XCSSET malware is back with a vengeance, targeting macOS developers by sneaking into Xcode projects. Microsoft’s warning: this variant is sneakier, with a penchant for crypto theft and disabling macOS updates. Developers, beware—your next build might have more tricks than a magician with a squirrel in his hat.

Keeper Security and Google Security Operations have joined forces, streaming privileged access activities into Google SecOps. This dynamic duo offers real-time insights and speeds up incident responses, ensuring cyber threats are caught faster than a toddler running with scissors. Say goodbye to security blind spots and hello to smarter, faster protection!

Security researchers have confirmed threat actors exploited a severe vulnerability in Fortra’s GoAnywhere MFT, criticizing the company’s lack of transparency. Dubbed an “attacker’s playground,” this flaw has been actively exploited, and experts urge Fortra to clarify the situation to help organizations make informed decisions regarding CVE-2025-10035.

Interpol’s recent cybercrime crackdown across 14 African countries resulted in 260 arrests linked to online romance and extortion scams. The operation targeted scams involving fake romantic relationships and blackmail, affecting over 1,400 victims who lost nearly $2.8 million. Cybercrime units report a surge in digital-enabled crimes like sextortion and romance scams.

AI adoption is like adopting a pet tiger: thrilling but potentially dangerous. Organizations are sprinting ahead, integrating AI faster than a cat video goes viral, yet forgetting one tiny detail—security. Without proper safeguards, AI deployments could give cybercriminals a field day. Remember, AI without security is like a piñata filled with bees.

Trend Micro has raised the alarm on LockBit 5.0, a ransomware strain now targeting Windows, Linux, and VMware ESXi environments. This new iteration boasts enhanced evasion and cross-platform capabilities, making it a formidable threat. With just one attack, it can paralyze entire enterprise networks, proving that no system is safe from modern ransomware.

Hackers are having a field day exploiting Fortra GoAnywhere CVE-2025-10035, a deserialization vulnerability allowing remote command injection. While Fortra kept a tight lip, WatchTowr Labs uncovered evidence of in-the-wild attacks. Admins, patch up and check logs for errors containing ‘SignedObject.getObject’—before hackers start a conga line on your servers!

Meta Platforms has been given a deadline to tackle impersonation scams on Facebook by the Singapore government. Failure to comply by September 30 could result in hefty fines. With scams on the rise, the question remains: will a S$1m fine be enough to make Meta break a sweat?

Microsoft has released the final non-security preview update for Windows 10, version 22H2. This optional cumulative update includes fixes for out-of-box experience issues and SMBv1 protocol connectivity. Users can install it via Windows Update or manually through the Microsoft Update Catalog.

The Russian APT group COLDRIVER is back at it again with new ClickFix-style attacks, delivering malware BAITSWITCH and SIMPLEFIX. While they pretend to be CAPTCHA checks, the only thing they’re verifying is your system’s vulnerability. Who knew cyber espionage could have such a penchant for disguise?

Salesforce’s Agentforce flaw, aptly named “ForcedLeak,” could have let attackers siphon sensitive data for the price of a coffee. Researchers exploited an expired domain bought for just $5 and used indirect prompt injection to fool AI agents into spilling secrets. Salesforce has now patched the hole, but the lesson remains: never underestimate a $5 vulnerability.

Microsoft has pulled the plug on services for an Israeli military unit using its AI and cloud tech for mass surveillance of Palestinians. After a thorough review, the tech giant found its products were in breach of terms of service. It’s a small step, but activists want more from Microsoft.

The UK NCSC warns that threat actors exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware. These new strains are sneaky, persistent, and quite possibly more elusive than your car keys on a Monday morning. Organizations are urged to update their systems and avoid the malware equivalent of a bad hair day.

Volvo North America fell victim to a cyberattack after hackers breached its HR system provider, Miljödata. The attack exposed employee names and social security numbers. While Volvo is one of many organizations affected, the breach highlights the vulnerability of outsourced HR systems to ransomware attacks.

In a plot twist that sounds like a spy novel, North Korea’s DeceptiveDevelopment campaign uses fake job offers to lure cryptocurrency developers into malware traps. ESET reveals that stolen identities are then recycled for North Korea’s fraudulent IT workers, who moonlight as job seekers to infiltrate unsuspecting companies.

Cognex industrial cameras are vulnerable, but don’t expect a patch. CISA warns that nine flaws affect In-Sight products, allowing potential attacks. Cognex suggests upgrading to newer models, while Nozomi Networks provides mitigations. If you’re using these cameras, it’s time to think about an upgrade or fortify your cyber defenses.

ArcaneDoor strikes again! The espionage-focused threat actor has launched a cyber-attack campaign exploiting Cisco ASA devices. With zero-day vulnerabilities and advanced evasion techniques, they aim to implant malware and exfiltrate data. Cisco urges organizations to upgrade to fixed software releases and disable all SSL/TLS-based VPN web services to prevent further exploitation.

Archer Health Inc. left its patients’ personal information as exposed as a sunbathing tourist at a nude beach. Over 145,000 sensitive files were found online without protection, risking identity theft and privacy violations. While the issue was quickly addressed, this blunder shows the dangers of storing healthcare data without proper security.

Microsoft warns that the updated XCSSET macOS malware is now stealing your cryptocurrency by hijacking clipboard data. Just when you thought your digital wallet was safe, this pesky invader swoops in, replacing your Bitcoin destination with its own. It’s like a magician’s sleight of hand, but instead of applause, you get an empty wallet!

Cisco firewall vulnerabilities are under attack by an “advanced threat actor,” causing cybersecurity agencies to sound the alarm. The flaws allow attackers to implant malware and execute commands. CISA demands immediate patching, while Cisco faces scrutiny for its delayed response. Cybersecurity: where zero-day is the new normal.