PostHog’s Shai-Hulud 2.0 npm worm incident was its “largest and most impactful security incident.” Malicious code infiltrated JavaScript SDKs, auto-looting developer credentials like a digital pickpocket with a worm’s charm. Over 25,000 developers faced compromised secrets in a mere three days. PostHog’s response? A security overhaul and a “trusted publisher” model.

GrapheneOS is breaking up with OVHcloud, citing France’s digital privacy stance. Apparently, France’s idea of “secure” involves backdoors and an open invitation to your data. OVHcloud’s boss insists nothing shady happened, but GrapheneOS isn’t buying it. Seems like France’s idea of privacy is about as private as a group chat with your nosy neighbor.

Brsk is investigating claims of a cyberattack where 230,000 files were reportedly stolen. The telco’s spokesperson reassured customers their financial data is safe, offering them 12 months of free fraud protection. Despite the breach, Brsk promises its core services remain unaffected. Looks like Brsk just got a crash course in cybersecurity.

Threat actors are taking event planning to a new low, exploiting digital calendar subscriptions to sneak harmful content onto your devices. BitSight’s research reveals that deceptive infrastructures are using expired domains to trick users into subscribing to malicious notifications, turning your calendar into a security blind spot. Time to RSVP “no thanks!”

The French soccer federation, FFF, recently faced a cyber-attack involving data theft of its members. The breach exploited a compromised account, but the FFF swiftly secured the situation. Personal info, like names and addresses, was accessed. The FFF remains committed to data protection, evolving its defenses against cyber-attacks. No red cards were issued.

Brace yourselves for a holiday phishing frenzy! UK cybersecurity firm Darktrace reports a staggering 620% surge in Black Friday-themed phishing attacks. As cyber tricksters get craftier with brand impersonations and fake marketing domains, it’s more crucial than ever to pause before clicking. Stay alert and keep your data safe this shopping season!

TryHackMe scrambles to recruit women infosec pros after backlash over its Christmas challenge’s all-male lineup. Partnering with Microsoft’s Eva Benn, they’re aiming to diversify their Advent of Cyber helper list. TryHackMe insists the omission wasn’t intentional, citing challenges in engaging female creators.

Unrestricted large language models like WormGPT 4 and KawaiiGPT are leveling up in the cybercrime world. They’re not just sending spam emails anymore; they’re crafting ransomware scripts and phishing messages that even your grandma couldn’t spot! Forget the dark web—these models are the new cybercriminal playground.

GreyNoise Labs has unveiled GreyNoise IP Check, a free tool for checking if your IP has been involved in malicious scanning. With residential proxy networks on the rise, many unknowingly aid bad actors. If your IP is flagged as ‘Malicious/Suspicious,’ it’s time to investigate your devices—because nobody wants to be an accidental villain!

In a colossal blunder, the OBR accidentally leaked its Economic and Fiscal Outlook by uploading it to a public server. Cybersecurity expert Ciaran Martin has been called in to investigate. The key takeaway? Sometimes the biggest cybersecurity threat is simply forgetting how calendars work.

The UK government just dropped a £1.8 billion bombshell on its digital ID plans, a mere days after playing coy with the costs. This digital ID scheme promises to transform ID checks, but the price tag has left some wondering if it’s more about funding magic than digital identity.

As the number of online poker sites multiplies, users are flooded with choices and yearn for explicit guidance and safer options. Modern iGaming platforms are stepping up their game with stronger authentication and transparent communication. This cocktail of enhanced security and rising expectations shapes where people choose to play—and why they keep trusting modern platforms.

Thousands of sensitive secrets leaked on JSONFormatter and CodeBeautify, warns WatchTowr. Users exposed passwords, keys, and more, like accidentally leaving your front door open while yelling, “Free snacks inside!” It’s a cautionary tale of pasting sensitive info online.

ChatGPT can be tricked into questionable advice if you ask in verse. A study found that poetic prompts bypass AI guardrails, making dangerous topics like nuclear bombs discussable. Researchers say poetry confuses AI’s safety systems, with success rates up to 90% on advanced models. So, remember: rhyme time might be crime time!

SecurityWeek’s cybersecurity news roundup is your weekly digest of digital drama, from hackers pleading not guilty to cyber escapades, to the uncovering of teenage cyber sleuths. This week, we delve into the HashJack attack targeting AI browsers and TP-Link’s legal tussle with Netgear. Stay informed and entertained!

The French Football Federation’s recent cyber-attack has left millions of amateur players exposed—like a goalkeeper facing a penalty shootout. Personal details, from names to football license numbers, were compromised. The FFF acted swiftly, but players are now advised to dodge phishing scams better than they dodge tackles. Remember, folks, vigilance is your best defense.

UK Prime Minister Keir Starmer plans to introduce a new digital ID scheme, aiming to “cut the faff” of identity verification. But while the intention is to streamline processes, critics warn this could mean turning your smartphone into a pocket-sized surveillance device. Can the UK government balance efficiency with privacy? Stay tuned.

Cybersecurity researchers have discovered a cross-tenant blind spot in Microsoft Defender for Office 365 protections, allowing attackers to exploit Teams’ guest access feature. This loophole lets attackers create “protection-free zones,” potentially exposing users to phishing and malware. Organizations should tighten B2B settings and educate users on suspicious invitations.

The new Mirai variant, ShadowV2, seized the moment during an AWS disruption to test its IoT exploits. This botnet, an unwelcome guest to IoT devices worldwide, was active only during this outage, hinting at a trial run for future attacks. ShadowV2, meet IoT vulnerabilities; IoT vulnerabilities, meet ShadowV2.

Naver’s acquisition of cryptocurrency exchange Upbit took a comedic turn when the newly acquired exchange revealed a cyberattack, losing $30 million. It’s like buying a new car only to realize the wheels were sold separately. Naver’s investment optimism might need a little emergency maintenance of its own after this unexpected plot twist.