Google has patched a zero-click flaw in Gemini Enterprise, aptly named “GeminiJack,” which allowed corporate data exfiltration through cunningly crafted emails, invites, or documents. By exploiting this vulnerability, attackers could pilfer sensitive information without the need for malware or user interaction, turning AI into an unwitting accomplice in corporate espionage.

CyberVolk is back with a new ransomware service run entirely through Telegram, making it a breeze for even the least tech-savvy to wreak havoc. But here’s the silver lining: they botched the job by hardcoding master keys, offering victims a chance to unlock files without paying. CyberVolk’s comedic error might just save the day!

Doxers posing as cops are fooling big tech firms into revealing your private data with just a spoofed email and fake documents. It’s like Mission Impossible, but with less Tom Cruise and more clueless IT departments.

EFF opposes all forms of age verification mandates, arguing that online age verification burdens many more people than in-person checks. Unlike flashing an ID at a bar, online age-gating requires uploading sensitive data, posing significant privacy risks. It’s not just about buying a six-pack—it’s about protecting First Amendment-protected speech.

Google fixed a new actively exploited Chrome zero-day by patching three vulnerabilities, one of which was already causing chaos in the wild. This high-severity bug was linked to the ANGLE graphics library. So, if your Chrome browser starts acting like a drama queen, update it before it crashes your party!

ReversingLabs uncovers a sneaky Trojan campaign targeting Visual Studio Code Marketplace. With 19 malicious extensions hiding in plain sight, these crafty cybercriminals disguised their malware as something harmless. It’s a classic “your-trusted-package-gone-bad” plot, with a fake PNG file twist. Developers, check those extensions carefully—if it looks too good to be true, it probably is!

Outpost24’s acquisition of Infinipoint marks its entry into the Zero Trust Workforce Access market, marrying user and device validation into a seamless security approach. It’s like a tech wedding where the vows are: “I take you, user and device, to have and to hold, from this login forward, for safer, more secure access.”

OpenAI’s GPT-5.1-Codex-Max has leveled up, boasting a 76% success rate in CTF challenges. However, these AI gains come with a cybersecurity twist. OpenAI warns of “high” risks, so securing your digital fortress is more crucial than ever. Remember, AI might be smart, but so are hackers!

LastPass received a £1.2 million fine from the ICO for security blunders that led to a data breach affecting 1.6 million UK users. Turns out, even in the digital age, all it takes for chaos is a dodgy laptop and a hacker with a knack for multitasking. Password security tips, anyone?

LastPass is facing a hefty £1.2 million fine from the UK’s Information Commissioner’s Office after a 2022 data breach compromised 1.6 million UK users. The fine comes as a slap on the wrist for a company that left the backdoor open for hackers, serving as a cautionary tale for data protection.

Google Chrome’s eighth zero-day bug of 2025 is here, and it’s causing more suspense than a thriller movie. Details are scant, but we know it’s serious. Users should update their browsers pronto to avoid becoming the next victim of this mysterious threat. Remember, when in doubt, always trust a Chocolate Factory fix!

Want to know the secret behind turning cyber threats into a walk in the park? Let a red team loose in your environment! From Cobalt Strike to Outflank Security Tooling, discover the ultimate red teaming tools of 2026 and learn how to choose the perfect cyber ninja to defend your organization.

Cybersecurity sleuths have uncovered 19 Visual Studio (VS) Code extensions that sneak malware into developers’ lives through their dependency folders. Using npm packages as a disguise, the attackers cleverly slipped harmful files past conventional checks, proving once again that even trusted extensions can be Trojan horses in disguise.

Microsoft is expanding its bug bounty program to include all online services, regardless of who wrote the code. If a critical vulnerability impacts their services, it’s bounty-eligible. This move aims to outsmart hackers and reward researchers for spotting weaknesses in both Microsoft and third-party components. Who knew bugs could be so profitable?

AI integration in operational technology environments presents trust issues, making it as welcome as a cat at a dog show. CISA’s guidance suggests understanding AI first, but lack of trust and predictability are big hurdles. AI might relieve some work pressures, but its unpredictability can complicate things more than a toddler with a paintbrush.

Beware of the ConsentFix attack, a new twist on ClickFix. It tricks users into completing an Azure CLI OAuth flow to hijack Microsoft accounts, bypassing passwords and MFA. No need to worry about remembering your password if an attacker can just borrow your whole account instead!

DroidLock is turning Android phones into unwitting spies, with attackers gaining remote control and locking users out. Zimperium’s researchers found it doesn’t encrypt files but uses crafty tactics to access sensitive data and capture screen activity. It’s like ransomware, but instead of asking for money, it asks for your sanity.

The results of the 2025 ATT&CK Evaluations are out, and cybersecurity companies are buzzing. MITRE tested solutions against scenarios inspired by Scattered Spider and Mustang Panda, even throwing cloud infrastructure into the mix. Eleven companies participated, though some big names skipped this year, citing the evaluations as a resource-intensive endeavor.

Danielle Hillmer, a former senior manager, allegedly fibbed about her employer’s cloud platform being as secure as a bank vault, when it was more like a leaky boat. Now she’s charged with cybersecurity fraud. If convicted, Hillmer might need to rethink her cloud strategy from behind bars.

1inch becomes the exclusive swap provider for Ledger Multisig, integrating its Swap API to eliminate blind signing. This collaboration between 1inch and Ledger enhances security in on-chain treasury management, allowing users to review transactions in clear, readable form. It’s like giving DeFi security a pair of glasses—finally, everything’s in focus!