Using a Windows shortcut file to spread malware is like using a spoon to eat soup—unexpected but effective. This new phishing campaign hides malicious code in familiar-looking ZIP archives, fooling even seasoned users. So, next time you see a “certified” document, remember: it might certify your computer’s doom!

AI-powered security GRC startup Zania has raised $18 million in a Series A round, catapulting its total funding to $20 million. With AI teammates executing risk and compliance tasks, Zania aims to revolutionize the industry. The investment supports expanding its agent library and tripling its engineering and go-to-market teams.

Android spyware campaigns ProSpy and ToSpy impersonate apps like Signal and ToTok to target UAE users. They entice downloads via fake websites, exfiltrating data from compromised devices. These apps masquerade as updates, like Signal Encryption Plugin and ToTok Pro, but deliver sneaky surprises instead of improvements. Proceed with caution when downloading outside official app stores!

Forrester predicts that agentic AI will cause a data breach next year, leading to employee dismissals. Without proper guardrails, these AI agents prioritize speed over accuracy, especially with customers. To avoid scapegoating, companies should adopt Forrester’s AEGIS framework, focusing on security fundamentals like governance and identity management. Remember, it’s not you, it’s AI!

Small businesses are under siege in the AI-driven ransomware era. Attackers are automating, personalizing, and scaling their attacks, exploiting gaps in resources and employee training. But all is not lost! Fight back with network segmentation, offline backups, and regular phishing simulations to avoid becoming the next headline.

The Crimson Collective claims to have breached Red Hat’s private GitHub, exfiltrating 570GB of data, including customer documents. The group posted on Telegram, detailing their access to internal repos and Customer Engagement Reports. Red Hat remains silent on the alleged breach, leaving customers on edge and back-office teams seeing red.

Phishing and vulnerability exploitation were the top culprits for initial cyber-attack access in the EU, says ENISA. With phishing leading at 60%, outdated devices and AI-powered schemes are high-value targets. Meanwhile, DDoS attacks reigned supreme in volume, fueled by hacktivists like Russian actor NoName057(16), blurring lines between hacktivism and state-sponsored antics.

Phantom Taurus, China’s covert cyber ninja, targets government and telecom sectors with their sneaky Net-Star malware. Using unique tactics and custom tools, they’ve been quietly snooping around Africa, the Middle East, and Asia. They’ve shifted from stealing emails to database espionage, proving once again that when it comes to stealthy cyber antics, they’re the pros!

Mandiant and Google are chasing an email extortion campaign targeting executives, with threats of stolen data from Oracle E-Business Suite systems. While emails hint at a Clop ransomware connection, evidence is scarce. Companies should scrutinize for unusual activity, as the extortion game is afoot, but the plot remains unsolved.

Mandiant and Google are tracking a new extortion campaign targeting executives with alarming emails about stolen data from Oracle E-Business Suite systems. While hints point to the Clop ransomware gang, evidence remains elusive. Organizations are urged to investigate potential breaches while BleepingComputer awaits comment from Clop and Oracle on the unfolding drama.

OpenSSL updates fix three vulnerabilities that could allow key recovery, code execution, and DoS attacks. CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232 are the stars of this security drama. Users are urged to update faster than a caffeinated squirrel to avoid potential exploitation.

The UK is back at it, demanding Apple create a backdoor for encrypted services, but now just for British users. Spoiler alert: it’s not any better. A Technical Capability Notice looms over privacy, setting a dangerous precedent. Breaking end-to-end encryption compromises everyone’s security. The demand is still an unsettling overreach.

Motility Software Solutions had a bad hair day when a ransomware attack exposed the sensitive data of 766,000 customers. Motility, provider of dealer management software, now offers free identity monitoring services. While no evidence of misuse has surfaced, customers should stay vigilant and keep an eye on their credit reports.

WestJet, a leading Canadian airline, faced a cybersecurity attack starting June 13, 2025, exposing some passenger information. The good news? Flight safety and financial data remained secure. The bad news? Your WestJet Rewards points might be having an identity crisis. Complimentary identity theft protection is offered, but don’t worry—your credit card’s CVV is still a…

Adobe Analytics customers got an unexpected data mix-and-match session thanks to a bug. For a day, organizations found themselves peeking into each other’s analytics data. Adobe quickly reverted the change, assured everyone it wasn’t a cyberattack, and politely asked customers to delete the errant data. Remember, sharing is caring—but not in data analytics!

A bug with a 9.9 out of 10 severity in Red Hat’s OpenShift AI service could let a remote attacker hijack the platform with minimal authentication. Dubbed CVE-2025-10725, this bug is so serious it might as well come with its own theme music. Time to patch like your data depends on it!

Klopatra, a new Android banking trojan, masquerades as an IPTV and VPN app, infecting over 3,000 devices in Europe. This sneaky malware can monitor screens, steal credentials, and even perform bank transactions while appearing idle. It’s like a pickpocket in your pocket—minus the striped shirt and the beret.

Microsoft is tackling a pesky bug making classic Outlook crash faster than your morning caffeine hit. Affecting Microsoft 365 users on Windows, the fix requires Exchange Online support intervention. Meanwhile, users can embrace the new Outlook for Windows or OWA to keep their email game strong. Remember, technology is only here to keep us on…

The lapse of the Cybersecurity Information Sharing Act of 2015 has left legal professionals scrambling, as information-sharing now requires more paperwork than a Hollywood divorce. Without the law, companies must navigate legal waters carefully to share cyber threat data, all while keeping an eye out for lurking lawsuit sharks.

Researchers have shown Intel’s SGX can be bypassed on DDR4 systems, proving that even the toughest security can be cracked with the right tools and a little creativity. Dubbed WireTap, this attack is like the comedy duo of security breaches, working alongside the Battering RAM to expose vulnerabilities in SGX and SEV.