Five suspects in Europe were nabbed in a cryptocurrency fraud scheme that swindled over €100 million. Authorities from several countries teamed up, proving that when it comes to catching scammers, teamwork makes the dream work—unless you’re the dreamer who lost all your money in this crypto nightmare.

The Open Source Security Foundation warns that “open infrastructure is not free,” as the software world’s unpaid janitors tire of footing the bill. With package registries under strain, they call out wasteful usage and advocate for commercial-scale support. OpenSSF urges freeloaders to contribute before the software economy hits a costly downtime.

Security awareness training budgets are up, yet human error incidents continue to rise. Despite the spending spree, outdated and irrelevant content leaves staff overconfident and unprepared. It’s like trying to fix a leaky boat with a designer bucket—stylish, but ultimately ineffective. Time for a training revamp!

SolarWinds has issued a crucial hotfix for a critical Web Help Desk vulnerability, CVE-2025-26399. This flaw, allowing remote code execution without authentication, is part of a patch saga that could rival any soap opera. Users must update to version 12.8.7 and follow specific steps to secure their systems.

SolarWinds Web Help Desk struck again with a critical vulnerability, CVE-2025-26399, allowing attackers to run wild with arbitrary commands. It’s like a never-ending sequel to a tech horror movie, now on its third patch! Time to update to version 12.8.7 HF1 and hope this is the final cut.

GitHub tightens security for the npm registry after recent attacks, removing over 500 compromised packages. The new measures include scrapping outdated authentication and switching to trusted publishing with 2FA by default. Looks like it’s time for hackers to find a new hobby—maybe knitting?

AI expands the attack surface, turning CISOs into cybersecurity superheroes juggling more vulnerabilities than a clown at a juggling festival. With a 10% increase in API vulnerabilities and a doubling of network vulnerabilities, it’s like trying to plug holes in a sinking ship. Welcome to the high-stakes innovation race!

SonicWall saves the day with a firmware update to boot rootkit malware off SMA 100 series devices. Die-hard malware fans, it’s time to pack up. SonicWall strongly recommends users upgrade to version 10.2.2.2-92sv to avoid becoming a hacker’s favorite pinata.

A suspected Scattered Spider member has been nabbed for hacking Las Vegas casinos. Apparently, the Las Vegas Metropolitan Police Department is cracking down on this teenage cybercriminal, who might have mistaken the casino networks for a high-stakes game of cyber tag.

The White House confirms that all US TikTok user data will be stored on Oracle servers in the United States. Oracle will serve as TikTok’s trusted security provider, ensuring data protection from foreign interference while retraining the algorithm stateside. It’s a digital tug-of-war, but with more server farms and fewer actual tractors.

Unit 221B, a threat intelligence firm, just raised $5 million in seed funding. With their eWitness platform, they track cybercriminals and help law enforcement bring them down. They’re like the Avengers of the digital age, except their superpower is arresting hackers and maybe catching the occasional botnet administrator named Ethan.

Encryption and secure connections in online gaming mean your data does the shuffle dance on the way to the server, making hackers’ jobs as easy as herding cats. Platforms protect your info like it’s the last slice of pizza, offering competitive CS2 betting odds and bonuses without the worry of data breaches.

ShadowV2 botnet targets misconfigured Docker containers on AWS, deploying malware to conduct DDoS attacks. With a Python-based C2 framework and advanced techniques, it offers a “DDoS-for-Hire” service. This highlights the growing sophistication of cybercrime-as-a-service, as threat actors continue to innovate and exploit vulnerabilities.

Big companies are shrinking their workforces and wearing it as a badge of honor, but CISOs are left holding the bag. The credential crisis is real, with 86% of breaches involving compromised credentials. As lean teams face longer response times, hardcoded secrets become a blind spot, amplifying risks and costs.

Microsoft’s Azure Entra vulnerability was like a hidden “open sesame” for hackers, but thanks to responsible disclosure, it was fixed before any evil genies escaped the bottle. While Microsoft swiftly acted, it highlights the unpredictable nature of cybersecurity. Remember, it’s not always the big bad wolf you see; sometimes, it’s the unseen gremlin that sneaks…

GitHub is beefing up defenses against supply-chain attacks, enforcing 2FA and promoting trusted publishing. Meanwhile, Ruby Central tightens governance of RubyGems after attacks involving 60 malicious gems. Developers are urged to adopt these security measures, as GitHub and Ruby Central work to transform their platforms into Fort Knox—minus the gold bars.

SpyCloud’s 2025 Identity Threat Report reveals a startling disconnect: while 86% of security leaders feel confident in preventing identity attacks, 85% faced ransomware incidents last year. Identity sprawl now expands the attack surface, with phishing as the leading ransomware entry point. SpyCloud urges a holistic identity protection approach beyond traditional defenses.

MCP is the new sheriff in town for agentic AI, ensuring agents play nice with data. But hold your horses! Just like every good Western, there’s a twist. Malicious actors have found ways to mess with it. Adversa’s got your back with a Top 25 list of MCP vulnerabilities, so you can keep those virtual…

ShadowV2 is turning DDoS crime into a gig economy! Forget traditional botnets—this operation lets users rent access to infected networks for DIY cyber mayhem. With Docker misconfigurations and a Python-based command-and-control platform, it’s like an evil Airbnb… but for hackers! Darktrace reveals the platform’s API even lets users pick their attack targets.

Researchers from Vrije Universiteit Amsterdam pocketed $150K for their “L1TF Reloaded” exploit, combining L1TF and half-Spectre to breach cloud defenses and leak VM memory. The prankster-level hack bypasses security measures, proving that CPUs can be as mischievous as they are powerful. Who knew hacking could be this profitable?