QNAP Systems warns that its NetBak PC Agent could be affected by a “highest ever” CVSS score vulnerability in ASP.NET Core. Tracked as CVE-2025-55315, this bug might allow attackers to access backup data. QNAP advises users to patch the framework immediately to keep the comedy of errors strictly within sitcoms, not servers.

SimSpace has raised $39 million to boost its cyber range platform, where organizations can battle-test their defenses without getting their keyboards dirty. With backing from BTG Pactual and others, SimSpace is gearing up for global expansion, proving that in the cyber world, practice makes perfect—and sometimes profitable.

RedTiger malware is prowling Discord, eyeing French gamers’ data like a cat with a laser pointer. This sneaky software swipes your credentials, payment info, and more, all while dodging detection like a ninja in a tech shop. Experts urge you to use multi-factor authentication to keep your accounts safe from this digital feline.

Clearview AI faces a criminal complaint from privacy advocates at Noyb for allegedly scraping social media users’ faces without consent. With over $100 million in unpaid fines across Europe, Noyb argues that Clearview’s executives could face criminal penalties, including jail time, for ignoring GDPR regulations. This legal showdown promises more drama than a courtroom TV…

QNAP warns users about a critical ASP.NET flaw in the NetBak PC Agent, identified as CVE-2025-55315. This vulnerability allows attackers to hijack credentials or bypass security using HTTP smuggling. It’s like a digital heist led by sneaky HTTP requests, proving even tech has its comedic plot twists!

Herodotus malware is the latest trickster in town, using random delay injections to mimic human behavior and sneak past security. Offered as malware-as-a-service to cybercriminals, it’s targeting Italian and Brazilian users via smishing. Its ‘humanizer’ mechanism makes it type like human, with random delays, evading detection with a digital wink.

Atroposia, the latest malware-as-a-service platform, offers cybercriminals a sinister toolkit for $200 a month. With features like hidden remote desktop and clipboard theft, it’s like a Swiss Army knife for digital mischief. Varonis researchers warn Atroposia makes cybercrime as easy as ordering a pizza—hold the accountability, extra data theft, please!

Sublime Security secures $150 million in Series C funding, taking its total to over $240 million. Led by Georgian, the investment will fuel global expansion and product development of its AI-powered email security platform. Already trusted by giants like Spotify and Snowflake, Sublime tackles sophisticated threats at “adversary speed.”

Identity fraud and scams are impacting mental health more than ever, according to the Identity Theft Resource Center. A quarter of victims have considered self-harm, and financial losses are skyrocketing. With 68% of victims feeling distressed, it’s clear: identity theft is no joke, except of course for the criminals.

Prompt injection problems are escalating as AI browsers grow more powerful. Researchers found vulnerabilities in Comet and Fellou browsers, where hidden commands influenced AI actions. Even OpenAI’s Atlas isn’t immune, making prompt injection a persistent security challenge. So, while AI is getting smarter, it seems it’s also getting sneakier!

Cybercriminals have hacked Oracle E-Business Suite instances, listing Schneider Electric and Emerson as victims. While both companies remain tight-lipped, the Cl0p ransomware gang has allegedly leaked troves of data. Looks like hackers are treating data like potato chips—can’t stop at just one byte!

The Afghan data breach has turned “emails gone wrong” into a new level of disaster. With threats from the Taliban, frantic house raids, and mental health spirals, it’s like a spy thriller minus the popcorn. The UK Ministry of Defence is hoping AI will keep the next email from accidentally turning into a horror sequel.

In the wild west of the internet, keeping your data out of hackers’ hands is the new gold rush. Transfer large files securely by following best practices like encryption and secure networks to keep your info safe. Remember, in the digital world, cybersecurity is everyone’s business, so keep your digital spurs sharp!

Millions of leaked credentials are hanging out on the web like uninvited party guests, thanks to cybercriminals sharing them through Telegram and other channels. Synthient’s sleuthing uncovered 183 million email addresses, debunking the myth of a Gmail breach. Remember, folks, if your password is “123456,” it’s time for an upgrade!

Ransomware payments hit a record low, with only 23% of victims paying in Q3 2025, according to Coveware. Large firms refuse to pay, and mid-sized companies face smaller demands. Experts celebrate this drop, seeing it as progress, though AI-driven attacks could complicate efforts to eliminate cyber extortion entirely.

Gmail breach? More like a breach of context! Google dismissed claims of a massive Gmail hack, blaming recycled credentials and infostealer misunderstandings. The real breach? Sensational headlines. Google assures users its defenses are strong, urging two-step verification for extra peace of mind. So, panic not—your emails are safer than those clickbait stories!

Patch your Windows Server Update Services (WSUS) before it starts handing out malicious updates like candy! The new WSUS vulnerability allows remote code execution without a single click. As if Mondays weren’t terrifying enough, now you have until November 14 to fix this, or risk being the IT equivalent of a horror movie protagonist.

Svenska kraftnät, Sweden’s state-owned power grid operator, confirmed a cyberattack leading to a data breach. While the power grid remains unaffected, the Everest ransomware group claims responsibility, threatening to leak 280 gigabytes of stolen data. Meanwhile, investigators are left scratching their heads, searching for clues, and maybe a Swedish-to-cybercriminal dictionary.

Mass exploitation attacks are back, targeting WordPress sites through vulnerabilities in GutenKit and Hunk Companion plugins. Wordfence has blocked nine million exploit attempts in two weeks. The vulnerabilities allow attackers to install unauthorized plugins, leading to potential site takeover. To avoid becoming a cyber-punchline, update to GutenKit 2.1.1 and Hunk Companion 1.8.6.

Chatbots powered by large language models are inadvertently citing Russian state-linked sources when asked about the war in Ukraine, according to an ISD study. This “LLM grooming” poses a risk of AI undermining sanctions on Moscow-backed media. ChatGPT, for example, provided Russian sources almost three times more often for malicious queries.