Cisco’s Networking Academy, famed for its global accessibility, may have indirectly trained individuals linked to the notorious Chinese hacker group Salt Typhoon. While the program promotes digital literacy and ethical hacking, it seems some alumni took a detour from “cyber defense” to “cyber offense,” leaving Cisco in an ironic twist of fate.

Sophia McCall is more than just a cyber security speaker; she’s the industry’s superhero, smashing stereotypes like they’re made of digital papier-mâché. With her platform, Security Queens, she’s making the cyber world as inclusive as a group chat. Empowering diverse teams to outsmart cyber threats, she’s redefining what it means to be secure!

As AI becomes the office’s newest co-worker, a new report by KnowBe4 highlights a 90% surge in incidents linked to human error. With email still the primary battleground, AI-related security incidents climbed 43%, and shadow AI behaviors are on the rise. Time to give your cybersecurity a promotion!

Beware of the sneaky Python loader! This malware campaign uses ClickFix prompts to trick users into unleashing CastleLoader chaos by running a simple command in the Windows Run dialog. It’s like opening Pandora’s box, except instead of mythical woes, it’s a string of cunning cyber shenanigans!

Pro-Russia hacktivist groups are exploiting exposed virtual network computing connections to breach operational technology systems. Their antics, though less sophisticated than state-sponsored attacks, have caused real-world disruptions. These digital pranksters seek attention rather than power, but operators are urged to bolster defenses before a password-guessing game becomes a costly reality.

The US government warns that pro-Russia hacktivists are targeting critical infrastructure using unsophisticated methods. While these attacks have had limited impact so far, they could pose a significant threat in the future. The FBI, CISA, and NSA have identified groups like Cyber Army of Russia Reborn and Z-Pentest as key players in these cyber exploits.

North Korea-linked hackers are exploiting the React2Shell flaw to release EtherRAT, a persistent remote access trojan with Ethereum smart contracts. This malware blends North Korean tactics but ditches credential theft for long-term stealth, forcing defenders to face a new, cunning adversary.

Keeping up with the House Oversight Committee’s investigation into Jeffrey Epstein can feel like trying to follow a soap opera with missing episodes. The focus now? Epstein’s financial records. Meanwhile, the Epstein Files Transparency Act is nudging the DOJ to spill the beans on unclassified records. Pass the popcorn!

Israeli cybersecurity companies have reached a record $4.4 billion in funding for 2025. With 130 funding rounds, Israel’s cyber warriors are not just securing your data; they’re securing their spot in the startup hall of fame! YL Ventures reports a 500% funding increase over a decade, proving cyber is the new black!

Watch out for the Spiderman phishing kit! This sneaky cyber tool is spinning pixel-perfect web replicas of legit bank sites across Europe, capturing logins and 2FA codes. It’s a cybercriminal’s dream come true, targeting big names like Deutsche Bank and PayPal. Stay vigilant and double-check URLs before entering your credentials!

Three vulnerabilities in the PCIe IDE protocol could expose local attackers to serious risks. These flaws might lead to information disclosure, privilege escalation, or denial of service. However, they require physical access, so while they sound dramatic, they’re more like a theatrical whisper: not too alarming unless you’re really close.

Google squashes GeminiJack, a vulnerability that let hackers sneak into corporate secrets by simply sending an email or calendar invite. No user action needed—Gemini Enterprise did the dirty work! Thanks to AI security firm Noma Security for catching this sneaky flaw before it turned into a corporate confetti cannon.

Ukrainian national Victoria Dubranova faces charges for her alleged role in cyberattacks, including tampering with U.S. water systems, on behalf of Russian hacktivist groups. Dubranova, who pleaded not guilty, could face up to 32 years in prison if convicted. U.S. prosecutors are cracking down, offering rewards for information leading to arrests.

NATO’s Cyber Coalition exercise, set on the fictional island of Occasus-Icebergen, is a digital showdown where 1,500 cybersecurity experts tackle cyberattacks crafted from real-world scenarios. This is where they test their mettle, not grades, as nations collaborate to tackle modern threats, proving in the cyber world, there truly is no ceasefire.

Google has patched a zero-click vulnerability, GeminiJack, in Gemini Enterprise that could expose corporate secrets faster than you can say “Oops.” Discovered by eagle-eyed Noma Security researchers, this flaw could turn your AI assistant into a sneaky data thief without you clicking a thing.

WinRAR is in the spotlight again, making CISA’s Known Exploited Vulnerabilities list due to a security flaw. This path traversal bug, CVE-2025-6218, allows sneaky hackers to execute code if users open malicious files. Thankfully, RARLAB patched it in WinRAR 7.12, but not before it got exploited by cyber baddies like GOFFEE and Bitter.

SAP’s latest security patch is like a blockbuster movie release—14 new security notes, with three critical ones, including a code injection flaw with a CVSS score of 9.9. It’s a hacker’s dream, but a nightmare for admins who’d rather not star in “The Great Data Breach Caper.” Patch now, laugh later!

Log4Shell vulnerability continues to haunt developers, with 13% of Log4j downloads still risky in 2025. Despite available fixes, developers opt for popularity over security, creating a classic case of ‘corrosive risk.’ Sonatype urges a shift to prioritizing security, automating upgrades, and blocking known vulnerabilities to eliminate unnecessary risk.

The US Justice Department has indicted Victoria Eduardovna Dubranova, a Ukrainian national, for allegedly supporting Russian-aligned hacking groups CARR and NoName057(16). Dubranova faces charges related to cyberattacks on critical infrastructure. The US is offering a $2 million reward for information on CARR. Her trial is set for 2026.

Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact have issued Patch Tuesday advisories for ICS/OT product vulnerabilities. Siemens alone offers 14 new advisories, with some dubbed ‘critical.’ Meanwhile, Schneider Electric addresses a WSUS vulnerability, and Rockwell Automation tackles SQL injection woes. Phoenix Contact isn’t left out, with multiple vulnerabilities in its FL SWITCH series.