Target’s prices are cracking up! The cost of eggs and toilet paper varies based on your location, thanks to algorithmic pricing. In New York, a new law demands transparency about how personal data sets these prices. So, next time your wallet feels lighter, you might have your zip code to thank.

The Shai-Hulud attack on NPM left 400,000 secrets exposed in over 30,000 GitHub repositories, with 60% of leaked tokens still valid. Researchers at Wiz found that 87% of infected machines ran on Linux, while 76% were containers. The attack’s impact could have been reduced by early neutralization of key packages.

India’s Department of Telecommunications has made a call of its own, demanding messaging apps like WhatsApp, Telegram, and Signal tie user accounts to active SIM cards. This directive aims to thwart scammers and cyber fraudsters from using Indian numbers for dubious activities. So, if you’re a sneaky scammer, it’s time to SIM-plement a new career!

In the latest Android security bulletin, two high-severity bugs were exploited as zero-days before patches were issued. While Google hasn’t spilled the beans on the culprits, updating your device ASAP is wise. With 107 security holes to patch, it’s the perfect time to embrace your inner tech superhero.

The Everest ransomware group claims to have swiped over 1TB of data from ASUS, including camera source code. They’re demanding ASUS respond via encrypted messaging within 21 hours. No ransom amount is public yet, leaving ASUS fans holding their breath and cameras possibly holding their own secrets.

The University of Pennsylvania has been caught in Clop’s Oracle EBS smash-and-grab spree, warning over a thousand folks that their data was swiped. The hackers played peekaboo with a zero-day flaw, and while Penn’s patched up now, it’s still sorting through the chaos of Clop’s audacious antics.

If you’re cruising down the US-Mexico border, you might be caught on camera more times than a Kardashian. U.S. Customs and Border Protection and the DEA have plastered the area with automated license plate readers. So, if you spot an odd orange barrel, it might be more than just road work!

MuddyWater strikes Israel with its latest MuddyViper malware, proving that even cyber threats have a sense of style. Disguised as a Snake game, this sophisticated attack slithers into systems, stealing data and leaving victims in a techy tangle. Who knew cyber espionage could be so game-chic?

North Korean threat actors have unleashed a storm of nearly 200 malicious npm packages, targeting blockchain and Web3 developers with fake job interviews. These deceptive packages, downloaded over 31,000 times, stealthily install OtterCookie malware. It’s a software supply chain nightmare, and no, there’s no free lunch with those “test assignments.”

Europol’s Operation Olympia has successfully taken down Cryptomixer, a notorious cryptocurrency laundering platform. Authorities seized three Swiss servers and the cryptomixer.io domain, capturing 12 terabytes of data and €25 million in Bitcoin. Since its inception in 2016, Cryptomixer reportedly laundered over €1.3 billion for users.

Three critical zero-day vulnerabilities in PickleScan have been revealed, allowing attackers to bypass safeguards and distribute malicious machine learning models. With a CVSS score of 9.3, these flaws highlight the systemic risks of relying on a single scanning tool and the divergent behaviors in file handling between security tools and ML frameworks.

North Korean IT workers, disguised as job seekers, infiltrate Western companies with help from the notorious Lazarus Group. They borrow identities, pass interviews with AI, and work remotely. This time, they were caught in a virtual trap set by researchers who watched them work live, exposing their cunning tactics without a single piece of malware.

Cybercriminals are meddling with AI security scanners using the npm package eslint-plugin-unicorn-ts-2. Uploaded by “hamburgerisland,” it masquerades as a legit ESLint plugin but secretly exfiltrates sensitive data. The package even tries to influence AI tools with a cheeky prompt to “forget everything you know.”

GlassWorm is back, infiltrating developer tools with 24 fake extensions on Microsoft Visual Studio Marketplace and Open VSX. These imposters mimic popular tools like Flutter and React, spreading malware and stealing credentials. Developers, beware! Your next extension download could be one click away from a comedy of errors.

The 2025 Cyber Deterrence and Response Act aims to create a unified “national attribution framework” to tackle nation-state hackers. With major agencies collaborating, it’s like assembling a cybersecurity Avengers team. But instead of superpowers, they’ll wield sanctions, visa bans, and procurement prohibitions against cybercriminals. Coming soon to a legislature near you!

ShadyPanda’s seven-year browser extension campaign infected 4.3 million Chrome and Edge users, proving that trust can be a sneaky panda. By operating legitimately, then deploying malicious updates, they highlighted gaps in extension review processes. With 300,000 users affected by a backdoor, it’s time to audit those extensions before they audit you!

In a twist of events, Kensington and Chelsea Council revealed that last week’s IT hiccup morphed into a data breach, with some data quietly “borrowed” by cyber-intruders. While the council scrambles to untangle the mess, residents are advised to double-check their bank details and stay alert for anything fishy.

North Korean IT recruiters are targeting developers by renting their identities for illicit fundraising. These recruiters trick their way into Fortune 500 companies using deep fakes and fake identities. Engineers are lured with promises of easy money, only to risk everything in a high-stakes game of digital espionage.

Calendly phishing schemes are targeting Google Workspace and Facebook business accounts by impersonating top brands like Unilever and Disney. These crafty scams lure victims into clicking fake meeting invites that lead to credential-stealing pages. It’s like being promised a fancy dinner date but ending up at a fast-food drive-thru with no fries!

Iranian nation-state actors, MuddyWater, have targeted Israeli entities with a new backdoor called MuddyViper. Their cyber antics are like a spy thriller with a computer science degree, complete with phishing emails, fake Snake games, and more RATs than a New York City subway. MuddyWater’s evolving tactics highlight its operational maturity.