Google has unveiled ‘User Alignment Critic’ to protect agentic AI browsing in Chrome, powered by Gemini. This new layer of defense ensures AI doesn’t go rogue, safeguarding your data while it navigates, clicks, and fills forms on your behalf. It’s like babysitting your browser’s AI so it doesn’t accidentally buy 100 inflatable flamingos.

JS#SMUGGLER takes its name from the sneaky tactics it uses to bypass security systems. Like a ninja in a library, it hides malicious code among harmless words, ensuring NetSupport RAT can tiptoe in and take control without alerting antivirus programs. Securonix warns: stay vigilant or face an unwanted IT takeover.

Google’s new Chrome security updates aim to make life tough for hackers, targeting indirect prompt injections with the help of the User Alignment Critic. This AI bouncer ensures your browser doesn’t get tricked into spilling secrets or buying a year’s supply of rubber chickens. Chrome: now safer, and still the same “incognito” you know and…

The National Defense Authorization Act injects billions into cybersecurity, signaling that cyber threats are now a staple in defense budgets. With $73 million earmarked for U.S. Cyber Command operations, the bill also mandates harmonizing cybersecurity regulations. Good news for cyber warriors, bad news for cyber villains—time to update your LinkedIn, hackers!

Age-verification laws sound simple, but are anything but. They force us into flawed systems, demanding IDs or biometric scans, all while trampling free speech and privacy. From excluding adults without IDs to blocking LGBTQ+ youth from vital resources, these laws create a digital chaos that harms more than they help.

The ClayRat Android spyware just got a terrifying upgrade, now offering an all-inclusive vacation package of device control. With new abilities like keylogging and screen recording, it’s like your phone has its own uninvited personal assistant. Researchers identified over 700 unique APKs, making it as persistent as a mosquito at a summer picnic.

Clop ransomware strikes Barts Health NHS by exploiting a zero-day vulnerability in Oracle E-Business Suite, CVE-2025-61882. The breach exposed sensitive data, including patient invoices and supplier details. Barts Health reassures that core systems remain secure, while urging vigilance against potential fraud stemming from the attack.

Marquis Software Solutions confirmed a data breach affecting over 780,000 individuals after attackers exploited a SonicWall firewall vulnerability. The breach highlights how third-party concentration poses a systemic danger to the financial services industry. Marquis is now offering free credit monitoring while implementing security improvements to prevent future incidents.

Keith McCammon’s career in cybersecurity is a testament to accidental brilliance. From basement computer labs to co-founding Red Canary, his journey is a masterclass in learning on the fly. Despite no formal training, McCammon has hacked his way to success with a love for puzzles and a knack for staying calm under fire.

AWS Security discovered that China-linked threat actors wasted no time exploiting the React2Shell flaw, CVE-2025-55182, within hours of its disclosure. While AWS services are unaffected, they shared insights to help customers protect their systems. It seems these cyber ninjas are more punctual than a Swiss watch.

The UK is diving into submarine cable security with the Atlantic Bastion programme, combining AI and autonomous tech. As Russian subs lurk, the Royal Navy is getting a splash of high-tech flair. The goal? Keep those cables safe, jobs afloat, and spies at bay. Because, let’s face it, you can’t stream drama if the Internet’s…

Max Severity React Flaw Comes Under Attack: Within hours of its disclosure, the critical flaw in React Server Components, CVE-2025-55182, saw cybercriminals racing to exploit it. It’s a digital wild west out there, with hackers acting faster than you can say “update now!” Stay vigilant, or risk being React2Shell shocked.

Space Bears ransomware group strikes again! They’ve allegedly snagged internal Comcast files via a breach at Quasar Inc. Space Bears claims these files include city design docs and utility plans. They’ve set a countdown before potentially releasing the data, leaving Comcast with a ticking time bomb of embarrassment.

Tri-Century Eye Care recently suffered a data breach affecting nearly 200,000 people. The Pear ransomware group claims responsibility, boasting a 3 Tb data haul. This breach leaked sensitive information from names to health details, all while proving that even eye care providers aren’t safe from digital mischief.

The UK’s data protection watchdog is miffed at the Home Office for not mentioning historical bias in retrospective facial recognition tech. Turns out, algorithms are better at spotting some faces than others, leading to a digital game of “Guess Who?” where not everyone wins. Urgent clarity is now on the ICO’s wish list.

React2Shell vulnerability has threat actors scrambling to exploit it faster than a cat meme goes viral. With over two million instances potentially affected, even fake PoCs are joining the chaos. AWS warns that failed exploits create more noise than a toddler with a drum set, making it tricky to spot real threats.

FvncBot, the new Android malware, is sneaky like a ninja in a bank vault. Masquerading as a security app, it targets Polish mobile banking users. With a bag of tricks like keylogging and screen streaming, it’s built from scratch, leaving other trojans green with envy. Just don’t expect it to be your friendly neighborhood security…

Infoblox reveals that 18 universities fell prey to a cunning phishing attack that bypassed Multi-Factor Authentication using the Evilginx tool. This digital mischief stole login details by impersonating university portals, proving once again that cybercriminals have more tricks up their sleeves than a magician at a rabbit convention.

In a plot twist nobody asked for, Barts Health NHS Trust finds itself wrestling with Clop over stolen data in a cyber soap opera. The NHS giant is taking legal action to halt the publication of patient and staff information snatched during Clop’s Oracle EBS heist. Will the High Court play hero or will Clop’s…

Apache Tika’s vulnerability, CVE-2025-66516, is a ticking time bomb, enabling XXE injection attacks. With a CVSS score of 10/10, it’s like a perfect storm for hackers. Exploited via crafted XFA files in PDFs, it can lead to data leaks, DoS, or even remote code execution. Patch it pronto, or face data doomsday!