A security flaw in Red Hat OpenShift AI allows attackers with low privileges to escalate to cluster admin, causing chaos like a toddler with an espresso. Rated 9.9 in severity, this vulnerability demands authenticated access but could lead to full infrastructure control. Time to tighten those permissions, folks!

Zhimin Qian, the mastermind behind China’s largest financial fraud, has pleaded guilty to laundering £5.5 billion in cryptocurrency. This historic case saw 61,000 Bitcoin seized in a dramatic London raid. The UK and China now battle over the billions, proving the UK isn’t a hiding spot for stolen wealth.

Allianz Life, WestJet, and Motility Software Solutions are the latest victims of data breaches, impacting 3.7 million people. Allianz confirmed a breach at a third-party CRM provider, exposing 1.4 million customers. WestJet’s cyberattack impacted 1.2 million, while Motility faced a ransomware attack affecting over 766,000 individuals. Identity protection is offered to all impacted.

Phantom Taurus isn’t just another state-sponsored hacking group; they’re the secret agents of the cyberworld. Armed with unique tactics and Net-Star malware, they’re targeting governments and telecoms with James Bond-level espionage. Forget shaken, not stirred—these hackers are all about silent, not seen.

WestJet confirmed a June 2025 cyberattack exposed customer information. While names and IDs were compromised, credit card details are safe. The airline swiftly restored services and now offers identity theft protection. Watch out for scammers—if anyone asks for your credit card info claiming they’re from WestJet, it’s probably not a free upgrade!

Apple urges users to update iPhones and Macs to patch the CVE-2025-43400 font bug. This flaw can lead to crashes or, worse, allow attackers to execute code. So, update now unless you want your device to start speaking in Wingdings.

Quantum computing is the villain in Bitcoin’s superhero saga, with its potential to break cryptographic algorithms and crash the party. While developers race to create defenses, investors keep an eye on the bitcoin price live. The quantum threat is no longer sci-fi; it’s a looming reality, challenging the future of digital currency.

Enterprises aren’t keen on letting autonomous agents take the wheel, fearing AI hype is crashing against reality. Gartner found just 15% of IT leaders are considering fully autonomous agents. With worries about security and a lack of trust, companies like Klarna and Duolingo have switched back to humans after AI let them down.

NIST’s new guide, Special Publication 1334, tackles cybersecurity risks in OT environments from USB flash drives and other removable media. While USB devices might seem harmless, they can be malware’s favorite ride to cause havoc. The guide offers a two-page crash course on procedural, physical, and technical controls to keep those sneaky threats at bay.

Descope, the identity and access management provider, has secured an additional $35 million in seed funding, bringing its total to $88 million. With a no-code/low-code platform, Descope aims to tackle the customer identity and authentication market, all while ensuring that identity management is as easy as pie… or at least as easy as managing pies.

Cybersecurity Awareness Month 2025 calls for action beyond awareness. Despite hefty investments in defenses, attackers are just logging in with stolen credentials. Identity remains the most exploited attack vector. Organizations must prioritize identity security, making it a board-level priority, to truly build resilience and protect against breaches.

AI is the new superhero in cybersecurity, swooping in as the top investment priority for the next year, according to a PwC report. While AI threat hunting leads the charge, a whopping 50% still struggle with understanding AI, and 41% lack the skills to deploy it. Time to hit the books, folks!

Unknown threat actors are exploiting Milesight industrial routers to send smishing messages in Europe, using the router’s API to distribute phishing URLs. The attack primarily targets Sweden, Italy, and Belgium with typosquatted URLs mimicking official platforms. These routers, weak on security, have become the smishing campaign’s unwitting wingmen.

The Bitdefender 2025 Cybersecurity Assessment Report reveals a stark reality: 58% of security professionals were told to keep breaches confidential, an alarming trend that prioritizes optics over transparency. With 84% of high-severity attacks using legitimate tools, organizations are forced to rethink their strategies to reduce the enterprise attack surface.

Imgur’s UK exit leaves Brits in the lurch, facing a blank screen and a 400 error page. The UK’s data watchdog calls it a “commercial decision” after signaling plans to fine MediaLab. Meanwhile, VPNs and video game character face scans become the new passport for digital escapades. Ah, the joys of online adulting!

Beware of CVE-2025-41244, a VMware vulnerability that’s been giving hackers a leg-up with root access since October 2024. This pesky flaw impacts VMware Aria Operations and VMware Tools, allowing attackers to escalate privileges. Broadcom patched it, but not before it was out and about, hobnobbing with cybercriminals everywhere.

Klopatra, a new Android banking trojan, has infected over 3,000 devices in Spain and Italy. Disguised as popular apps, it uses cunning tactics like dynamic overlays and Hidden VNC to steal credentials and perform fraud. It’s like the sneaky ninja of mobile malware, blending stealth with the art of financial mischief.

House buyers in the UK face a new villain: payment diversion fraud (PDF). It’s the ultimate heist, with average losses of £82,000. The National Crime Agency and The Law Society team up to say, “Stop sending money to fake solicitors!” Remember, double-check those bank details or risk sending your savings to a fraudster’s holiday fund.

Cyberattacks on schools are wreaking havoc, with recovery times worsening despite increased cybersecurity training for teachers. Students’ coursework disappears into the digital ether, while Ofqual urges stronger defenses. Half the attacks come from students themselves, proving that school isn’t just hard—it’s hardwired for chaos.

Campaigners urge UK PM Starmer to dump digital ID wheeze before it’s announced. While Starmer confidently pledged to smash gangs and secure borders, his digital ID plans remain a ghost at his conference speech. With 2.6 million signatures against it, will the digital ID be dead in the water before it even sets sail?