The GlassWorm worm spreads like a bad rumor through Visual Studio Code extensions, targeting developers and using the Solana blockchain for command-and-control. With invisible Unicode characters and Google Calendar as a backup, this worm turns developer machines into crypto-draining, proxy-serving zombies. It’s the malware equivalent of a really bad house guest.

At Pwn2Own Ireland 2025, hackers snagged $1,024,750 by exploiting 73 zero-day vulnerabilities. From iPhones to smart glasses, nothing was safe from their digital wizardry. Summoning Team took top honors, while Team Z3 skipped a $1 million prize, choosing discretion over dollars. Zero Day Initiative ensures these cyber secrets don’t end up in the wrong hands.

MuddyWater strikes again! Iran’s favorite cyberespionage crew has breached over 100 government entities across the Middle East and North Africa. Using a legitimate mailbox and VPN, they sent phishing emails packed with malware. With these muddy tactics, they’re proving that when it comes to espionage, Iran’s playbook is clear—even if the waters aren’t.

Pwn2Own Ireland 2025 Day 2 ends with hackers earning $792,750 for 56 zero-days, led by The Summoning Team’s Samsung Galaxy exploit. The event targets flagship smartphones, smart home devices and more, with $167,500 already claimed by the leading team. Will hackers leave any device unexploited? Stay tuned for Day 3!

Peter Williams, once the general manager at Trenchant, allegedly traded cyber secrets for $1.3 million to a mysterious Russian buyer. Now, federal prosecutors are seeking to seize his watches, designer gear, and cryptocurrency stash. L3Harris insists it plays nice with cyber powers, working only with those sharing high ethical standards.

The mob allegedly used hacked Deckmate 2 card shufflers to orchestrate a poker scam that even the NBA would call a slam dunk. With a little USB magic, they turned shuffling into a high-stakes heist, raking in millions. Who knew the real jackpot was in the shuffle, not the hand?

Toys “R” Us Canada has sent data breach notices after customer records were leaked online. Fortunately, no passwords or credit card details were exposed. So, while your toy shopping habits may be public, at least your bank account isn’t. Time to keep an eye out for phishing scams—and maybe a new password.

Toys R Us Canada experienced a data breach after attackers accessed their database and posted customer information online. Although names and addresses were stolen, the toy retailer assures no passwords or credit card details were compromised. In a classic plot twist, Toys R Us has yet to offer free identity protection to affected customers.

Lazarus hackers, North Korea’s cyber-spies, are back with Operation DreamJob, targeting European defense firms with fake recruitment lures. Their aim? To pilfer UAV technology secrets and boost North Korea’s drone program. Armed with trojanized PDFs and the ScoringMathTea RAT, they’re proving that even job offers can come with malware.

The Foundation for Defense of Democracies warns that a new UN cybercrime treaty might help authoritarian regimes suppress dissent. Critics argue its vague definitions could make the U.S. and allies complicit in foreign censorship. While the treaty could aid in tackling cyber threats, it risks empowering oppressive governments.

The Medusa ransomware group leaked 186.36 GB of data claimed to be stolen from Comcast. Initially demanding $1.2 million to keep the data under wraps, the group opted for a public release when negotiations with Comcast stalled. Comcast now joins the list of companies targeted by ransomware groups, with data available in 47 split files.

Google and Apple are stuffing their devices with AI features like overzealous holiday decorators with tinsel. Yet, they’ve neglected to provide users with control over which apps these AI systems can access. The result? A privacy minefield where your WhatsApp messages might go on an unexpected adventure. Users deserve clearer documentation and stronger privacy controls.

Meet Mico, Microsoft’s new AI-powered Copilot avatar that’s more human-centered than Clippy and Cortana combined. With a knack for empathy and a flair for politely correcting your mistakes, Mico is here to listen, learn, and earn your trust. Plus, it changes colors like a mood ring—finally, a digital assistant with personality!

Shadow Escape is the stealthiest thief you’ve never seen. This zero-click attack exploits Model Context Protocol, allowing AI assistants to pilfer sensitive data without anyone noticing. It’s like a magician stealing your watch while you’re still wearing it. Businesses using AI, beware: your friendly AI assistant might just be planning a data heist.

Copyright law is so confining it often requires civil disobedience just to access needed books. Scholars, like modern-day Robin Hoods, resort to sharing articles on social media and using “shadow archives” like SciHub. Until publishers become fairer, these renegade tactics highlight the absurdity of restricting access to publicly funded research.

Hackers are exploiting a critical flaw in the Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability allows unauthenticated attackers to execute arbitrary code. With demands for an urgent update, it’s time to patch up before hackers turn your system into their personal playground!

Operation Dream Job: the ultimate employment scam! North Korean hackers offer “dream jobs” with a side of malware, targeting European defense firms to boost their drone game. With ScoringMathTea and MISTPEN in their arsenal, they aim to swipe top-secret know-how. Spoiler alert: the only thing you’ll land is a virus!

TransparentTribe has found a new way to bug the neighbors, targeting Indian government Linux systems with DeskRAT. This cyber-espionage campaign swaps Google Drive for dedicated servers, proving even malware needs an upgrade. As always, phishing emails and decoy PDFs are in vogue, while the group’s tactics evolve faster than your average software update.

EFF’s amicus brief argues that Ecuador’s LOI enables disproportionate surveillance and secrecy, making “national security” and “risks” sound like a spy movie. The law flips the script on transparency, turning secrecy into the rule and oversight into a cameo appearance. The plea? Declare the LOI unconstitutional and roll the credits on unchecked surveillance.

Microsoft’s File Explorer now blocks previews for files from the Internet to thwart credential theft. Files with the Mark of the Web are affected, displaying a warning about potential harm. From October 2025, security updates will automatically enable this protection, though trusted files can be manually unblocked. User convenience meets security—like peanut butter meeting jelly.