OpenAI’s GPT-5 Instant now acts as a virtual emotional support buddy, recognizing when users are having a tough time. It’s like having a therapist with a PhD in speed, rerouting sensitive conversations to ensure you’re heard and supported. Rest assured, this chatbot is ready to lend a virtual ear with expert guidance.

In a revelation that could make Windows AI sweat circuits, researcher hxr1 shows how trusted ONNX files can serve as sneaky malware delivery systems. It’s like hiding a needle in a haystack, where the haystack is a neural network and the needle is a malicious payload. Talk about a tech twist!

NFC relay malware is taking Eastern Europe by storm, with over 760 malicious Android apps swiping card details faster than you can say “contactless.” This isn’t your grandma’s banking trojan; these apps are like digital pickpockets, using Android’s Host Card Emulation to emulate or swipe payment data and keep your cash flowing… away.

CISA is urging U.S. government agencies to patch their systems against the high-severity CVE-2025-41244 vulnerability in Broadcom’s VMware software. This flaw, which has been exploited since October 2024 by a Chinese state-sponsored threat actor, allows attackers to escalate privileges and gain root access on virtual machines. Time to patch up, folks!

In the chaotic world of cybersecurity, AI is the superhero we’ve been waiting for—if only we’d let it wear the cape. With threats multiplying like rabbits, AI promises to automate what humans can’t keep up with. But until we trust it, we’re just keeping it in the slow lane with a speed limiter.

Nation-state hackers breached Ribbon Communications’ IT network as early as December 2024. While they were kicked out by September 2025, it’s like finding a raccoon in your attic—who knows what they nibbled on? Ribbon is now tightening its cybersecurity, but the breach could be linked to the notorious Salt Typhoon group.

Chinese cyber spies are back at it, exploiting a Windows shortcut vulnerability to infiltrate European diplomatic conferences. Using social engineering and a little malware magic, they’ve turned diplomats’ agendas into their personal shopping lists for defense secrets. UNC6384’s latest espionage exploits underscore the need for Microsoft to patch this pesky ZDI-CAN-25373 flaw, pronto.

Conduent, the American business services giant, confirms a data breach affecting over 10.5 million people. While the company claims no misuse of the stolen data, it suggests affected individuals consider security measures like credit reports and fraud alerts. It’s a classic case of “better safe than sorry,” or in this case, “better frozen than frazzled.”

The Brash flaw in Chromium’s Blink engine is a browser’s worst nightmare, crashing Chrome, Edge, and others in 15-60 seconds with a single malicious URL. It’s the digital equivalent of slipping on a banana peel—except it’s deliberate, global, and leaves over 3 billion users facepalming at their screens.

Proton’s Data Breach Observatory is shining a light on cyberattacks that prefer staying in the shadows. By scouring the dark web, this new service aims to unearth breaches that organizations would rather keep quiet. It’s like a detective series, but for data breaches—minus the trench coats and magnifying glasses.

WhatsApp is enhancing security with passkey-encrypted backups, ditching complicated passwords for biometrics. Now, protecting your chat history is as easy as batting an eyelash or tapping a finger. Just head to settings and secure your backups with a smile—or whatever unlocks your phone. Passkeys: because who really remembers a 64-digit encryption key?

Malicious apps are masquerading as trusted brands like ChatGPT, DALL·E, and WhatsApp, warns Appknox. From harmless ad traps to dangerous spyware, these apps are fooling US users on third-party app stores. Remember, when it comes to downloading apps, if it looks too good to be true, it probably is!

President Donald Trump’s national cybersecurity strategy aims to partner with the private sector and avoid burdensome regulations. Sean Cairncross, leading federal cyber strategy, stresses industry collaboration to enhance resilience and resource efficiency. Balancing security needs with industry flexibility seems to be the goal, as the Trump administration seeks input for its cybersecurity roadmap.

AdaptixC2, an open-source command-and-control framework, is gaining popularity among threat actors, including those linked to Russian ransomware gangs. While designed for ethical hacking and penetration testing, its appeal to cybercriminals raises eyebrows faster than a botched Botox job.

Android’s scam defenses block over 10 billion malicious calls and messages each month, safeguarding users worldwide. Google has intercepted more than 100 million suspicious numbers from using RCS. Despite scammers adapting tactics, such as group chat hoaxes, Google’s AI continues to protect users by automatically filtering and blocking suspected threats.

ICE is planning a Texas-sized transportation grid for moving detainees across the Lone Star State. With 254 counties involved, it’s like a high-stakes version of Uber, but with fewer snacks and more paperwork. The idea is to create a shadow logistics network for immigration enforcement, turning it into a streamlined, private-sector operation.

King Addons for Elementor, used on over 10,000 WordPress sites, has two critical vulnerabilities that could lead to a complete site takeover. The file upload flaw allows any visitor to pop unwanted files into your site, while the privilege escalation bug lets attackers create accounts with top-tier access. Update immediately, or risk a surprise guest…

Peter Williams, a former manager at L3Harris Trenchant, confessed to selling confidential cybersecurity information to a Russian broker. This heist involved $35 million in U.S. defense secrets, sold for $1.3 million in cryptocurrency. Williams now faces up to 10 years in a cozy, metal-barred retreat.

Ribbon Communications, a key player in the telecom industry, experienced a stealthy security breach by nation-state hackers. The culprits infiltrated the company’s systems undetected for nearly a year, proving once again that cybercriminals are truly the ninjas of the digital age. Talk about overstaying your welcome!

Docker Compose users, brace yourselves! A vulnerability, CVE-2025-62725, discovered by Imperva’s Ron Masas, could let attackers stage path traversal attacks. The flaw lets attackers trick Compose into writing files anywhere on the host. Upgrade to v2.40.2 now, because who needs uninvited guests rummaging through your system?