Federal agents have finally nabbed the elusive January 6 pipe bomb suspect after nearly five years. Brian J. Cole Jr. of Virginia faces charges for planting bombs near the US Capitol. Authorities cracked the case with surveillance, cell data, and purchase records. It’s a major win for investigators, though some skeptics still aren’t convinced.

The Digital Omnibus package promises to simplify EU regulations but might instead create a “complification.” With proposals to redefine personal data and privilege AI, it threatens GDPR’s privacy protections. Simplification shouldn’t mean sacrificing digital rights. The European Commission needs a better balance between cutting red tape and maintaining robust privacy standards.

India’s telecoms ministry U-turned faster than a Bollywood plot twist, scrapping its order for mandatory preinstallation of the government’s Sanchar Saathi app on smartphones. The app, meant to combat cyber threats, faced backlash over privacy concerns. Now, it’s voluntary, proving that not even apps can escape the drama of Indian bureaucracy!

Roskomnadzor has pulled the plug on FaceTime and Snapchat, accusing them of hosting a “crime wave.” Apparently, they’re not just for selfies and emojis anymore. Meanwhile, Roblox and WhatsApp are next on the chopping block in Russia’s tech crackdown.

Chinese hackers are backdooring VMware vSphere servers using Brickstorm malware, says CISA. This sneaky malware creates rogue virtual machines to swipe data and keep a low profile. Protect your network from these cyber ninjas by scanning for Brickstorm activity and blocking unauthorized connections. It’s time to beat the hackers at their own game!

In November 2025, cybersecurity firms engaged in a flurry of M&A activity, with Arctic Wolf acquiring UpSight Security and Bugcrowd snagging Mayhem Security. Meanwhile, Coalition nabbed Wirespeed. These deals are set to enhance cybersecurity defenses and bolster companies’ threat detection and prevention capabilities, proving that mergers aren’t just for love-struck billionaires.

Silver Fox strikes again! This cunning cybercriminal is using Microsoft Teams lures in an SEO poisoning campaign, targeting Chinese organizations with ValleyRAT malware. The campaign cleverly mimics Russian threat groups to confuse attribution. Victims think they’re downloading Teams, but instead, they get a side order of espionage!

ASUS confirms a vendor breach after the Everest gang leaked data, claiming ASUS, ArcSoft, and Qualcomm were hacked. While the breach affected some camera source code, ASUS assures no impact on products or user data. They’re now beefing up supply chain security, presumably with a security blanket and extra locks on the digital door.

Nicholas Merrill, the privacy crusader who once took on the FBI, is now launching Phreeli, a phone carrier that requires only a ZIP code for sign-up. Forget burner phones; Merrill wants privacy to be as mundane as your morning coffee, minus the surveillance jitters. Privacy: the new black, and apparently, the new boring.

AI in OT systems is like teaching your toaster to play chess. It sounds fun until your breakfast starts checkmating you! To prevent such AI antics, US and international cybersecurity agencies have issued guidance to help operators safely integrate AI, focusing on risks, security, and a healthy dose of human oversight.

Two Virginia brothers, Muneeb and Sohaib Akhter, are back in hot water after allegedly hacking government databases post-firing. Their encore performance includes charges of computer fraud, destruction of records, and stealing sensitive information. They might be in for a long prison encore if convicted.

The Internet had a meltdown moment in Q3 2025, thanks to Aisuru, an IoT botnet that made cybercriminals look like bargain hunters. Cloudflare’s DDoS threat report shows Aisuru’s attacks were so massive they practically needed their own zip code, peaking at a jaw-dropping 29.7 Tbps.

Boston-based 7AI just secured a whopping $130 million Series A funding to unleash their AI agents on cyber threats. These digital geniuses handle the “non-human work,” like triaging alerts and correlating telemetry, at speeds that leave human operators and even automation in the dust. Talk about a security upgrade!

Inotiv is notifying over 9,500 individuals of a data breach from a ransomware attack. The breach compromised personal, financial, and health information, including Social Security and credit card numbers. Inotiv is offering 24 months of free credit monitoring. Meanwhile, hackers claim a hefty 176 gigabytes of data in this pharmaceutical caper.

The UK and Canada’s cyber security centers have teamed up to tackle the wild west of digital misinformation with a new report on public content provenance. As AI-generated content runs rampant, the report suggests using cryptographically secure metadata, because nothing says “trustworthy” like a metadata cocktail.

A new vulnerability, React2Shell, allows remote code execution in React and Next.js apps due to insecure deserialization. With a severity score of 10/10, it’s the coding equivalent of leaving your front door wide open with a sign saying “Free Cookies Inside!” Update your packages to avoid being an unintended host!

Microsoft has finally silenced a Windows shortcut bug long exploited by cybercriminals and espionage networks. Tracked as CVE-2025-9491, this flaw allowed malicious .lnk files to execute hidden commands. Despite initial dismissal, Microsoft’s “silent mitigation” now reveals full command lines, ending the shortcut shenanigans.

GhostFrame, the latest phishing framework sensation, is causing a ruckus with its stealthy iframe architecture. It’s linked to over a million attacks, making it the phishing world’s equivalent of a viral cat video. Barracuda experts discovered this sneaky kit, proving once again that cybersecurity is just a never-ending game of digital whac-a-mole.

Microsoft is tackling a pesky bug preventing users from downloading Microsoft 365 desktop apps from the homepage. Since November 2nd, this glitch has caused widespread Office Client issues. Microsoft is testing a fix, aiming to end the saga of app download woes. Stay tuned for updates on this Microsoft 365 desktop apps saga.

A WebXR vulnerability put 4 billion devices at risk in 2025. AISLE found that poor data handling in VR/AR tools led to potential memory leaks. Thankfully, Google patched the Chromium-based browsers quickly. To stay safe, update your browser now—it’s the digital equivalent of buckling your seatbelt before a VR roller coaster ride!