Science isn’t built in a vacuum; it’s a team sport. But major publishers are playing dirty, monopolizing access and charging researchers through the roof. This “platformization” is turning research tools into surveillance traps. The antidote? Open Science and decentralization. Let’s ditch the gatekeepers and keep science thriving.

AI for finance is revolutionizing the financial sector by streamlining processes, improving decision-making, and enhancing customer experiences. With AI’s help, institutions can manage risks, detect fraud, and automate tasks with unmatched efficiency. Embrace the future of finance—unless you prefer your transactions as slow as a dial-up modem!

The UN Cybercrime Convention is like giving a toddler a chainsaw—sure, they might mean well, but it’s bound to end in disaster. EFF warns that this treaty could pave the way for globalized surveillance, with states using it to monitor critics and suppress free speech. Spoiler: It’s not cutting-edge security; it’s a digital dystopia.

CISA has added Microsoft WSUS and Adobe Commerce flaws to its Known Exploited Vulnerabilities catalog. Among them, the SessionReaper flaw is wreaking havoc on e-commerce sites. With only 38% of stores patched, it’s like leaving your front door open during a neighborhood-wide game of capture the flag, but with hackers instead of kids.

WordPress websites are under siege by a campaign exploiting GutenKit and Hunk Companion plugins. Hackers are on a mission, with 8.7 million blocked attacks in just two days! Wordfence advises updating plugins faster than you can say “CVE-2024-9234” to avoid unwanted visitors. Keep your site safe and your coffee strong!

Microsoft 365 Copilot had a brief career as a data thief, thanks to a security hole that allowed it to pilfer sensitive tenant info. The culprit? Indirect prompt injection attacks. Alas, the heroic researcher who uncovered this hole won’t be cashing in, as Microsoft’s bug bounty radar missed this one.

Unit 42 has unveiled a smishing campaign linked to the Smishing Triad, using over 194,000 malicious domains since 2024. These sneaky threat actors impersonate services like USPS and toll services, tricking users globally. With a PhaaS ecosystem, the Triad rakes in billions by targeting brokerage accounts and employing “ramp and dump” stock tactics.

Everest ransomware group claims to have 576,686 records from AT&T Careers locked behind a password, taunting AT&T to “follow instructions” before time runs out. While AT&T’s cybersecurity track record makes headlines, applicants and employees should brace themselves and update passwords, just in case the data goes public.

Microsoft has released an urgent update to patch a critical WSUS vulnerability, CVE-2025-59287, with a CVSS score of 9.8. This flaw allows remote code execution, making it a hacker’s dream and an IT admin’s nightmare. If your Windows Server is feeling adventurous, this is one update you won’t want to skip!

Beware: attackers are now exploiting a critical Windows Server Update Service vulnerability, CVE-2025-59287. This flaw allows remote code execution, and hackers are having a field day, despite Microsoft’s emergency patches. It’s a wormable wildcard, and WSUS admins should update ASAP or risk becoming the unwilling host of a cyber circus.

LockBit ransomware is back, and it’s celebrating its sixth anniversary with a bang—or rather, a LockBit 5.0 variant. After a brief hiatus, the group is now targeting organizations globally, including Windows and Linux systems. With improved stealth and a revamped affiliate program, it’s like a cybercriminal’s dream come true.

A major DNS failure caused a massive AWS outage, leaving websites and online services in a digital blackout for over 14 hours. Amazon says the glitch was due to a race condition in their DNS management. They’ve since disabled the buggy automation and promised not to play tag with DNS errors again.

Beware! LastPass users are being targeted by a phishing campaign involving fake access requests linked to a mythical inheritance process. The culprits, CryptoChameleon, are out for your cryptocurrency stash, using passkey-focused phishing domains. Remember, if you’re not dead, don’t log into fake vaults!

Microsoft released an urgent update to patch a critical WSUS vulnerability, CVE-2025-59287, only to have hackers exploit it hours later. This flaw lets unauthenticated attackers run code with System privileges. Disabling WSUS temporarily is advised until the patch is applied. The Dutch government is also on high alert.

A Pakistan-nexus threat actor, Transparent Tribe, targets Indian government entities with spear-phishing attacks to deliver DeskRAT malware. This cunning campaign showcases the group’s knack for digital mischief while highlighting DeskRAT’s impressive skills in stealth and persistence—like a cyber ninja with a serious vendetta against BOSS Linux systems.

Cybercriminals wasted no time to ride the Comet AI browser wave, creating fraudulent domains and fake apps to dupe users. BforeAI reports a surge in typo-squatting and brand impersonation since Comet’s launch, with fake Comet apps popping up like unwanted mushrooms. Remember, if it’s too good to be true, it might just be a comet-astrophe!

Lazarus Group is at it again, targeting European UAV companies with fake job offers under Operation Dream Job. The goal? Sneak in malware and steal sensitive info. It seems reverse engineering and swiping drone secrets have become the North Korean hobby. Who knew espionage could be a career path?

Starting November 2025, Firefox extension developers must disclose if their add-ons collect or share user data. This info goes in the manifest.json file, ensuring transparency. Extensions with no data collection must also declare this. Non-compliance? Expect a “You Shall Not Pass!” block from Mozilla’s add-on repository.

The Summoning Team conjured victory at Pwn2Own Ireland 2025, snagging the Master of Pwn title and a hefty chunk of the $1,024,750 prize. How? By outsmarting top tech and making zero-days look like just another day in the park. Meanwhile, one hacker’s WhatsApp exploit stayed under wraps, proving some secrets are best left untold.

SecurityWeek’s cybersecurity news roundup is your backstage pass to the digital world’s drama, featuring the latest quirks like iOS 26 deleting spyware evidence faster than you can say “Pegasus,” and a Maryland vulnerability disclosure program that invites you to snitch on their systems—all wrapped in a concise and witty package!