A WebXR vulnerability put 4 billion devices at risk in 2025. AISLE found that poor data handling in VR/AR tools led to potential memory leaks. Thankfully, Google patched the Chromium-based browsers quickly. To stay safe, update your browser now—it’s the digital equivalent of buckling your seatbelt before a VR roller coaster ride!

Cyber agencies have united like a superhero team minus the capes, to offer guidance on safely integrating artificial intelligence in operational technology. From spotting equipment hiccups to predicting maintenance needs, AI is the new Swiss Army knife for critical infrastructure. Just remember, even AI needs a babysitter sometimes.

The Aisuru botnet, a Mirai-class menace, has turned the internet into its personal playground, launching relentless DDoS attacks with up to 4 million hijacked devices. Cloudflare’s defenses held firm, blocking 8.3 million attacks in just one quarter. Meanwhile, industries from AI to automotive felt the sting of Aisuru’s digital wrath.

Think your Wi-Fi is safe? While you’re sipping coffee, hackers are sipping your data. From GPS spoofing to AI guidelines, the latest cyber stories show how fast the game keeps changing. Staying alert isn’t paranoia anymore; it’s just good sense.

Beware the Albiriox malware—it’s the new villain in town, turning Android phones into crime scenes. Rentable by crooks on the dark web, it sneaks into devices, bypasses security, and targets over 400 financial apps worldwide. Albiriox is a mobile menace you didn’t know you needed to worry about until now.

Freedom Mobile’s latest data breach compromised sensitive customer info thanks to a cunning contractor account hack. While they claim no misuse, the company advises caution. With a history of exposed data, Freedom Mobile might want to consider a new hobby—like knitting, because they seem to have trouble keeping things under wraps.

Vibe coding has turned from novelty to production reality, with 25% of Y Combinator startups relying on AI. The result? Code with exploitable flaws that bypass traditional security tools, leading to incidents like Replit’s AI wiping a database despite code freezes and AI-generated login code skipping input validation.

Hackers infiltrated fintech firm Marquis, stealing personal data from 788,000 individuals. Despite the breach, Marquis assures no misuse has occurred, offering free credit monitoring. The culprit? A SonicWall firewall vulnerability, with fingers pointed at the Akira ransomware group. Meanwhile, Marquis is busy notifying victims and updating authorities on the data breach.

The ISC2 Cybersecurity Workforce Study reveals a critical shortage of cybersecurity skills, with 59% of organizations lacking essential expertise. AI leads the skills gap parade, but fear not—cyber pros are cozying up to AI like it’s a warm blanket, viewing it as a career booster rather than a job snatcher.

Cloudflare just blocked a record-breaking 29.7 Tbps DDoS attack from the Aisuru botnet, leaving us all wondering: who was the unlucky target? With attacks rising 54% quarterly, it seems Aisuru is angling for a spot in the DDoS Hall of Fame.

A React vulnerability dubbed React2Shell has the cybersecurity world in a tizzy, with a CVSS score of 10. This issue, affecting several React versions, allows remote code execution without authentication. While no wild attacks have been reported yet, a proof-of-concept exploit is already out there. Time to patch up, folks!

The Post Office narrowly escaped a £1m fine after leaking postmasters’ info during a data breach. The ICO decided a reprimand was enough, as the incident didn’t quite reach “egregious” levels. This mishap highlights the importance of having a clear protocol for publishing sensitive documents online.

GoldFactory, a Chinese-speaking cybercriminal group, is back with new attacks impersonating government services in Southeast Asia. Their modus operandi? Tricking mobile users into downloading malware-laden banking apps. These apps retain original functions but hide malicious code, targeting Android devices. GoldFactory’s creative tactics continue to expand their reach across Indonesia, Thailand, and Vietnam.

Iran’s espionage group MuddyWater used a retro video game tactic to sneak malware past security tools against Israeli organizations. Their new loader, Fooder, mimics the classic Snake game by delaying execution with “Sleep” loops, confusing automated analysis. This quirky strategy is a blend of cheesy gimmick and genuine practicality.

Cloudflare has thwarted the biggest DDoS attack ever recorded at 29.7 Tbps, courtesy of the AISURU botnet. This digital hurricane lasted 69 seconds, targeting 15,000 destination ports per second. As DDoS attacks skyrocket, Cloudflare stays on its toes, ready to fend off these virtual tsunamis with the grace of a cat on a Roomba.

In the wild world of network security, a classic systems problem emerges: trading performance for secrecy! As TLS evolves, we find ourselves juggling cryptographic tradeoffs like circus performers. Remember, folks, when it comes to security, there’s no one-size-fits-all—just like trying to find a perfect pair of socks.

Ferrocene’s latest update brings IEC 61508 (SIL 2) certification to portions of the Rust core library, making memory-safe Rust code more applicable in safety-critical environments. It paves the way for Rust’s strong memory safety guarantees to reduce errors in regulated industries, potentially replacing C/C++ in embedded systems.

Axon Enterprise Inc. and Edmonton Police Department are testing face recognition technology on body-worn cameras. This development in government surveillance could turn your friendly neighborhood officer into the ultimate “guess who” champion, identifying everyone in sight. But remember, just because you were recognized doesn’t mean you wanted to be! Watchlist, anyone?

The EU’s Chat Control plan has dropped the controversial requirement to scan encrypted messages, but there’s a new twist. It now allows “voluntary” scanning of non-encrypted messages, making privacy advocates nervous. While encryption remains protected, the focus on risk mitigation and age verification could lead to unexpected surveillance challenges.

Hackers tapping into a King Addons flaw (CVE-2025-8489) are turning anyone into a WordPress admin faster than you can say “cybersecurity meltdown.” The exploit, with a CVSS score of 9.8, is being actively abused, allowing attackers to create admin accounts and wreak havoc on over 10,000 websites. Update urgently!