Brace yourselves for a safer internet! Google Chrome will soon default to ‘Always Use Secure Connections,’ navigating only to HTTPS sites. Starting in 2026, if a site isn’t secure, you’ll get a warning. It’s like having your very own bouncer for web browsing—just without the velvet rope!

The British Standards Institution warns of a widening AI governance gap as businesses race to adopt AI without proper controls. While 62% plan increased AI investments, only 24% have governance programs. Overconfidence in AI without strategic oversight risks failures and reputational damage, urging businesses to shift from reactive compliance to proactive governance.

Cybersecurity researchers have uncovered 10 malicious npm packages using typosquatting to deliver an information stealer that targets Windows, Linux, and macOS. These packages impersonate popular libraries, fool users with fake CAPTCHAs, and swipe credentials like they’re in a digital supermarket sweep. Stay alert and avoid these npm nasties!

The U.S. CISA added Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. With vulnerabilities that make hackers rub their hands in glee, the flaws could allow code execution or unauthorized access. Agencies have until November 18, 2025, to patch these issues before cybercriminals beat them to it.

The UK government is seeking a new CTO, but the offered salary might not be tempting enough. While the role promises prestige, starting pay lags behind private sector standards. With digital transformation high on the agenda, the challenge is to find someone who values public service over pounds—or who really loves birthday cake.

Warning: DELMIA Apriso’s vulnerabilities are causing more drama than a reality TV show. The US cybersecurity agency CISA highlights two recent flaws being exploited, CVE-2025-6204 and CVE-2025-6205. Federal agencies now have three weeks to patch these issues. DELMIA Apriso users, it’s time to update faster than you can say ‘cyberattack’!

Threat actors are having a field day exploiting security flaws in Dassault Systèmes DELMIA Apriso and XWiki. While DELMIA Apriso flaws could lead to unauthorized access, XWiki’s vulnerability is being used in a two-stage attack to mine cryptocurrency. Stay updated, because when it comes to cyber threats, ignorance isn’t bliss—it’s just an invitation!

Germany’s infosec office is in full panic mode as 92% of the nation’s Exchange boxes are still living in the past, running out-of-support software. Despite Microsoft’s love notes urging upgrades, these servers are still clinging to Outlook Web Access 2019 or earlier, leaving them open to a world of cybersecurity hurt.

The TEE.fail attack method can infiltrate Intel and AMD’s latest security by targeting DDR5 memory. Discovered by Purdue and Georgia Tech researchers, this attack requires soldering skills and an interposer but promises a treasure trove of cryptographic keys. Apparently, security in the digital age also calls for a soldering iron!

Cybercriminals are using AI to bolster attacks against African organizations. Deepfake-related fraud has surged, driven by AI-powered voice scams. Phishing remains the most common threat, with AI crafting culturally accurate messages, achieving a 54% click-through rate. Business email compromise attacks are thriving, especially in South Africa and Nigeria, becoming major hubs for cybercrime activities.

The Australian Federal Police are building an AI to decode the cryptic world of Gen Z and Alpha emojis and slang to track online crime. Because when your teenager says “💀,” you want to make sure it’s not literal.

The KB5067036 update for Windows 11 introduces the Administrator Protection feature and an updated Start Menu. The optional update, part of Microsoft’s non-security preview schedule, lets users test these features before next month’s Patch Tuesday. It adds bug fixes and new features, including a responsive Start Menu and improved cybersecurity measures.

The Everest ransomware group is like Santa Claus, but evil and with a data breach twist. They’ve allegedly leaked AT&T Carrier’s job platform database and are offering Dublin Airport passenger and Air Arabia employee data for sale. With millions at stake, it’s a hacker’s holiday bonanza!

In a plot twist straight out of a sci-fi thriller, the Aisuru botnet has taken DDoS attacks to a record-breaking 20Tb/sec. This Mirai-based IoT villain focuses on online gaming, turning everyday devices into unwitting accomplices. Netscout’s report suggests keeping your routers close and your cybersecurity closer.

The Python Software Foundation withdrew its $1.5 million grant proposal from the U.S. National Science Foundation because the funding terms clashed with their commitment to diversity, equity, and inclusion. Apparently, the programmers decided that compromising on values was a bug and not a feature!

Dentsu’s U.S. subsidiary Merkle faced a cybersecurity incident, exposing staff and client data. Systems were taken offline as a precaution, and Dentsu reported the breach to authorities. Despite the chaos, at least their Japanese network remains untouched—because nothing says “global crisis” like international data theft!

Researchers unveiled TEE.Fail, a side-channel attack that exposes secrets from trusted execution environments like Intel SGX and AMD SEV-SNP. Using budget-friendly gear, they can snoop on DDR5 memory traffic. Despite the groundbreaking nature of TEE.Fail, Intel and AMD humorously deem these physical attacks “out of scope,” leaving us questioning what scope even means.

Qilin ransomware has gone stealthy, executing Linux encryptors on Windows using Windows Subsystem for Linux. This trick lets them dodge conventional security tools like a ninja in a software dojo. As if ransomware wasn’t pesky enough, now it’s bilingual, speaking both Windows and Linux fluently. It’s a cybercrime crossover episode!

CISA warns that cyber attackers are exploiting vulnerabilities in Dassault Systèmes’ DELMIA Apriso. With hackers getting in faster than a cat burglar on roller skates, IT admins should prioritize patching up these loopholes. Remember, it’s better to be safe than sorry—especially when sorry involves a hacker partying in your system.

The ACCC is taking Microsoft to court, accusing them of tricking 2.7 million Australians into upgrading to the pricier Microsoft 365 plan with Copilot AI. The catch? Users could have stayed on their existing plan at no extra cost, but Microsoft allegedly kept that option under wraps.