The UK’s National Crime Agency has arrested a man linked to a ransomware attack that caused chaos at airports worldwide. The attack, targeting Collins Aerospace technology, disrupted traveler check-ins and baggage drops, leading to widespread delays. The investigation continues, highlighting the persistent threat of cybercrime to critical infrastructure systems.

The US cybersecurity agency CISA has identified a GeoServer vulnerability being exploited to compromise a federal agency. The bug, tracked as CVE-2024-36401, allowed attackers to drop web shells, escalate privileges, and remain undetected for weeks. It’s a reminder that sometimes the biggest threats aren’t exotic zero-days but rather the ones we overlook.

HardBit ransomware: the digital version of losing your luggage at the airport. Collins Aerospace struggles to boot out cybercriminals while major European airports face delays, cancellations, and an unintended game of hide-and-seek with hackers.

Cybersecurity researchers have discovered a new malware called YiBackdoor, with significant code overlaps with IcedID and Latrodectus. While its exact role is murky, it’s suspected to aid in ransomware attacks. YiBackdoor can execute commands, collect data, and expand its capabilities via plugins, making it a concerning development for cybersecurity experts.

Think payment iframes are secure? Think again. Attackers are using pixel-perfect overlays to skim credit card data, bypassing security measures designed to stop them. The Stripe skimmer campaign is a prime example, proving traditional iframe security is obsolete. An iframe’s security is only as strong as its host. Active monitoring is now essential.

KNP Logistics Group’s downfall shows that even a 158-year-old company can be undone by a single weak password. The Akira ransomware group seized on this vulnerability, sidelining 500 trucks and leaving 700 employees jobless. The lesson? When it comes to cybersecurity, “Password123” won’t cut it!

SolarWinds fixed a critical RCE flaw in its Web Help Desk software, preventing attackers from playing puppet master with your servers. This vulnerability had more bypasses than a highway, but SolarWinds finally put the brakes on it. Users, update now or risk becoming the next unwitting star of a hacker’s show!

Boyd Gaming has disclosed a cyberattack, admitting hackers may have swiped personal info from employees and others. In true corporate fashion, they call the impact “limited,” which might mean anything from “not too bad” to “yikes!” But don’t worry, their comprehensive cybersecurity insurance has them covered.

Boyd Gaming Corporation, a major Las Vegas-based gambling firm, reported a cybersecurity incident breaching personal data. An unauthorized third party accessed their IT systems, but the company assures business operations remain unaffected. With leading cybersecurity experts on the case, Boyd expects their insurance to cover incident-related costs.

Cyber villains breached a U.S. federal agency by exploiting an unpatched GeoServer flaw. This vulnerability, CVE-2024-36401, allowed them to sneak in, wreak havoc, and even make themselves at home with web shells and scripts. It’s a classic case of “Patch, please!” gone wrong.

Privacy activists warn that mandatory digital ID could lead to mass surveillance and won’t stop small boats. Seven campaign groups urge Prime Minister Keir Starmer to ditch the plan, arguing it changes the state-population dynamic. With echoes of past ID card debacles, this digital drama is sailing straight into turbulent political waters.

Jaguar Land Rover’s cyberattack has turned their production lines into parking lots, with a shutdown likely to become “harder and harder” for workers and suppliers. Calls for government intervention grow louder, but for now, it seems the only bailout on offer is emotional support. Meanwhile, small businesses brace for a financial pothole.

In a plot twist worthy of a hacker heist film, GitHub is tightening security on the NPM registry. Attempting to leave no stone unturned, they’re implementing two-factor authentication, trusted publishing, and short-lived tokens to fend off attackers like the self-replicating Shai-Hulud worm. GitHub’s message to developers: secure your code, or face the worms!

The Secret Service dismantled a New York-area network of over 300 SIM servers, thwarting potential telecommunication chaos before the UN General Assembly. Talk about a quick call to action—it’s not every day you see agents playing phone tag to prevent an international faux-pas!

Cloudflare has thwarted a record-breaking DDoS attack peaking at a staggering 22.2 Tbps. The attack, possibly fueled by the notorious Aisuru botnet, targeted a single European network infrastructure. Despite its size, Cloudflare’s systems autonomously blocked the attack in just 40 seconds. Who knew defending the internet could be this speedy?

CISA revealed that cyber actors breached a federal agency via CVE 2024-36401, exploiting a GeoServer flaw. The agency’s failure to patch swiftly, test incident response plans, and review EDR logs led to the breach. Lesson learned: if you don’t want hackers crashing your party, patch your systems faster than you can say “GeoServer.”

In a plot twist worthy of a crime thriller, the suspected mastermind behind a €100m cryptocurrency fraud scheme was nabbed in a Europe-wide police operation. Eurojust and Europol joined forces, proving that even the most cunning crypto-investment schemes can’t outrun the long arm of the law—or their well-designed websites.

Beware of phony FBI IC3 websites! Cybercriminals are spoofing the FBI’s Internet Crime Complaint Center site to swipe your personal info. Stick to typing www.ic3.gov directly into your browser, and remember, the FBI doesn’t want your money—just your vigilance!

Libraesva has patched its email security platform to address CVE-2025-59689, a flaw that could let malicious emails execute commands. Users on older versions should upgrade quickly, especially since a foreign threat actor has already exploited the vulnerability. The patches also include tools to detect and eliminate lingering threats.

Wiz has discovered a vulnerability in Pandoc that allows attackers to exploit AWS Instance Metadata Service. The flaw, CVE-2025-51591, involves SSRF attacks using crafted HTML iframes. Thankfully, IMDSv2 helps block these shenanigans, but organizations are urged to enforce it, keeping EC2 instances safer than a cat in a bubble wrap factory.