The KB5067036 update for Windows 11 introduces the Administrator Protection feature and an updated Start Menu. The optional update, part of Microsoft’s non-security preview schedule, lets users test these features before next month’s Patch Tuesday. It adds bug fixes and new features, including a responsive Start Menu and improved cybersecurity measures.

The Everest ransomware group is like Santa Claus, but evil and with a data breach twist. They’ve allegedly leaked AT&T Carrier’s job platform database and are offering Dublin Airport passenger and Air Arabia employee data for sale. With millions at stake, it’s a hacker’s holiday bonanza!

In a plot twist straight out of a sci-fi thriller, the Aisuru botnet has taken DDoS attacks to a record-breaking 20Tb/sec. This Mirai-based IoT villain focuses on online gaming, turning everyday devices into unwitting accomplices. Netscout’s report suggests keeping your routers close and your cybersecurity closer.

The Python Software Foundation withdrew its $1.5 million grant proposal from the U.S. National Science Foundation because the funding terms clashed with their commitment to diversity, equity, and inclusion. Apparently, the programmers decided that compromising on values was a bug and not a feature!

Dentsu’s U.S. subsidiary Merkle faced a cybersecurity incident, exposing staff and client data. Systems were taken offline as a precaution, and Dentsu reported the breach to authorities. Despite the chaos, at least their Japanese network remains untouched—because nothing says “global crisis” like international data theft!

Researchers unveiled TEE.Fail, a side-channel attack that exposes secrets from trusted execution environments like Intel SGX and AMD SEV-SNP. Using budget-friendly gear, they can snoop on DDR5 memory traffic. Despite the groundbreaking nature of TEE.Fail, Intel and AMD humorously deem these physical attacks “out of scope,” leaving us questioning what scope even means.

Qilin ransomware has gone stealthy, executing Linux encryptors on Windows using Windows Subsystem for Linux. This trick lets them dodge conventional security tools like a ninja in a software dojo. As if ransomware wasn’t pesky enough, now it’s bilingual, speaking both Windows and Linux fluently. It’s a cybercrime crossover episode!

CISA warns that cyber attackers are exploiting vulnerabilities in Dassault Systèmes’ DELMIA Apriso. With hackers getting in faster than a cat burglar on roller skates, IT admins should prioritize patching up these loopholes. Remember, it’s better to be safe than sorry—especially when sorry involves a hacker partying in your system.

The ACCC is taking Microsoft to court, accusing them of tricking 2.7 million Australians into upgrading to the pricier Microsoft 365 plan with Copilot AI. The catch? Users could have stayed on their existing plan at no extra cost, but Microsoft allegedly kept that option under wraps.

Microsoft just announced the new Microsoft 365 Copilot feature, App Builder. Imagine crafting apps using your Microsoft 365 data with the ease of chatting over coffee. App Builder transforms natural language requests into interactive elements, while ensuring security. It’s like having a tech-savvy barista for your app needs, minus the caffeine.

The Herodotus Android banking trojan is causing havoc in Italy and Brazil, even making its victims question if their phones are possessed. This malware hilariously mimics human behavior, throwing in random typing delays to avoid detection. It’s like a digital prankster with malicious intent, targeting financial apps and stealing credentials.

A 19-year-old from Porterville is in hot water, facing charges tied to the notorious 764 network. Accused of animal cruelty, child exploitation, and cyberstalking, he’s got more counts than a toddler learning to count. If convicted, he could face serious time, proving crime doesn’t pay, but it sure racks up those legal fees.

Fake investment platforms are taking financial crime in Asia to new heights—or should we say, new lows. Group-IB’s research reveals these sophisticated scams use slick trading interfaces to swindle victims through social media, aided by chatty chatbots and recycled tech tricks. It’s a digital con artist’s paradise, but not for long if cybersecurity teams have…

Fake investment platforms are taking financial crime in Asia to new heights—or should we say, new lows. Group-IB’s research reveals these sophisticated scams use slick trading interfaces to swindle victims through social media, aided by chatty chatbots and recycled tech tricks. It’s a digital con artist’s paradise, but not for long if cybersecurity teams have…

Researchers unleashed TEE.Fail, a side-channel attack exposing Trusted Execution Environments (TEEs) like Intel’s SGX and AMD’s SEV-SNP. Forget high-tech espionage—this $1,000 hack could be pulled off by someone who thinks RAM is a sheep’s uncle. It’s a wake-up call for “confidential computing” in DDR5 systems.

Starting October 2026, Google Chrome will default to HTTPS connections, making insecure HTTP sites a thing of the past. Chrome 154 will ask for user permission before visiting non-HTTPS sites, protecting against man-in-the-middle attacks and ensuring safer browsing. So, wave goodbye to insecure connections and hello to a safer internet experience!

North Korean threat actors are spicing up their cyber mischief with GhostCall and GhostHire campaigns, targeting Web3 and blockchain sectors. From fake Zoom calls to Telegram recruitment scams, they’re on a mission to infect systems faster than you can say “blockchain.” Apparently, hacking is a full-time job now.

KnowBe4 celebrates its 2025 Partner Programme Awards, honoring EMEA partners for cybersecurity brilliance. From creative marketing to championing products, these partners have embraced human risk management, making them the heroes of cybersecurity. Who knew the secret to fighting cybercrime was a touch of award-winning flair?

Google Chrome’s CVE-2025-2783 flaw, exploited by Mem3nt0 mori in “Operation ForumTroll,” turned phishing links into instant infections. This sophisticated espionage, involving Memento Labs’ tools, targeted organizations in Russia and Belarus. Google’s patch arrived quickly, but the incident highlights ongoing spyware threats lurking in the wild.

Hackers breached Svenska kraftnät, Sweden’s power grid operator, through an isolated file transfer system, stealing 280 GB of data. Luckily, the power grid itself remained as untouched as a salad at a pizza party. Everest ransomware group claimed responsibility, adding the breach to their Tor data leak site.