected. Initially, the company assured a limited impact, but now confirms all customers’ firewall configuration files were accessed. In the world of cybersecurity, this is like saying, “Oops, we spilled a little coffee,” then realizing the whole pot is on…

AI browsers may be the future, but they’re also the new playground for cyber shenanigans. SquareX Labs’ report reveals that while these browsers, including Perplexity’s Comet, promise convenience, they also open the door to novel cyber-risks. From sneaky downloads to malicious workflows, it’s clear that AI comes with a side of cyber mischief.

Forcepoint X-Labs warns of a surge in email attacks using JavaScript attachments to sneak malware into businesses. These sneaky emails mimic everyday business communications, luring victims into opening malicious files. To stay safe, combine advanced email filtering, endpoint protection, and user awareness.

AI Browsers are sweeping the market like a caffeinated Roomba, but SquareX’s new research warns they might be more open than a hipster café. With vulnerabilities that could allow villains to turn these helpful browsers into unwitting accomplices, it’s time for enterprises to bolster security — or risk AI browsers going rogue!

ClayRat is the latest Android spyware targeting Russian users via Telegram and phishing sites. Disguised as popular apps like TikTok, it steals data and spreads by exploiting SMS capabilities. With over 600 samples identified, researchers stress the importance of downloading apps only from authorized stores to combat this fast-growing mobile threat.

Microsoft is tackling an Azure Front Door outage affecting Microsoft 365 access across Europe, Africa, and the Middle East. The tech giant is rebooting Kubernetes instances to restore services. Despite progress, 4% of users remain affected. Users might still face issues accessing cloud PCs and services. Stay tuned for more on this developing story.

Token theft is the Houdini of SaaS breaches—slipping past security like a magician at a locked-door convention. Learn why OAuth and API tokens are often overlooked and how security teams can improve token hygiene to keep attackers at bay. It’s time to stop treating these tokens like spare keys under the digital doormat!

OpenSSL 3.5.4, now with added FIPS 140-3 validation seasoning, is like that fancy spice you didn’t know your cryptographic soup needed. As it heads for final certification, it’s set to spice up security with a quantum-resistant twist. Bon appétit to secure digital communications!

Realm.Security has raised $15 million in Series A funding to tackle the ever-complex problem of security data. With their AI-powered platform, they promise to provide clean, structured data, sparing SOC teams from the chaos of manual rule-writing. It’s like giving them a security spa day—streamlined, rejuvenated, and stress-free!

Chaos-C++ ransomware is like the Usain Bolt of malware, blitzing past defenses to obliterate files over 1.3 GB without bothering with encryption. This speed demon skips the small stuff and even hijacks your clipboard for a crypto heist. Consider this a friendly reminder: that free “System Optimizer v2.1” might just optimize your headaches!

Legit Security found a vulnerability in GitHub Copilot Chat AI, allowing hackers to swipe sensitive data using remote prompt injection. By bypassing Content Security Policy, attackers could leak AWS keys and influence Copilot responses. GitHub patched the issue, ensuring Camo can’t be used for data leaks, but it’s a wild AI west out there!

SonicWall has confirmed a breach of firewall configuration backup files via brute-force attacks. While encryption still stands, the breach could heighten targeted attack risks. SonicWall urges partners and customers to check their devices and has released new tools for assessing and remediating the issue.

Pro-Russian hacktivist group TwoNet, famous for launching DDoS attacks, was duped by a fake water treatment plant set up by researchers. Their 26-hour escapade saw them hacking decoy systems, thinking they were causing chaos. Forescout advises bolstering security to keep such cyber mischief at bay.

All SonicWall cloud backup users, brace for impact! Hackers swiped firewall configuration files, leaving SonicWall urging credential resets and scrambling to secure its MySonicWall service. While encryption remains intact, the breach still increases the risk of targeted attacks. SonicWall is now working with cybersecurity experts to mitigate the damage.

Discord denies a massive breach, confirming only 70,000 ID photos were exposed. Despite claims of a 5.5 million user breach, the company won’t pay the threat actors. Discord clarifies that the incident involved a third-party provider, not a direct breach, and assures users that no financial data or passwords were exposed.

Beware of the Oyster malware—a sneaky backdoor disguised as a legitimate Microsoft Teams installer. Cybercriminals use SEO poisoning and malvertising to trick users into downloading it. Once inside, Oyster grants long-term control over your computer. Protect yourself by downloading software directly from official websites, not from search results or ads.

State-sponsored hackers have breached Williams & Connolly, accessing attorney email accounts. The law firm, representing figures like Barack Obama and the Clintons, assures no confidential client data was stolen. Sources suggest Chinese hackers are involved. Despite the breach, client secrets remain safe, unless they involve an undisclosed zero-day vulnerability, then all bets are off.

Clearview AI’s £7.5m fine is back on the table after the ICO’s successful appeal. The watchdog’s victory clarifies that UK data protection laws apply to companies worldwide if they monitor UK residents. It’s a win for privacy, a blow to facial recognition, and a reminder that even tech giants can’t dodge the GDPR bullet.