Cybersecurity researchers have discovered three patched security vulnerabilities in Google’s Gemini AI assistant. Dubbed the Gemini Trifecta, these flaws once left users open to search-injection, log-to-prompt attacks, and data exfiltration. Thankfully, Google’s quick action means your AI assistant won’t accidentally hand over your secrets like a magician revealing their tricks.

Microsoft’s Sentinel data lake is now generally available, offering a unified agentic platform for security teams. This cloud-native tool aims to enhance visibility and analytics, empowering AI models to better detect threats. By integrating signals and providing graph-based context, Sentinel shifts cybersecurity from reactive to predictive, making attacks as welcome as a mosquito at a…

The SCOUT software, the so-called “premier” client management tool, has been unmasked as a high-tech tattletale, secretly tracking keystrokes and flagging words like “sex” and “Nazi.” This data breach has left nearly 14,000 individuals and thousands of criminal justice employees exposed, proving once again that even spyware has trust issues.

A new wave of smishing attacks is exploiting Milesight Industrial Cellular Routers to dupe Belgian users. These routers are sending phishing texts by impersonating government services. With Belgium as the prime target, investigators warn of the persistent threat. Keep an eye out for mysterious messages—especially if they’re from “The Government.”

Broadcom patched six VMware flaws, including the zero-day CVE-2025-41244 actively exploited by the Chinese threat actor UNC5174. This flaw, with a CVSS score of 7.8, could allow local users to escalate privileges to root via VMware Tools and Aria Operations. Broadcom’s swift fix ensures your virtual world stays secure.

Cisco ASA/FTD devices are in hot water as nearly 50,000 are left exposed to two bugs actively exploited by attackers. With national security agencies sounding the alarm, CISA has issued a lightning-fast 24-hour patch order. If your device is past its prime, it’s high time to say goodbye!

Attackers nearly turned Gemini into a data-thieving accomplice by exploiting vulnerabilities recently patched by Google. Discovered by Tenable, the Gemini Trifecta reveals three hacking methods requiring minimal social engineering. From injecting prompts to manipulating search history, these attacks could’ve made Gemini spill sensitive secrets like a clumsy spy in a comedy caper.

Klopatra, the latest Android Remote Access Trojan, is giving mobile banking apps a run for their money. Armed with commercial-grade protection, it’s like the James Bond of malware—smooth, elusive, and wreaking financial havoc across Europe. Security experts are on high alert, urging banks to step up their game before Klopatra cleans them out.

Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been a favorite playground for zero-day attacks since October 2024. This bug, CVE-2025-41244, allows mischief-makers to stage malicious binaries, turning unprivileged users into root-level digital divas.

A £5.5 billion bust! The UK seized 61,000 Bitcoin from Chinese national Zhimin Qian, marking the world’s largest crypto seizure. Qian, who lured victims with promises of daily dividends, now faces sentencing. The UK hopes to use this windfall for budget plans. This is one for the blockchain history books!

ClaimPix’s auto insurance claims data, including personal details and even Power of Attorney documents, was left unprotected online. Over 5.1 million files were exposed, posing risks of fraud and vehicle cloning. ClaimPix has since restricted access and is updating security measures, but the duration of exposure remains unknown.

Google Drive has unveiled a new defense against ransomware attacks. This AI-powered feature detects suspicious activity and halts cloud syncing before ransomware can wreak havoc. It’s a digital bouncer for your files, offering a safety net for Google Workspace users. But remember, even with this tool, there’s still no panacea for ransomware.

Federal funding for the MS-ISAC ends, sparking uncertainty. MS-ISAC, a cybersecurity lifeline for local governments, now faces a future without Uncle Sam’s wallet. CIS plans a switch to a paid membership model, but can they sell cybersecurity like a gym membership? Stay tuned to see if cyber barbells become the next big thing.

Hackers are exploiting the critical CVE-2025-32463 vulnerability in the sudo package, allowing them to play “sudo-roulette” with root-level privileges. CISA demands action by October 20 to avoid systems becoming a hacker’s dream playground. Users are urged to patch faster than a caffeinated sysadmin during a server meltdown.

Windows 11 has been having a rough time with DRM-protected videos, thanks to a troublesome bug. Microsoft claims a “partial” fix is in place, but if your screen’s still black, you might need to hang tight for the full resolution. Remember, patience is a virtue, especially with Digital Rights Management issues!

Google Gemini isn’t just a shiny AI tool—it’s also a playground for hackers. Security experts found three vulnerabilities, dubbing them the “Gemini Trifecta.” Threat actors can manipulate Gemini for indirect prompt injection and data exfiltration. So, network defenders, time to treat AI integrations as active threat surfaces before they treat you like a punchline.

KB5065789 preview update for Windows 11 24H2 offers 41 improvements, like AI actions in File Explorer and fixes for Windows Sandbox. It’s optional, so install it if you’ve got a thing for bug fixes or just love pressing ‘Check for Updates’. Remember, this isn’t a security update, so no capes involved!

Mondoo raises $17.5 million for its vulnerability management platform, bringing its total funding to over $32 million. With plans to expand in the US and EMEA, Mondoo aims to power up its platform to help organizations prioritize vulnerabilities like a boss, eliminating threats faster than you can say “attackers move in hours, not weeks.”

Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the NSA. The first flaw exploits password recovery, while the second allows username enumeration. Meanwhile, Broadcom also addressed several other issues in VMware products, proving once again that cybersecurity is just a fancy game of digital whack-a-mole.

Globetrotting cybersecurity agencies have united to offer new asset inventory guidance for OT organizations, helping them keep track of their systems like a hawk with a clipboard. From asset inventories to SBOMs, these documents aim to ensure organizations can manage risks and outsmart those pesky ransomware groups with a touch of humor and a lot…