Vidar 2.0 sweeps in to fill the void left by Lumma Stealer’s decline, boasting a multithreaded architecture perfect for faster data heists. With a complete C language makeover and improved sneaky skills, Vidar 2.0 is like a digital ninja, ready to become the new infostealer champ.

Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts. Over 250 attacks hit in just 24 hours. It’s a critical situation as only 38% of stores are patched. If you’re using these platforms, patch immediately or face the wrath of SessionReaper—it’s not a Halloween prank!

GlassWorm, the latest malware menace, targets developers by sneaking into Visual Studio Code extensions via the OpenVSX marketplace. It’s like a ninja worm, dodging security while draining crypto wallets and swiping credentials faster than you can say “code review.” Developers, keep an eye on those extensions, or GlassWorm might just steal the show!

The Universe Browser promises speed and security but delivers a rollercoaster of risky features. Linked to Chinese gambling sites, it routes traffic through China and sneaks in malware-like programs. Researchers link it to a cybercrime network in Southeast Asia. Talk about a browser with more hidden features than your grandma’s attic!

SpaceX has shut down over 2,500 Starlink terminals in Myanmar, which were allegedly used to support human trafficking and cyber-fraud operations. While Starlink aims to connect the unconnected, it seems some folks took the “global connectivity” pitch a bit too literally, using it to beam scams instead of cat videos.

The Verizon 2025 Mobile Security Index reveals 85% of organizations face a spike in mobile device attacks. Despite AI threats, only 17% have specific defenses. While most are confident in recovery, those hit report costly downtime and data loss. Encouragingly, 89% have a dedicated mobile security budget.

Jingle Thief is a cybercriminal group targeting cloud environments for gift card fraud. Using phishing and smishing, they steal credentials to access and issue unauthorized gift cards. Their tactics, including identity misuse and stealthy operations, make them a formidable threat, especially during festive periods.

A cyberattack on Jaguar Land Rover sent the UK economy into a tailspin, causing a whopping $2.5 billion loss. The attack halted production and retail operations, proving cyber incidents aren’t just for tech companies. Now, the UK’s industrial sector is left pondering one question: “Are our firewalls made of Swiss cheese?”

Sansec warns the SessionReaper vulnerability in Adobe Commerce and Magento Open Source is being exploited, with over 250 attacks in 24 hours. A whopping 62% of Magento stores still haven’t patched it. Don’t let your e-commerce platform become a hacker’s playground; apply the fixes before it’s too late!

Motex Lanscope Endpoint Manager has a security flaw so critical that it might just start demanding a salary! CISA has added this flaw to its Known Exploited Vulnerabilities catalog, urging everyone to patch it faster than you can say CVE-2025-61932. Hackers have already RSVP’d to this vulnerability party, so update those systems pronto!

The Cyberspace Solarium Commission’s report reveals the federal cyber policy posture has regressed by 13%, marking the first major reversal since the group’s inception. With a quarter of recommendations losing implementation status, experts suggest the Trump administration should restore funding and workforce to CISA and cyber diplomacy staff.

MuddyWater is back, proving old tricks still have a pulse. The state-sponsored Iranian hacker group has revitalized macro-based attacks, sending government entities on a wild malware chase with Phoenix backdoor version 4. Watch out Middle East, MuddyWater’s phishing campaign is a throwback you didn’t ask for, but definitely got served.

Security researchers at Pwn2Own Ireland 2025 hacked their way to $792,750 by exploiting 56 zero-day vulnerabilities. Highlights included hacking the Samsung Galaxy S25 and a lightning-fast breach of the QNAP TS-453E NAS device. With multiple gadgets compromised, the competition continues to showcase the art of digital mischief.

TP-Link Omada gateways have more holes than Swiss cheese! Critical flaws were discovered, so update your firmware faster than a caffeinated squirrel. This affects ER, G, and FR models—don’t wait until it’s too late!

SessionReaper (CVE-2025-54236) is wreaking havoc on Adobe Commerce, with hackers exploiting it like it’s a cyber buffet. Six weeks post-patch, hundreds of attempts are recorded, yet 62% of online stores remain vulnerable. It’s a digital Wild West out there—time for website admins to patch up or face the code-slingers!

Bitter APT is back at it, using two new methods to sneak a C# backdoor onto high-value targets’ computers. Whether it’s a fake conference file or a tricky archive, their aim is to pilfer sensitive data from unsuspecting victims. Keep your guard up, disable macros, and update your software to stay safe!

PhantomCaptcha spear-phishing campaign targets Ukraine war relief organizations with a WebSocket-powered remote access trojan. The malware masquerades as Zoom invites via fake Cloudflare CAPTCHA pages—because nothing says “urgent meeting” like a side of malware! The sophisticated operation reflects meticulous planning and timing, with domains disappearing faster than free donuts at an office meeting.

Behold the tale of TARmageddon! A logic flaw in the async-tar Rust library can lead to remote code execution, courtesy of the infamous CVE-2025-62518. With tokio-tar’s 7 million downloads and a dash of desynchronization, it’s the perfect recipe for chaos. Developers, patch up or face the comedic tragedy of uninvited archive entries!

An Amazon Web Services cloud outage on October 20 disrupted major platforms worldwide. While AWS fixed the issue by evening, experts say hyperscalers like AWS shouldn’t get a free pass for downtime. It’s a tough gig, but AWS must learn to avoid such prolonged outages—or risk customers questioning their cloud nine reliability.

Lumma Stealer, a notorious data-stealing malware, is in the hot seat after rival cybercriminals exposed its masterminds. This juicy drama has caused Lumma’s activity to nosedive, forcing its loyal, albeit shady, customers to seek new malware services. Who knew cybercrime could be like a soap opera with hacking instead of heartbreak?