Chatbots powered by large language models are inadvertently citing Russian state-linked sources when asked about the war in Ukraine, according to an ISD study. This “LLM grooming” poses a risk of AI undermining sanctions on Moscow-backed media. ChatGPT, for example, provided Russian sources almost three times more often for malicious queries.

Google Chrome’s CVE-2025-2783 vulnerability, exploited by Memento Labs, has birthed a wave of espionage against Russian organizations. Dubbed Operation ForumTroll, it’s like a cyber spy thriller, minus the glamorous gadgets. Instead, it uses phishing emails and malware named LeetAgent to infiltrate targets. Who knew espionage could be so… digital?

The USS Gerald R. Ford, the Navy’s most advanced aircraft carrier, is cruising to the Caribbean to combat drug trafficking. With its cutting-edge tech, it’s either the ultimate drug-busting machine or the world’s most expensive anti-smuggling deterrent. Whichever the case, those drugs won’t see it coming—unless they have radar.

Marks & Spencer has swapped Tata Consultancy Services for a new IT service desk provider, ending a contract amid a year of tech turbulence including a £300 million cyber incident hit. TCS still supports other IT functions for M&S, but the retailer remains tight-lipped about its new IT service desk partner.

X users, brace yourselves! Re-enroll your passkeys and YubiKeys by November 10, 2025, or face account lockout. The platform isn’t holding your accounts hostage—just migrating domains. So, re-enroll for seamless access, or risk a locked-down social life. Remember, disabling 2FA is like leaving your front door open—highly discouraged!

SideWinder is back with a vengeance, targeting European embassies and organizations in South Asia. Their latest trick? Adopting a novel PDF and ClickOnce-based infection chain. It’s like a phishing email masterclass, with malware families like ModuleInstaller and StealerBot waiting to steal your secrets faster than you can say “Adobe Reader update.”

A critical Windows Server Update Services bug, CVE-2025-59287, is the latest cybersecurity hot potato, with threat intel teams sounding alarms while Microsoft remains tight-lipped. Despite Redmond’s emergency patch, the bug is being exploited faster than you can say “unauthenticated attackers.” Brace yourselves—this one’s spreading quicker than office gossip!

The ghosts of hacking past have returned! Memento Labs, formerly Hacking Team, is haunting us again with a Chrome zero-day exploit. Kaspersky links it to the notorious spyware Dante. Just when you thought it was safe to browse, these cyber-phantoms strike. Who knew malware could have such a flair for drama?

Zero Trust Serverless Architecture: Beyond Perimeter Security The days of traditional perimeter security are as outdated as dial-up internet! Zero Trust serverless architecture demands every function call and data access be verified, no matter who asks. By stacking security layers like a defensive lasagna, enterprises can fend off threats like cold start exploitation and AI-powered…

Google did not suffer a data breach, despite sensational claims to the contrary. The confusion arose from a compilation of stolen credentials from various sources, not a Gmail hack. In the latest episode of “Myths and Misunderstandings,” Google’s security remains intact, leaving 183 million accounts to breathe a collective sigh of relief.

X users: If you’re using security keys for 2FA, re-enroll them by November 10, or get ready for a digital lockout that even Houdini couldn’t escape. This isn’t due to a security breach; it’s because X is migrating domains. So, update those keys or face the ultimate password reset challenge!

Ransomware payments are hitting an all-time low, dropping to just 23% of breached companies. Coveware reports that cyber attackers are suffocating from this decline in payments, while companies are breathing easier with stronger defenses. Meanwhile, attackers shift tactics, targeting medium-sized firms and favoring data theft over encryption.

ChatGPT Atlas, OpenAI’s new browser, has a flaw researchers dubbed “ChatGPT Tainted Memories,” allowing attackers to inject malicious instructions. Without robust anti-phishing measures, users are 90% more vulnerable than those using Chrome or Edge. It’s like your browser’s memory went to a sketchy nightclub and forgot its wallet.

Microsoft is testing a new feature prompting Windows 11 users to run a memory scan after a blue screen of death (BSOD). This proactive step aims to improve reliability by catching memory issues before they crash your system. Just think of it as a therapist for your computer, helping it confront its memory issues head-on!

Talos spotted a surge in data leaks, peaking with 100 victims in June and August 2025. Qilin’s antics include using Cyberduck for sneaky data exfiltration and repurposing innocent notepad.exe and mspaint.exe for mischief. Their persistence includes swapping victim wallpapers with ransom notes—a makeover nobody asked for!

QNAP urges users to patch a critical ASP.NET Core vulnerability affecting NetBak PC Agent. This flaw, CVE-2025-55315, could allow attackers to hijack credentials or bypass security controls. QNAP advises updating ASP.NET Core components to secure systems against attacks. Trust us, you don’t want your data making a surprise guest appearance on the internet!

A zero-day vulnerability in Google Chrome, exploited in Operation ForumTroll, delivered malware linked to Italian spyware vendor Memento Labs. The campaign targeted Russian organizations with malicious links. Chrome fixed CVE-2025-2783, the sandbox escape zero-day, in version 134.0.6998.178, released on March 26.

Social media platform X is nudging users to re-enroll their 2FA security keys like Yubikeys by November 10, 2025, to avoid account lockout. This move is part of the grand plan to retire the twitter.com domain. Don’t procrastinate or your account might just take an unexpected nap!

Iran’s school for state-sponsored cyberattackers, Ravin Academy, ironically fell victim to a breach, exposing names and personal info. This institution, sanctioned by the UK, US, and EU for its cyber recruiting, now faces the same security issues it trains to exploit. Who knew the cyber classroom could have such an unexpected pop quiz?

Caller ID spoofing is causing chaos across Europe, with criminals impersonating trusted institutions to trick victims out of money. Europol’s new position paper calls for urgent action as spoofing now makes up 64% of reported phone fraud cases. The agency warns that this spoofing-as-a-service trend needs a coordinated crackdown.