GlassWorm campaign targeting Visual Studio developers with malware-filled VS Code extensions has been contained, says Open VSX team. The extensions, downloaded nearly 36,000 times, were hidden with Unicode trickery. Fortunately, Open VSX flushed the worms out, revoking exposed tokens, and tightening security.

Researchers at Arctic Wolf Labs have uncovered a cyber espionage campaign targeting European diplomats, attributing it to UNC6384, linked to Mustang Panda. Using social engineering and the Windows shortcut vulnerability ZDI-CAN-25373, the campaign deploys PlugX malware. With a focus on diplomatic entities in Hungary and Belgium, the group demonstrates growing sophistication and geographic expansion.

Project Brainfog uncovers a staggering 800 vulnerabilities in building automation systems worldwide, revealing the real-world risks of dormant code and corporate mergers. Gjoko Krstic’s relentless research shows how forgotten lines of code have left modern cities vulnerable to remote takeovers, highlighting a cautionary tale of cybersecurity blind spots.

Google’s AI Mode is set to get personal, tapping into Gmail and Drive for a tailored search experience. Imagine your emails and docs transforming into your virtual assistant, summarizing flights and curating schedules. While the exact launch is TBD, personalized shopping and dining tips are already in the experimental phase.

Ernst & Young (EY) accidentally left a massive 4TB SQL Server backup publicly accessible on Microsoft Azure. Neo Security’s lead researcher discovered the unencrypted data dump while doing some light internet sleuthing. EY quickly fixed the issue, but not before everyone wondered how many digital nosy parkers had already taken a peek.

The AWS outage left websites floundering, proving that when one cloud sneezes, the internet catches a cold. Enterprises scrambled to patch vulnerabilities like a chef juggling flaming knives. Meanwhile, AI like Wild Moose helps untangle the chaos, but remember, even robots need a babysitter. Who watches the Watchmen? Apparently, us.

A China-linked hacking group is exploiting a Windows zero-day vulnerability to target European diplomats. The cyber-espionage campaign involves spearphishing emails, malicious LNK files, and the deployment of the PlugX remote access trojan. The attacks, attributed to UNC6384 (Mustang Panda), aim to monitor diplomatic communications and steal sensitive data.

The alleged Conti ransomware accomplice, Oleksii Lytvynenko, has been extradited to the US, proving once again that cybercrime doesn’t pay, unless you count the free flights to America. Facing charges in Tennessee, Lytvynenko is accused of helping spread the Conti ransomware, which hit over a thousand targets across the globe.

The OpenStack community isn’t just about sovereignty; it’s about resilience, said Thierry Carrez at the OpenInfra Summit. While dependence on US hyperscalers is scrutinized, OpenStack’s focus on infrastructure is timely. As the AI bubble looms, the community remains steadfast, proving resilient despite shifting strategies and geopolitical challenges.

Francisco Partners is buying Jamf for $2.2 billion, ensuring they’ll be busy managing Apple devices and cracking security codes. The all-cash deal boasts a 50% premium over Jamf’s average stock price, proving that securing Apple devices is really paying off. Jamf will go private in 2026, but their Apple wizardry continues!

CISA just expanded its Known Exploited Vulnerabilities catalog. Two new stars: XWiki’s flaw, which lets hackers inject malicious code faster than you can say “CVE-2025-24893,” and VMware’s bug, offering a VIP backstage pass to root privileges. Patch up by November 20 or face the wrath of BOD 22-01!

Zombie assets are haunting businesses, from undead code to forgotten hardware, causing cybersecurity nightmares. These forgotten projects, much like bad horror movies, refuse to die and continue to expose companies to risks. The graveyard of old tech is expanding attack surfaces, creating a breeding ground for potential breaches.

A Chinese threat actor, UNC6384, is exploiting CVE-2025-9491, an unpatched Windows shortcut vulnerability, to target European diplomats. This misrepresentation flaw is cleverly used to disguise malicious files as innocuous shortcuts. Despite Microsoft’s stance, Arctic Wolf highlights the ongoing espionage antics, proving yet again that shortcuts in cybersecurity lead to long-term headaches.

Clearview AI, the US-based facial recognition firm, faces a criminal complaint in Austria for allegedly dodging EU data protection laws. The European Center for Digital Rights, noyb, has filed this action, claiming Clearview AI has ignored fines and violated GDPR by processing European citizens’ data without compliance. Jail time could be on the cards!

Ukrainian national Oleksii Lytvynenko faces 25 years in the U.S. for his alleged role in the Conti ransomware operation. Accused of controlling stolen data and sending ransom notes, his extradition comes after an Irish arrest. Conti, a notorious cybercrime syndicate, has extorted millions globally and caused havoc in critical infrastructure.

Suspected Chinese actors have hacked U.S.-based Ribbon Communications, accessing customer files on two laptops. Though the intrusion might have started in December 2024, it was discovered in September 2025. The company reports no significant financial impact and is collaborating with cybersecurity experts to investigate and enhance security measures.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to harden Microsoft Exchange Server instances. By embracing measures like multi-factor authentication and zero trust security, organizations can outsmart cyber villains and their penchant for chaos. Remember, in cybersecurity, prevention is better than a “whoops, we got hacked” moment!

How to hack a poker game? Just ask a card shuffler! Turns out, the DeckMate 2, a common shuffling machine, can be rigged to reveal card order, turning poker into a high-stakes guessing game. WIRED’s Andy Greenberg and his crew show how even non-gamblers could be affected. So, are your tech devices really secure?

Digital authoritarianism is on the rise, and it’s not just a spy movie plot. Experts reveal that while some companies are taking commendable steps to protect user data, like Apple’s Lockdown Mode, the spyware market is booming, fueled by both democratic and non-democratic governments. It’s a cyber wild west out there, and your data might…

Eclipse Foundation rescues Open VSX from token turmoil! After some tokens were leaked in VS Code extensions, they swooped in, revoked them, and tightened security. Thanks to some developer oopsies, tokens were exposed, but fear not—new measures are in place, including a snazzy token prefix and reduced token lifetimes.