Deepfake audio attacks against employees are skyrocketing, with 44% of businesses hit. The voice on the line might sound like your boss, but it could be a cybercriminal with a killer AI karaoke setup. Deepfake detectors are on the rise, but until then, trust issues might reach new heights!

SonicWall’s latest firmware update aims to zap rootkit malware from Secure Mobile Access 100 appliances. This comes after Google flagged attacks exploiting even fully patched devices. So remember, if you’re using an SMA 100, update now—unless you enjoy your devices moonlighting as secret agents for cybercriminals.

CISA has added the Google Chromium flaw CVE-2025-10585 to its Known Exploited Vulnerabilities catalog. This zero-day vulnerability in the V8 JavaScript engine is a type confusion issue, making it a favorite among hackers who enjoy a good software mix-up. Federal agencies have until October 14, 2025, to patch it up.

A New York area SIM farm boasting over 100,000 SIM cards was busted, exposing its potential to disrupt city cell networks. This was no ordinary spam operation; it could’ve texted the entire U.S. in 12 minutes. The Secret Service’s swift action prevented the farm from targeting the United Nations General Assembly.

Two security vulnerabilities in Supermicro Baseboard Management Controller firmware have been revealed, enabling attackers to bypass crucial verification steps with a specially crafted image. These vulnerabilities, CVE-2025-7937 and CVE-2025-6198, stem from improper cryptographic signature verification, potentially allowing for unauthorized firmware updates and leading to complete control over the system.

Supermicro has patched two BMC vulnerabilities, including CVE-2024-10237, that could allow malicious firmware updates. A previously bypassed patch led to a new identifier, CVE-2025-7937, while another flaw, CVE-2025-6198, was also patched. Despite no evidence of active exploits, these vulnerabilities pose significant risks to enterprises.

In an elaborate online investment fraud scheme, five suspects were arrested in Europe, accused of stealing over €100 million. It was a classic case of “Invest now, cry later,” with victims duped by promises of high returns in cryptocurrencies. Authorities froze assets across multiple countries, putting a halt to their crypto-criminal career.

The International Criminal Court is stepping into the world of cyber-enabled crimes, where hacking meets heinousness. As they draft a policy to tackle digital atrocities, they must balance justice with protecting human rights. Because, let’s face it, fighting digital villains shouldn’t mean turning the internet into a dystopian surveillance state.

SolarWinds announced its third attempt to fix a pesky remote code execution vulnerability in Web Help Desk. Known as CVE-2025-26399, this bug is like a sequel nobody asked for, following two previous patch bypasses. Users are urged to apply the hotfix before hackers turn this trilogy into a blockbuster.

WhatsApp’s new translation feature lets users translate messages in chats and groups. Android users can enjoy automatic translation, while iPhone users must flex those tapping fingers. With support for over 19 languages and privacy protection, this update ensures your chat secrets stay secret, even if you need them in another language.

The U.S. Secret Service foiled a plot involving a network of SIM servers and 100,000 SIM cards around the New York tri-state area. These devices, capable of disabling cell towers and issuing threats, posed an imminent threat to national security. Potential nation-state actors were involved, but no further details were disclosed.

The SolarWinds saga continues with another hotfix for a critical flaw in its Web Help Desk software. This marks the third attempt to patch the same deserialization bug, raising the question: will the third time finally be the charm? With a history of exploitation, experts advise to patch now.

Security researchers revealed a critical bug in OnePlus smartphones, allowing any app to read SMS and MMS data. This vulnerability, stemming from OxygenOS 12, has remained since late 2021. Despite efforts, OnePlus hasn’t responded to fix this flaw, leaving users to wonder if their texts have become public domain.

Cloudflare recently fended off a DDoS attack peaking at a staggering 22.2 Tbps, the equivalent of streaming one million 4K videos at once. While it lasted just 40 seconds, it set a new record. As DDoS attacks continue to grow in frequency and size, Cloudflare’s defense game is stronger than ever.

Nimbus Manticore is expanding its cyber escapades, now targeting Europe’s defense, telecom, and aerospace sectors. These Iranian hackers use fake job offers to lure victims, employing evolved malware like MiniJunk to sneak past defenses. Stay alert, because when your inbox promises a dream job, it might just be a nightmare in disguise!

Customs and Border Protection agents have been quietly harvesting DNA from American citizens, even minors, and funneling it into an FBI crime database. Critics warn this unauthorized expansion of genetic surveillance could mean lifelong scrutiny for anyone added, with DNA from children as young as 4 already present.

CISA discovered that attackers exploited an unpatched GeoServer vulnerability, CVE-2024-36401, to breach a U.S. federal agency’s network. After uploading web shells and scripts, they went undetected for three weeks. CISA recommends swift vulnerability patching and vigilant monitoring to thwart future attacks.

The U.S. Secret Service dismantled a covert communications network near the U.N. in New York, seizing 100,000 SIM cards and 300 servers. Capable of sending 30 million texts per minute, this high-tech operation could disrupt cellular networks, raising serious concerns over mobile network security. Talk about an “unlimited text” plan gone rogue!

The US Secret Service has dismantled a colossal network of SIM farms in the New York Tri-state area, potentially capable of disrupting entire cellular networks. This operation involved over 100,000 SIM cards and targeted senior government officials. Meanwhile, the Secret Service is still figuring out why anyone would need that many SIM cards.

Kaspersky warns that hotel-hacking group RevengeHotels is back, now wielding AI to craft stealthier scams. Their classic phishing tricks have evolved; AI-generated malware means hotel guests face greater risks of card and data theft, even in trusted hotels. The cybercriminals are getting smarter, but the bookings are about to get scarier.