Google’s GeminiJack flaw turns your AI into an unintentional corporate spy, capable of leaking secrets faster than a sieve in a rainstorm. This indirect prompt injection attack could pilfer sensitive data with zero clicks, all while masquerading as normal activity. Google’s patch has calmed the storm, but vigilance remains key.

Botnets in physical form? Picture a robot army marching into your living room. With humanoid robots set to generate $5 trillion by 2050, security is key. They’re not just another tech fad; they’re the perfect storm of robotics, AI, and need. As Rooke said, “Botnets in a physical form is now.”

Saviynt announced a $700 million Series B funding round, valuing the identity security company at $3 billion. Led by KKR, the funds will enhance its AI-powered platform for managing and securing identities. While not all funds will go directly into the business, the investment aims to boost product development and integration with third-party platforms.

Storm-0249 is upping its cybercrime game, shifting from initial access broker to launching precision attacks using tactics like domain spoofing and DLL side-loading. With the finesse of a magician, they use social engineering to trick users and run stealthy operations, leaving security teams scratching their heads, wondering if they’ve been hit by a cyber Houdini.

Saviynt has landed a $700M Series B funding, boosted by KKR, catapulting its value to $3 billion. With AI causing identity crises faster than a witness protection program, Saviynt’s platform is stepping up to manage the digital identity circus. Looks like identity security is the new must-have accessory for enterprises.

SimpleX Chat, a privacy-focused messaging platform, recently had its X account compromised in a scam targeting crypto wallets. The attack exploited X’s delegate feature, tricking users with a fake “Perpetuals Early Access” offer. SimpleX clarified it doesn’t offer crypto services and urged X to improve security around business account features.

The US is offering up to $10 million for intel on the Iranian hacking group Shahid Shushtari. Previously known as Emennet Pasargad, these cybercriminals are linked to Tehran and accused of meddling in the 2020 U.S. elections and targeting the 2024 Summer Olympics. Information on their leader or long-time accomplice could be lucrative!

The UK’s foreign secretary, Yvette Cooper, is rallying Europe against information warfare. Malign foreign states are using hybrid attacks to undermine democracies, and even low-skilled actors can now spread misinformation. As Russia’s misinformation campaigns persist, the UK pushes for European unity to combat these threats.

Proofpoint has secured its European expansion by snapping up Hornetsecurity for a whopping $1.8 billion. With Hornetsecurity’s 365 Total Protection, Proofpoint is now the knight in shining armor for both enterprises and small businesses, ready to protect Microsoft 365 environments like never before.

Google has rolled out new security features in Chrome, introducing a User Alignment Critic to prevent indirect prompt injections. This vigilant watchdog keeps rogue AI actions in check, ensuring they align with users’ goals. It’s like having a bouncer for your browser, ready to veto misaligned actions and safeguard your online experience.

The Mirai-based Broadside botnet is causing waves by targeting TBK Vision DVR products. With a knack for exploiting OS command injection flaws, Broadside infiltrates devices, making them potential threats to maritime logistics. This botnet’s antics include DDoS attacks, data harvesting, and process termination—certainly not a sea breeze for cybersecurity!

Microsoft is tackling an incident blocking European users from Microsoft Copilot due to a sudden traffic spike. The company is manually scaling capacity to resolve the issue. Meanwhile, some admins face errors with Microsoft Defender for Endpoint, adding to the tech giant’s to-do list. Stay tuned for updates on this digital juggling act!

Prompt injection vulnerabilities are like that stubborn stain on your favorite shirt—annoyingly persistent. Government security experts advise that instead of hoping for a miracle cure, focus on minimizing the mess. It’s time to tackle prompt injection not as a pesky SQL injection, but as an “inherently confusable deputy” within large language models.

Polish police arrested three Ukrainian nationals for possessing advanced hacking tools, including the infamous Flipper Zero, which can hack everything but your grandma’s cookie recipe. The suspects, who claimed to be IT experts, were caught with spy gadgets and loads of SIM cards, sparking an investigation into potential cybersecurity threats.

Equixly, the Italian cybersecurity startup, raised €10 million in Series A funding to expand its AI-driven penetration testing platform. With a knack for finding API vulnerabilities before hackers do, their AI agents act like digital Sherlocks, sniffing out security flaws across development lifecycles, while planning to take the UK by storm with their new funds.

Portugal’s move to protect cybersecurity researchers puts the UK on the spot, highlighting the urgent need to reform the outdated Computer Misuse Act. It’s a little awkward when your cybersecurity laws are older than the internet memes you consult for guidance. Time to update before anyone else gets caught in the digital cobwebs!

Gartner suggests enterprises block AI browsers until risks like rogue agents and phishing can be managed. The report warns that default settings favor experience over security. So, if your AI agent books a flight to Timbuktu instead of Tokyo, you might want to reconsider its travel planning credentials!

Canadian organizations are in the crosshairs of cyber group STAC6565, a.k.a. RedCurl, infamous for its cyber espionage and ransomware antics. Sophos revealed nearly 40 incidents linked to these digital mischief-makers, who now favor Canadian targets. Their toolbox includes RedLoader and QWCrypt, as they pivot from phishing to more sophisticated strategies.

The head of the UK government’s digital identity scheme has humorously sidestepped the £1.8 billion cost forecast, much like a politician avoiding a dance-off. With a consultation delayed, costing clarity remains as elusive as a cat avoiding bath time. So, stay tuned for the grand reveal of numbers that might actually stick!

Cybersecurity researchers have exposed sneaky VS Code extensions that pose as a premium dark theme and AI coder’s buddy but are actually malware in disguise. These extensions can swipe your data faster than you can say “Ctrl+Z.” It’s a cautionary tale of developers unwittingly installing digital spies right onto their machines.