Toys “R” Us Canada has sent data breach notices after customer records were leaked online. Fortunately, no passwords or credit card details were exposed. So, while your toy shopping habits may be public, at least your bank account isn’t. Time to keep an eye out for phishing scams—and maybe a new password.

Toys R Us Canada experienced a data breach after attackers accessed their database and posted customer information online. Although names and addresses were stolen, the toy retailer assures no passwords or credit card details were compromised. In a classic plot twist, Toys R Us has yet to offer free identity protection to affected customers.

Lazarus hackers, North Korea’s cyber-spies, are back with Operation DreamJob, targeting European defense firms with fake recruitment lures. Their aim? To pilfer UAV technology secrets and boost North Korea’s drone program. Armed with trojanized PDFs and the ScoringMathTea RAT, they’re proving that even job offers can come with malware.

The Foundation for Defense of Democracies warns that a new UN cybercrime treaty might help authoritarian regimes suppress dissent. Critics argue its vague definitions could make the U.S. and allies complicit in foreign censorship. While the treaty could aid in tackling cyber threats, it risks empowering oppressive governments.

The Medusa ransomware group leaked 186.36 GB of data claimed to be stolen from Comcast. Initially demanding $1.2 million to keep the data under wraps, the group opted for a public release when negotiations with Comcast stalled. Comcast now joins the list of companies targeted by ransomware groups, with data available in 47 split files.

Google and Apple are stuffing their devices with AI features like overzealous holiday decorators with tinsel. Yet, they’ve neglected to provide users with control over which apps these AI systems can access. The result? A privacy minefield where your WhatsApp messages might go on an unexpected adventure. Users deserve clearer documentation and stronger privacy controls.

Meet Mico, Microsoft’s new AI-powered Copilot avatar that’s more human-centered than Clippy and Cortana combined. With a knack for empathy and a flair for politely correcting your mistakes, Mico is here to listen, learn, and earn your trust. Plus, it changes colors like a mood ring—finally, a digital assistant with personality!

Shadow Escape is the stealthiest thief you’ve never seen. This zero-click attack exploits Model Context Protocol, allowing AI assistants to pilfer sensitive data without anyone noticing. It’s like a magician stealing your watch while you’re still wearing it. Businesses using AI, beware: your friendly AI assistant might just be planning a data heist.

Copyright law is so confining it often requires civil disobedience just to access needed books. Scholars, like modern-day Robin Hoods, resort to sharing articles on social media and using “shadow archives” like SciHub. Until publishers become fairer, these renegade tactics highlight the absurdity of restricting access to publicly funded research.

Hackers are exploiting a critical flaw in the Motex Lanscope Endpoint Manager, tracked as CVE-2025-61932. This vulnerability allows unauthenticated attackers to execute arbitrary code. With demands for an urgent update, it’s time to patch up before hackers turn your system into their personal playground!

Operation Dream Job: the ultimate employment scam! North Korean hackers offer “dream jobs” with a side of malware, targeting European defense firms to boost their drone game. With ScoringMathTea and MISTPEN in their arsenal, they aim to swipe top-secret know-how. Spoiler alert: the only thing you’ll land is a virus!

TransparentTribe has found a new way to bug the neighbors, targeting Indian government Linux systems with DeskRAT. This cyber-espionage campaign swaps Google Drive for dedicated servers, proving even malware needs an upgrade. As always, phishing emails and decoy PDFs are in vogue, while the group’s tactics evolve faster than your average software update.

EFF’s amicus brief argues that Ecuador’s LOI enables disproportionate surveillance and secrecy, making “national security” and “risks” sound like a spy movie. The law flips the script on transparency, turning secrecy into the rule and oversight into a cameo appearance. The plea? Declare the LOI unconstitutional and roll the credits on unchecked surveillance.

Microsoft’s File Explorer now blocks previews for files from the Internet to thwart credential theft. Files with the Mark of the Web are affected, displaying a warning about potential harm. From October 2025, security updates will automatically enable this protection, though trusted files can be manually unblocked. User convenience meets security—like peanut butter meeting jelly.

Operation Dream Job: the ultimate employment scam! North Korean hackers offer “dream jobs” with a side of malware, targeting European defense firms to boost their drone game. With ScoringMathTea and MISTPEN in their arsenal, they aim to swipe top-secret know-how. Spoiler alert: the only thing you’ll land is a virus!

The US Cyberspace Solarium Commission’s report warns of declining cyber defences due to Trump-era workforce and budget cuts. Only 35% of recommendations have been fully implemented, down from 48% last year. The report urges action to restore funding, boost diplomatic cyber capacity, and expand the federal cyber talent pipeline.

Russian cybercriminals have gone from tolerated to managed by their government, says a Recorded Future report. As the state plays puppet master, cybercrime becomes a tool for influence, with high-profile arrests and asset seizures turning hackers into strategic pawns, while ransomware operators nervously eye their next move in this digital chess game.

Keeper Security’s new integration with Microsoft Sentinel gives security teams the superpower of real-time credential intelligence. With faster threat detection and response, it’s like having a personal security butler—but without the snooty accent! Credential-based attacks beware; your days are numbered.

The YouTube Ghost Network haunted users by luring them with cracked software and game cheats, only to deliver malware instead. This ghostly operation proved that even seemingly helpful tutorials can be polished cyber traps. With thousands of videos scrubbed, it’s a reminder that today’s threat landscape can turn likes and comments into weapons.

SquareX unveils AI Sidebar Spoofing, a sneaky new method where malicious browser extensions impersonate AI sidebar interfaces for phishing and other cyber shenanigans. The method targets AI browsers like ChatGPT Atlas and Perplexity’s Comet but doesn’t stop there—Edge, Brave, and Firefox are also in the crosshairs. Spoof responsibly!