Gravwell, the enterprise data analytics and security platform, has secured a $15.4 million Series A funding round. Emerging from stealth in 2021, it aims to boost security teams’ data investigation capabilities. With new funding, Gravwell plans to enhance product development and customer service, all while keeping a watchful eye on AI’s antics.

Dr. Allan Friedman, the Father of SBOMs, joins NetRise as a strategic advisor. While AI’s potential grows, Friedman insists SBOMs remain essential for software supply chain security. “AI is great,” he says, “but it still needs its SBOM veggies for a balanced diet.”

The Star Blizzard hacker group, also known as ColdRiver, is deploying new malware like “NoRobot” and “MaybeRobot” in intricate schemes, starting with crafty ClickFix social engineering. Forget phishing—this is more like “phishing on steroids.” While researchers scramble to keep up, ColdRiver’s hacking playbook reads like a spy novel with a twist of tech-savvy humor.

PolarEdge malware turns routers into unwitting accomplices, like a tech-savvy Pied Piper. It sneaks into Cisco, ASUS, QNAP, and Synology devices, forming a mysterious botnet. With a handshake of encryption and stealth, PolarEdge’s backdoor listens for commands, while its purpose remains as elusive as a Wi-Fi password at a tech conference.

Meta is rolling out new tools to protect users from scams on Messenger and WhatsApp. With warnings for unknown video call contacts and scam detection features, users are less likely to be duped into sharing sensitive information. It’s like having a digital watchdog that says, “Hey, that fishy message smells worse than three-day-old sushi!”

Defakto has secured $30.75 million in Series B funding to boost its non-human identity and access management platform. Led by XYZ Venture Capital, this Californian company aims to replace static credentials with dynamic identities for AI agents and services, ensuring seamless integration across AWS, Azure, and Google Cloud.

Cybersecurity experts have uncovered a scam impersonating Singapore’s top officials using verified Google Ads and deepfake videos. The operation targeted locals by directing them to a fraudulent investment platform. The scam involved fake news sites and deepfake videos of Singapore prime minister Lawrence Wong to appear credible. Stay vigilant against such sophisticated frauds.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog. With vulnerabilities so glaring, it’s like giving hackers an all-access backstage pass. Admins, grab your patches—it’s time to defend the digital stage before the curtain falls!

Kaspersky reports that the PassiveNeuron campaign has been targeting high-profile organizations across Asia, Africa, and Latin America with custom implants like Neursite and NeuralExecutor. The threat actor seems to enjoy a world tour of chaos, proving once again that cybercrime knows no borders—only firewalls to breach.

Veeam Software is set to acquire Securiti AI for $1.725 billion, combining forces to tackle the “Where’s Waldo?” of data management. This power couple aims to eliminate the challenge of managing fragmented data across apps, clouds, and endpoints. With over 550,000 customers, Veeam’s about to make data disappear—except when you need it!

CISA warns that the Windows SMB vulnerability, CVE-2025-33073, and Kentico Xperience CMS flaws are actively exploited. Think of it as a cybercriminal’s buffet where improper access control and authentication bypass are the main courses. Federal agencies have three weeks to address these tech hiccups before they become a full-blown cyber circus.

The 2025 Global Threat Landscape Report reveals a 44% increase in the average ransomware payment, now at $3.6 million. Despite fewer attacks, cybercriminals are opting for precision strikes with heftier payouts, leaving healthcare and government sectors shelling out up to $7.5 million. It’s fewer attacks, higher stakes, and a cybercriminal’s dream come true!

Microsoft has fixed a major bug that stopped Microsoft 365 users from launching the classic Outlook email client on Windows. While the error had users feeling like they’d been ghosted by their own inbox, the Outlook team is on high alert ensuring the issue doesn’t pull a Houdini and reappear.

China-linked Salt Typhoon, also known as Earth Estries and other names, breached a European telecom in July 2025 using a Citrix NetScaler Gateway exploit. This cyberespionage escapade underscores the need for advanced threat detection, as the group’s stealthy tactics leave traditional security measures feeling like they’ve been caught in a tech typhoon.

Sendmarc has appointed Dan Levinson as Customer Success Director for North America, reinforcing their expansion efforts. With his 15 years of email security expertise, Levinson aims to build a support team to enhance DMARC adoption. Expect fewer impersonation risks and more deliverability—because nothing says “customer success” like emails that actually succeed!

Dataminr is set to acquire ThreatConnect for $290 million, combining forces to create AI-powered client-tailored intelligence. Together, they’ll transform real-time event and risk detection by merging Dataminr’s public data signals with ThreatConnect’s internal capabilities. This merger promises to make intelligence not just actionable, but downright clairvoyant—or at least that’s the goal!

CL0P’s latest gig? A daring heist on Envoy Air through an Oracle E-Business Suite zero-day vulnerability. While no sensitive customer data was compromised, it’s a clear reminder to buckle up and patch up. Who knew hacking could be this… plane?

Visual Studio developers, brace yourselves: a cunning worm named GlassWorm is prowling the OpenVSX marketplace! This malware swipes credentials, drains crypto wallets, and even sneaks in a VNC server for remote access. Using the Solana blockchain for its command-and-control, it’s like playing whack-a-mole with invisible moles. Stay vigilant, code warriors!

Securing AI in cyber defense is like training a guard dog that might chew through the fence. Establish trust for agentic AI systems with strong identity security, ensuring these ‘interns that never sleep’ work smarter, not riskier. Balance augmentation and automation to let AI handle the mundane while humans tackle the nuanced.

Muji’s online store has been zapped into a Zen-less void, courtesy of a ransomware attack on logistics partner Askul. Customers eager for serene stationery or furniture are instead greeted with error messages. As Japan’s minimalism fans wait for updates, their calm will have to come from somewhere other than a Muji checkout page.