Swiss agencies should steer clear of hyperscale clouds, says Privatim, the Conference of Data Protection Officers. They argue that most SaaS solutions lack end-to-end encryption, posing a risk to sensitive data. The resolution suggests avoiding large international providers, particularly Microsoft 365, to maintain control and security over confidential information.

This holiday season, beware of over 2,000 fake online stores eager to steal your cash and details faster than you can say “Black Friday.” Scammers use identical methods to trick shoppers with fake urgency timers and misleading trust symbols. Always double-check deals on official sites to avoid falling for these sneaky scams.

Quttera’s new Web Malware Scanner API enhancements turn audit nightmares into dreams of automated compliance. Gone are the days of exhausting evidence hunts. With real-time data streaming and compliance mapping, security teams get a break from manual drudgery, while the API handles the daunting task of PCI DSS v4.0 compliance.

CISA has added a new flaw impacting OpenPLC ScadaBR to its Known Exploited Vulnerabilities catalog. The CVE-2021-26829 vulnerability allows hackers, like the pro-Russian group TwoNet, to exploit cross-site scripting flaws. It’s high time to patch up, folks, before your systems become more popular than a free lunch!

The Contagious Interview campaign, linked to North Korea, has expanded by adding 197 malicious npm packages to spread updated OtterCookie malware. Cyber crooks pose as recruiters, targeting crypto and Web3 developers with fake job interviews and trojanized projects. Their malware can steal credentials, monitor devices, and wreak havoc on unsuspecting victims.

Asahi Group Holdings, Japan’s top beer producer, discovered a cyberattack affecting 1.9 million people. The attack compromised sensitive data like names, addresses, and emails, perfect ammo for phishing. While shipments are slowly resuming, Asahi is revamping security faster than you can say “Kanpai!” to prevent future cyber mishaps.

HashJack is the latest cyber villain, using the humble pound sign in URLs to trick AI browser assistants into doing its bidding. This sneaky code can lead to credential theft and even medical mishaps. Cato Networks warns that AI security needs a makeover before the pound sign becomes the new exclamation point!

Teen hackers are as savvy as they come, but even non-hacker teens are prolific digital users. This digital opsec guide helps teenagers tighten their online privacy and security. From compartmentalizing identities to avoiding “Signalgate” blunders, understanding operations security is crucial. Because who wants their embarrassing TikToks used as blackmail?

Hackers dribbled past the French Soccer Federation’s defenses, scoring member data through a compromised account. The FFF quickly tackled the breach, disabling the account and resetting passwords. While the cyberattack stole some personal details, the federation is on high alert, advising members to watch out for suspicious messages.

An Australian man was sentenced to over seven years for operating an “evil twin” WiFi network. His rogue network mimicked real airport WiFi to steal social media credentials, which he used to access and monitor women’s accounts. Remember, when it comes to free WiFi, if it seems too good to be true, it probably is!

Windows 11 updates since August might make your password sign-in icon vanish from the lock screen. But don’t worry, it’s like an invisible superhero—hover over where it should be, and voilà, it reappears! Microsoft is on it, but for now, embrace the mystery of the disappearing icon.

Security engineer Luke Marshall discovered over 17,000 exposed secrets on GitLab using TruffleHog. The scan, costing $770, found Google Cloud credentials, MongoDB keys, and more. Despite notifying affected parties and earning $9,000 in bug bounties, some secrets remain exposed. GitLab’s secret density was 35% higher than Bitbucket’s.

The North Korean threat actors behind the Contagious Interview campaign are back, flooding the npm registry with 197 more malicious packages since last month. These packages have been downloaded over 31,000 times. It’s like a job interview from hell, where instead of a job offer, you’re offered malware with a side of stolen data.

Vulnerable code in legacy Python packages raises red flags for a potential supply chain compromise on the Python Package Index. The issue stems from an old bootstrap script fetching from a now-available domain, leaving an “unnecessary attack surface.” Developers, beware—your code could become a comedy of errors with a malicious twist!

The French Football Federation (FFF) experienced a data breach after attackers scored a goal using a compromised account. The FFF’s security team acted fast, swiftly disabling the account and resetting passwords. Members should be on high alert for phishing attempts, as the cyber players may now be trying their luck off the field!

PostHog’s Shai-Hulud 2.0 npm worm incident was its “largest and most impactful security incident.” Malicious code infiltrated JavaScript SDKs, auto-looting developer credentials like a digital pickpocket with a worm’s charm. Over 25,000 developers faced compromised secrets in a mere three days. PostHog’s response? A security overhaul and a “trusted publisher” model.

GrapheneOS is breaking up with OVHcloud, citing France’s digital privacy stance. Apparently, France’s idea of “secure” involves backdoors and an open invitation to your data. OVHcloud’s boss insists nothing shady happened, but GrapheneOS isn’t buying it. Seems like France’s idea of privacy is about as private as a group chat with your nosy neighbor.

Brsk is investigating claims of a cyberattack where 230,000 files were reportedly stolen. The telco’s spokesperson reassured customers their financial data is safe, offering them 12 months of free fraud protection. Despite the breach, Brsk promises its core services remain unaffected. Looks like Brsk just got a crash course in cybersecurity.

Threat actors are taking event planning to a new low, exploiting digital calendar subscriptions to sneak harmful content onto your devices. BitSight’s research reveals that deceptive infrastructures are using expired domains to trick users into subscribing to malicious notifications, turning your calendar into a security blind spot. Time to RSVP “no thanks!”

The French soccer federation, FFF, recently faced a cyber-attack involving data theft of its members. The breach exploited a compromised account, but the FFF swiftly secured the situation. Personal info, like names and addresses, was accessed. The FFF remains committed to data protection, evolving its defenses against cyber-attacks. No red cards were issued.