OpenAI warns API users of a Mixpanel breach that exposed names, emails, and locations. Thankfully, no chat content or payment details were compromised. So, if you spot a suspicious email claiming you’ve won a lifetime supply of ChatGPT credits, think twice—it’s probably a phishing scam, not your lucky day!

Retailers might need more than just holiday cheer this Black Friday—security experts emphasize vigilance against cyber-attacks. While Huntsman Security finds only minor seasonal peaks in retail breaches, others warn that threat actors love the holiday rush as much as shoppers. Black Friday security and fraud fears are real, so keep your defenses—and your wits—sharp!

Cybercrime is evolving faster than you can say “password123!” From AI-powered scams to creative data theft, hackers are working overtime. But fear not, governments and security pros are striking back. Stay updated, stay alert, and remember: clicking without thinking is like leaving your house unlocked. Stay sharp, and let the cyber games begin!

Scattered Lapsus$ Hunters may be targeting Zendesk users in a new phishing campaign, as ReliaQuest uncovers over 40 typosquatted domains. Domains like znedesk.com host phishing pages mimicking Zendesk sign-on portals. The campaign already claimed Discord as a victim, compromising its Zendesk-based support system and stealing user data. Stay vigilant, Zendesk fans!

The Cyber Security and Resilience Bill is Britain’s answer to rising cyber threats, promising to enhance protection for essential services and boost business confidence. With a staggering £15 billion lost annually to cyber-attacks, the bill aims to tighten regulations and reporting, making the UK a fortress for digital data.

ASUS has released new firmware to patch a critical authentication bypass flaw in routers with AiCloud enabled. This vulnerability, rated a 9.2 on the CVSS scale, might let uninvited guests crash your cloud party. So, update those routers unless you want your data to have more guests than a Netflix account!

Gainsight has revealed that a recent cyber incident affected more customers than initially reported. Salesforce’s list of impacted clients grew significantly, though specific numbers remain undisclosed. Dubbed a “handful,” the affected were targeted by the notorious ShinyHunters group. Meanwhile, integrations with Zendesk, Gong.io, and HubSpot have been temporarily suspended for safety.

Even when students are home, school-issued devices can transform their bedrooms into “on campus” no-go zones. In Merrill v. Marana Unified School District, a high schooler’s joke made at home was flagged by surveillance software, leading to suspension. It’s a reminder that sometimes, even bad jokes deserve a little privacy.

Age verification will not keep children safe online. Instead, it’s like using a sledgehammer to crack a nut, restricting access for everyone. Let’s focus on privacy laws and parental controls to protect our kids, not mandatory age checks that make the internet feel like an exclusive club with a bouncer.

The massive AWS outage in October was a cloud-first catastrophe, highlighting that in today’s interconnected digital world, anything can fail. Elena Lazar, a seasoned software engineer, discusses how to engineer for failure. In the era of distributed systems, resilience trumps perfection, proving that even the cloud has a silver lining.

ShadowV2, a new Mirai-based botnet, targeted IoT devices from D-Link and TP-Link during the October AWS outage. Though not connected, it seemed like a test run for this sneaky malware. With a global impact, ShadowV2 exploits eight known vulnerabilities, proving once again that not updating your firmware is like leaving your front door wide open!

For the first time, a RomCom payload has been delivered via SocGholish, marking a new chapter in malware distribution. Arctic Wolf Labs observed this peculiar cyber romcom unfold, targeting a U.S. civil engineering firm. With RomCom’s pro-Russia agenda, it’s clear that even malware has a type.

Gainsight CEO Chuck Ganapathi claims only a “handful” of customers were affected by a data breach, while Google’s Austin Larsen reports over 200 potential victims. Sounds like someone’s counting with their eyes closed! Salesforce swiftly revoked access tokens, leaving Gainsight’s app offline as the investigation continues. ShinyHunters may be behind this digital mischief.

Shai-Hulud 2.0 is here, and it’s spreading faster than your friend’s latest TikTok dance video. This malware worm is not only harvesting credentials but also enrolling victim machines into a GitHub botnet. With lightning speed, Shai-Hulud 2.0 has compromised hundreds of npm packages, making it the Usain Bolt of supply-chain attacks.

The node-forge package has a flaw allowing crafty data to bypass signature verifications. Tracked as CVE-2025-12816, this bug means your app might trust a signature as much as you trust a phishing email. Developers, update to version 1.3.2—your cryptographic sanity depends on it!

Fraud’s sophistication shift is in full swing, with AI-driven scams surging 180% year-over-year. Cybercriminals are ditching low-effort copy-paste attacks for precision-engineered frauds, causing greater damage. Sumsub’s report reveals the rise of AI-generated identities and autonomous systems, marking a transformative era for digital fraud. It’s evolution, but not as we wanted it!

Comcast will cough up $1.5 million to settle an FCC investigation after a vendor’s data breach exposed info of 275,000 customers. FBCS, the bankrupt vendor, revealed the breach five months late. Comcast, not taking the blame, now promises better vendor oversight. Looks like it’s time for some serious data spring cleaning!

ShadowV2, a Mirai-based botnet, turned IoT devices into a zombie army during an AWS outage, proving IoT gadgets are the Achilles’ heel of cybersecurity. As it spread through vulnerabilities like a gossip at a cocktail party, ShadowV2 showed us that IoT devices still need better security and firmware updates.

The Shai-Hulud supply chain attack has breached over 830 npm packages, now targeting the Maven ecosystem. This “second coming” is stealthier, using Bun runtime for concealment and GitHub for exfiltration. It’s a stark reminder of the vulnerability in trusted software paths, turning a single compromise into a widespread outbreak.

Westminster City Council and the Royal Borough of Kensington and Chelsea are grappling with a cybersecurity issue affecting multiple systems, including phone lines. As emergency plans kick in, residents may need to resort to smoke signals or carrier pigeons to stay in touch. Stay tuned as the mystery of the digital debacle unfolds!