The SolarWinds saga continues with another hotfix for a critical flaw in its Web Help Desk software. This marks the third attempt to patch the same deserialization bug, raising the question: will the third time finally be the charm? With a history of exploitation, experts advise to patch now.

Security researchers revealed a critical bug in OnePlus smartphones, allowing any app to read SMS and MMS data. This vulnerability, stemming from OxygenOS 12, has remained since late 2021. Despite efforts, OnePlus hasn’t responded to fix this flaw, leaving users to wonder if their texts have become public domain.

Cloudflare recently fended off a DDoS attack peaking at a staggering 22.2 Tbps, the equivalent of streaming one million 4K videos at once. While it lasted just 40 seconds, it set a new record. As DDoS attacks continue to grow in frequency and size, Cloudflare’s defense game is stronger than ever.

Nimbus Manticore is expanding its cyber escapades, now targeting Europe’s defense, telecom, and aerospace sectors. These Iranian hackers use fake job offers to lure victims, employing evolved malware like MiniJunk to sneak past defenses. Stay alert, because when your inbox promises a dream job, it might just be a nightmare in disguise!

Customs and Border Protection agents have been quietly harvesting DNA from American citizens, even minors, and funneling it into an FBI crime database. Critics warn this unauthorized expansion of genetic surveillance could mean lifelong scrutiny for anyone added, with DNA from children as young as 4 already present.

CISA discovered that attackers exploited an unpatched GeoServer vulnerability, CVE-2024-36401, to breach a U.S. federal agency’s network. After uploading web shells and scripts, they went undetected for three weeks. CISA recommends swift vulnerability patching and vigilant monitoring to thwart future attacks.

The U.S. Secret Service dismantled a covert communications network near the U.N. in New York, seizing 100,000 SIM cards and 300 servers. Capable of sending 30 million texts per minute, this high-tech operation could disrupt cellular networks, raising serious concerns over mobile network security. Talk about an “unlimited text” plan gone rogue!

The US Secret Service has dismantled a colossal network of SIM farms in the New York Tri-state area, potentially capable of disrupting entire cellular networks. This operation involved over 100,000 SIM cards and targeted senior government officials. Meanwhile, the Secret Service is still figuring out why anyone would need that many SIM cards.

Kaspersky warns that hotel-hacking group RevengeHotels is back, now wielding AI to craft stealthier scams. Their classic phishing tricks have evolved; AI-generated malware means hotel guests face greater risks of card and data theft, even in trusted hotels. The cybercriminals are getting smarter, but the bookings are about to get scarier.

Nimbus Manticore is on a cyber-espionage spree in Europe. With fake recruiter personas and dodgy career portals, they’re phishing for more than just compliments. Their malware, with names like MiniJunk, sideloads into legit apps, evading detection like a ninja in a tuxedo. Keep an eye out, Denmark, Sweden, and Portugal!

Deepfake attacks are on the rise, with 62% of organizations experiencing one in the past year. Companies must integrate deepfake detection into tools like Microsoft Teams or Zoom to combat these threats. According to Gartner’s Akif Khan, combining deepfakes with social engineering is a potent mix, leaving employees on the frontlines of detection.

Five suspects in Europe were nabbed in a cryptocurrency fraud scheme that swindled over €100 million. Authorities from several countries teamed up, proving that when it comes to catching scammers, teamwork makes the dream work—unless you’re the dreamer who lost all your money in this crypto nightmare.

The Open Source Security Foundation warns that “open infrastructure is not free,” as the software world’s unpaid janitors tire of footing the bill. With package registries under strain, they call out wasteful usage and advocate for commercial-scale support. OpenSSF urges freeloaders to contribute before the software economy hits a costly downtime.

Security awareness training budgets are up, yet human error incidents continue to rise. Despite the spending spree, outdated and irrelevant content leaves staff overconfident and unprepared. It’s like trying to fix a leaky boat with a designer bucket—stylish, but ultimately ineffective. Time for a training revamp!

SolarWinds has issued a crucial hotfix for a critical Web Help Desk vulnerability, CVE-2025-26399. This flaw, allowing remote code execution without authentication, is part of a patch saga that could rival any soap opera. Users must update to version 12.8.7 and follow specific steps to secure their systems.

SolarWinds Web Help Desk struck again with a critical vulnerability, CVE-2025-26399, allowing attackers to run wild with arbitrary commands. It’s like a never-ending sequel to a tech horror movie, now on its third patch! Time to update to version 12.8.7 HF1 and hope this is the final cut.

GitHub tightens security for the npm registry after recent attacks, removing over 500 compromised packages. The new measures include scrapping outdated authentication and switching to trusted publishing with 2FA by default. Looks like it’s time for hackers to find a new hobby—maybe knitting?

AI expands the attack surface, turning CISOs into cybersecurity superheroes juggling more vulnerabilities than a clown at a juggling festival. With a 10% increase in API vulnerabilities and a doubling of network vulnerabilities, it’s like trying to plug holes in a sinking ship. Welcome to the high-stakes innovation race!

SonicWall saves the day with a firmware update to boot rootkit malware off SMA 100 series devices. Die-hard malware fans, it’s time to pack up. SonicWall strongly recommends users upgrade to version 10.2.2.2-92sv to avoid becoming a hacker’s favorite pinata.

A suspected Scattered Spider member has been nabbed for hacking Las Vegas casinos. Apparently, the Las Vegas Metropolitan Police Department is cracking down on this teenage cybercriminal, who might have mistaken the casino networks for a high-stakes game of cyber tag.