SonicWall has revealed that its recent cloud backup data breach impacted all customers storing firewall configuration files. While encrypted credentials are safe, the situation could still boost targeted attack risks. Customers are urged to check their devices on MySonicWall and reset passwords. It’s like a trust fall, but with firewalls!

UK organizations need to boost observability and threat hunting skills, says the NCSC. CTO Ollie Whitehouse insists these are key for spotting cyber threats. Remember, you can’t hunt what you can’t see! From maximizing system visibility to moving beyond simple indicators of compromise, it’s time to mature threat hunting practices.

Discord confirms hackers took ID photos from 70,000 users in a data breach, blaming a third-party service. The hackers are demanding money, threatening to release 1.5 terabytes of data if Discord doesn’t comply. Meanwhile, Zendesk claims their platform wasn’t compromised. Looks like Discord’s data security had a bit of a “Whoopsie!” moment.

Running Windows 10 past its end-of-life date is like hosting a barbecue in a thunderstorm—bold, risky, and a tad reckless. With no more updates, sticking with Windows 10 is an open invitation to cyber villains. Upgrade to Windows 11 before October 14 to avoid turning your device into a cybersecurity piñata.

Discord refuses to pay hackers claiming to have swiped data from 5.5 million users via a compromised support agent’s account. The company disputes the severity, stating only 70,000 user IDs were exposed and not the alleged 2.1 million. The hackers, demanding millions, are “extremely angry” after Discord’s public statement.

Qilin ransomware claimed responsibility for an attack on beer giant Asahi, disrupting operations in Japan. The ransomers leaked 27GB of data, including sensitive documents. While Asahi’s Japanese branches are recovering, the company is investigating the breach’s full impact. Cheers to cybercriminals who can’t hold their data!

EFF and 20 other organizations, including the ACLU and Demand Progress, oppose a rule change in the Senate Intelligence Authorization Act that would remove Senate confirmation for CIA and ODNI general counsels. These secretive roles shape critical policies, making Senate vetting essential to prevent unchecked power in intelligence agencies.

Behold the latest FileFix social engineering attack, now with cache smuggling! This crafty scheme sneakily downloads a malicious ZIP archive disguised as a Fortinet VPN Compliance Checker. It’s like a surprise party, but instead of cake, you get malware. Stay vigilant and remember: not everything that glitters is a safe network path!

DragonForce, LockBit, and Qilin have joined forces to form a ransomware alliance. This unholy trinity aims to enhance attack effectiveness, potentially restoring LockBit’s reputation and leading to more frequent attacks. The alliance shares tools and infrastructure, marking a major shift in the cyber threat landscape.

The Qilin ransomware group has taken credit for a cyberattack on Asahi, Japan’s largest brewing company. After allegedly exfiltrating 27GB of data, Qilin published the breach details online. The attack disrupted operations at six breweries and may cost Asahi up to $335 million. Asahi is investigating while working to resume production.

Microsoft is scrambling to fix a Microsoft 365 outage that’s left users locked out of Teams, Exchange Online, and the admin center. With Multi-Factor Authentication also on the fritz, it’s like a virtual escape room — but without the escape. Stay tuned to Microsoft’s Service Health Status page for updates.

Microsoft is rolling out auto-archiving in Exchange Online by default to tackle mailbox overflow issues. When usage hits 90% of the quota, the oldest emails get a one-way ticket to the archive. This keeps mailboxes from bursting at the seams faster than a piñata at a kid’s birthday party.

Crimson Collective is turning AWS into their playground, stealing data like it’s a Black Friday sale. They’re using open-source tools to swipe credentials and are even sending extortion notes through AWS’s own email service. AWS recommends short-term, least-privileged credentials to keep these cloud bandits at bay.

Cybersecurity researchers are raising alarms over a campaign targeting WordPress sites with malicious JavaScript injections. This operation redirects users to suspicious sites, making you feel like your browser is running an underground marathon without your consent. Time to update your passwords and maybe your luck!

Salesforce won’t budge against cybercriminals demanding ransom for nearly 1 billion customer records. With a firm “no” to paying, the CRM giant claims no platform compromise and continues working with affected customers. Meanwhile, the hackers are offering $10 in Bitcoin for anyone willing to “endlessly harass” execs.

The DataTribe Challenge is the ultimate cybersecurity startup showdown, where the most promising firms battle for glory and a chance to pitch to top investors. This year’s finalists, including AI-centric companies and the hardware-focused Tensor Machines, are the ones to watch. Get ready for a cybersecurity innovation extravaganza!

The UK Metropolitan Police arrested two 17-year-olds suspected of launching a ransomware attack on Kido nurseries. The cybercriminals demanded £600,000 in Bitcoin, pressured parents, and posted photos on the dark web. Despite a retreat and claims of deleting the files, the incident underscores the education sector’s growing vulnerability to cyber attacks.

Service Finder WordPress theme users, meet CVE-2025-5947—a vulnerability so popular even cybercriminals couldn’t resist. With more than 13,800 attempts since August, attackers are logging in as administrators without a password. If you haven’t updated to version 6.1, it’s like leaving your front door wide open with a “Welcome Hackers” sign.

Threat actors with suspected ties to China have turned Nezha into a cyber weapon, launching Gh0st RAT malware through log poisoning. This creative hacking approach has affected over 100 machines, primarily in Asia, proving that even benign tools can become villainous if you have a knack for mischief and malware.

The UK Metropolitan Police arrested two 17-year-olds for the doxing of children after a ransomware attack on a nursery chain. The cybercrime gang behind the attack tried to extort the nurseries. This incident adds to the growing trend of teenagers involved in high-profile cyberattacks in the UK.