FireCompass lands $20M to outpace hackers with its AI-powered offensive security platform. By simulating real-world attacks safely, it identifies risks faster than you can say “cybersecurity breach.” With investment in R&D and global expansion, FireCompass is on a mission to stay one step ahead of the AI-driven cyber threat landscape.

SAP S/4HANA is under threat from a security vulnerability that lets attackers with just user privileges inject arbitrary code and wreak havoc. With a CVSS score of 9.9, it’s like giving a toddler the keys to a candy store. Patching is crucial to prevent a full system compromise of your SAP environment.

A new scam called “Grokking” tricks Grok AI on X into spreading malicious links. Cybercriminals hide links in ad metadata and ask Grok to reveal them, turning AI into a mischief-making megaphone. It’s like tricking a bouncer into letting in your sneaky cousin. Learn how this clever con exploits AI trust.

Downloading CleanMyMac from untrusted sources is like buying a Rolex from a guy in a trench coat—your system might end up with a “free” malware accessory! Unsuspecting users find themselves redirected to AMOS’ landing page, where the real fun begins, with malware scripts eager to steal sensitive data and wreak havoc.

North Korean hackers are taking job scams to the next level by targeting cryptocurrency enthusiasts in fake interviews. Using the ClickFix technique, they lure victims into copying malicious commands, proving that even job hunting in crypto can be risky. SentinelOne and Validin report at least 230 individuals were ensnared in these digital traps.

SVG files are getting a bad rap for hiding malware in a campaign impersonating Colombian authorities. VirusTotal found these sneaky files, which seemed harmless but unpacked like a digital Trojan horse, delivering a fake judicial portal with a side of malware. Who knew SVGs had such villainous potential?

Former Army Special Operations Intelligence specialist Glenn Devitt now leads the charge in digital inheritance cybersecurity. His battlefield-tested skills are applied to protect $84 trillion in assets through his company, Digital Legacy AI. With a blend of cutting-edge tech and military precision, Devitt tackles the vulnerabilities in digital estate planning.

Affinity Learning Partnership is facing a data breach after a cyberattack on Intradev. Now, sensitive staff information is out there, leaving employees wondering if they should replace their passports—or just start a new life as a secret agent. Meanwhile, the education trust scrambles for damage control.

File storage tools are the Achilles’ heel of data security, according to a survey, with 42% citing them as the top threat. Close behind are web file uploads at 40%. Meanwhile, 29% of firms have banned generative AI tools, though AI’s role in file security is growing, with 33% already adopting it.

SAP S/4HANA users, beware! The CVE-2025-42957 vulnerability is being exploited in the wild, SecurityBridge warns. This ‘critical’ flaw can let attackers with low privileges hijack your system faster than you can say “ERP meltdown.” Skilled professionals are already crafting exploits, so grab your security patches and hang on tight!

France’s data watchdog CNIL has fined Google $379M and Shein $175M for cookie rule violations. Google must stop displaying ads in Gmail without consent and ensure valid cookie consent, or face daily fines. Meanwhile, Shein deems its fine disproportionate, despite cookie-related infractions.

Cybersecurity researchers have discovered SVG files being used for phishing attacks on the Colombian judicial system. These sneaky images masquerade as official documents, but instead of downloading legal jargon, they usher in malware with the subtlety of a ninja in a library. This SVG malware campaign proves that even images can have a dark side.

Unknown miscreants are exploiting a configuration vulnerability in Sitecore products to achieve remote code execution and deploy snooping malware. The bug, CVE-2025-53690, affects versions with customer-managed static machine keys, allowing attacks if old sample keys are used. Sitecore warns to rotate keys now to avoid potential exploitation.

AI vulnerability identification system A2, developed by researchers from Nanjing University and The University of Sydney, aims to transform application security by emulating human bug hunters. With a 78.3% success rate in identifying Android app vulnerabilities, A2 promises fewer false positives and more accurate bug reports, making AI a potential game-changer.

APT28, the notorious Russian hacking group, has found a sneaky way to blend into Microsoft Outlook traffic using a stealthy backdoor called NotDoor. This clever malware turns Outlook into its stage, using trigger emails to steal data and execute commands. Who knew your inbox could become a super-spy’s playground?

GhostRedirector, the new China-aligned cybercrime crew, has hacked 65 Windows servers to boost gambling sites’ Google rankings. Using two fresh malware tools – Rungan and Gamshen – these digital tricksters fool Googlebot with fake backlinks. It’s like they’ve taken SEO from search engine optimization to sneaky espionage operation.

The US is offering a $10M reward for information on Russian FSB officers accused of hacking US critical infrastructure and over 500 energy firms. These cyber capers allegedly aimed to maintain unauthorized access, which could disrupt essential services. Who knew cyber espionage could be this electrifying?

Model Namespace Reuse is the AI world’s version of identity theft, allowing attackers to hijack and replace trusted AI models with malicious versions. It’s a wake-up call for developers to verify models beyond their names, pinning them to verified versions, and storing them securely to prevent malicious takeovers.

California’s S.B. 524 aims to keep AI-written police reports transparent and auditable. It demands AI-authored reports to include disclaimers, retain first drafts, and bans vendors from sharing data. This pivotal step ensures control over AI in policing, preventing officers from blaming AI for inaccuracies. Lawmakers, don’t let AI narratives write their own rules!

Threat actors are exploiting a zero-day vulnerability in legacy Sitecore deployments using CVE-2025-53690 to deploy WeepSteel malware. This misconfiguration flaw allows attackers to execute malicious payloads, leading to remote code execution. Sitecore advises replacing static machine keys and ensuring encryption to mitigate this vulnerability.