In a plot twist worthy of a crime thriller, the suspected mastermind behind a €100m cryptocurrency fraud scheme was nabbed in a Europe-wide police operation. Eurojust and Europol joined forces, proving that even the most cunning crypto-investment schemes can’t outrun the long arm of the law—or their well-designed websites.

Beware of phony FBI IC3 websites! Cybercriminals are spoofing the FBI’s Internet Crime Complaint Center site to swipe your personal info. Stick to typing www.ic3.gov directly into your browser, and remember, the FBI doesn’t want your money—just your vigilance!

Libraesva has patched its email security platform to address CVE-2025-59689, a flaw that could let malicious emails execute commands. Users on older versions should upgrade quickly, especially since a foreign threat actor has already exploited the vulnerability. The patches also include tools to detect and eliminate lingering threats.

Wiz has discovered a vulnerability in Pandoc that allows attackers to exploit AWS Instance Metadata Service. The flaw, CVE-2025-51591, involves SSRF attacks using crafted HTML iframes. Thankfully, IMDSv2 helps block these shenanigans, but organizations are urged to enforce it, keeping EC2 instances safer than a cat in a bubble wrap factory.

Libraesva’s Email Security Gateway just got its own extreme makeover: security edition. A recent vulnerability—CVE-2025-59689—has been exploited by state-sponsored actors. Update now or risk hosting a malicious email party where uninvited code crashes your system. Be the hero your inbox deserves.

Cloudflare just swatted away the largest DDoS attack ever recorded, peaking at a mind-boggling 22.2 Tbps. That’s like trying to stream 9,350 HD movies all at once! Can your scrubbing capacity handle that?

Jaguar Land Rover’s production lines are on an extended coffee break due to a cyberattack, now stretching to at least October 1. With over 30,000 employees and countless suppliers stalled, the British auto industry is stuck in neutral. Meanwhile, the investigation continues as they work with U.K. authorities to reboot operations safely.

Secret Service agents dismantled a hidden telecom network in New York, capable of jamming 911 calls and overloading cell towers. Officials say the system could have caused chaos just as world leaders gathered for the U.N. General Assembly. It’s like discovering your Wi-Fi is actually a villainous mastermind plotting to overthrow the city!

Boyd Gaming Corporation hit the jackpot—but not in a good way. The casino operator revealed a cyberattack led to data theft, including employee info. Despite the breach, the company assures that operations are unaffected and insurance will cover incident costs. Boyd Gaming remains tight-lipped, leaving us all guessing who the cyber-bandits are.

Microsoft patched a critical Azure Entra ID vulnerability, CVE-2025-55241, initially deemed low-risk but later found to allow user impersonation, including Global Administrators. The flaw, discovered by Dirk-Jan Mollema, involved “Actor tokens” and the Azure AD Graph API. This humorous twist on cloud security reminds us that “low-impact” can sometimes escalate faster than a cat meme.

California’s consumer data privacy laws are about to get a user-friendly upgrade with A.B. 566. This bill empowers Californians to easily tell companies to keep their hands off personal info. Governor Newsom, it’s time to give consumers the power they deserve. Make privacy rights as easy as ordering a pizza!

Deepfake audio attacks against employees are skyrocketing, with 44% of businesses hit. The voice on the line might sound like your boss, but it could be a cybercriminal with a killer AI karaoke setup. Deepfake detectors are on the rise, but until then, trust issues might reach new heights!

SonicWall’s latest firmware update aims to zap rootkit malware from Secure Mobile Access 100 appliances. This comes after Google flagged attacks exploiting even fully patched devices. So remember, if you’re using an SMA 100, update now—unless you enjoy your devices moonlighting as secret agents for cybercriminals.

CISA has added the Google Chromium flaw CVE-2025-10585 to its Known Exploited Vulnerabilities catalog. This zero-day vulnerability in the V8 JavaScript engine is a type confusion issue, making it a favorite among hackers who enjoy a good software mix-up. Federal agencies have until October 14, 2025, to patch it up.

A New York area SIM farm boasting over 100,000 SIM cards was busted, exposing its potential to disrupt city cell networks. This was no ordinary spam operation; it could’ve texted the entire U.S. in 12 minutes. The Secret Service’s swift action prevented the farm from targeting the United Nations General Assembly.

Two security vulnerabilities in Supermicro Baseboard Management Controller firmware have been revealed, enabling attackers to bypass crucial verification steps with a specially crafted image. These vulnerabilities, CVE-2025-7937 and CVE-2025-6198, stem from improper cryptographic signature verification, potentially allowing for unauthorized firmware updates and leading to complete control over the system.

Supermicro has patched two BMC vulnerabilities, including CVE-2024-10237, that could allow malicious firmware updates. A previously bypassed patch led to a new identifier, CVE-2025-7937, while another flaw, CVE-2025-6198, was also patched. Despite no evidence of active exploits, these vulnerabilities pose significant risks to enterprises.

In an elaborate online investment fraud scheme, five suspects were arrested in Europe, accused of stealing over €100 million. It was a classic case of “Invest now, cry later,” with victims duped by promises of high returns in cryptocurrencies. Authorities froze assets across multiple countries, putting a halt to their crypto-criminal career.

The International Criminal Court is stepping into the world of cyber-enabled crimes, where hacking meets heinousness. As they draft a policy to tackle digital atrocities, they must balance justice with protecting human rights. Because, let’s face it, fighting digital villains shouldn’t mean turning the internet into a dystopian surveillance state.

SolarWinds announced its third attempt to fix a pesky remote code execution vulnerability in Web Help Desk. Known as CVE-2025-26399, this bug is like a sequel nobody asked for, following two previous patch bypasses. Users are urged to apply the hotfix before hackers turn this trilogy into a blockbuster.