Hackers working for Russian intelligence targeted a U.S. engineering firm due to its link with a sister city in Ukraine. Arctic Wolf, the cybersecurity firm that detected the attack, noted Russia’s expanding list of cyber targets. The attack showcases Moscow’s persistent efforts to disrupt entities with even indirect ties to Ukraine.

Laura Vidal is a digital rights expert who believes in the power of “third spaces online” as hubs for resilient communities resisting authoritarianism. Her journey from academia to activism shows that free speech isn’t just a right; it’s a responsibility, especially in a world where everyone seems to be shouting at once.

WormGPT 4 is taking the dark side of AI to new depths, offering a “key to an AI without boundaries” for just $50 a month. With features like ransomware creation and data exfiltration, it’s a one-stop shop for aspiring cybercriminals, proving that AI’s potential for mischief is growing faster than a cat meme.

Mergers and acquisitions are opening doors for Akira ransomware operators, exploiting SonicWall SSL VPN vulnerabilities to wreak havoc. These cybercriminals slip into larger enterprises via smaller, newly acquired companies, leaving behind a trail of zombie credentials and security gaps. Close those loopholes, or you might find yourself the punchline in their next heist!

FlexibleFerret is back, now targeting macOS users with a “Contagious Interview” scam. This North Korea-linked group uses fake job-recruitment lures to trick users into running malicious commands, bypassing built-in protections. Remember, if a job interview asks you to fix your camera via Terminal, just say “no” to malware!

The CodeRED platform suffered a cyberattack, causing chaos for emergency alert systems. Data including names, emails, and passwords were stolen, but not publicly posted. Crisis24 is rebuilding the system, but the INC Ransomware gang claims to have the data. Users should reset passwords faster than a caffeine-fueled squirrel on a keyboard!

The FBI warns of a $262 million surge in account takeover fraud as cybercriminals pose as banks. These tricksters employ social engineering via texts, calls, and emails to swipe credentials and hijack accounts. Remember: If your bank suddenly calls you about suspicious purchases, they might just be fishing for your info!

ICE is upping its game, swapping a $180 million pilot for a full-blown program with no spending cap. They’re hiring bounty hunters and private eyes to track immigrants, promising them up to $281.25 million each. With this move, ICE aims to turn contractors into an extension of its enforcement team.

AI, our digital bodyguard, is great at spotting sneaky cyber threats faster than a caffeine-fueled squirrel. But can we trust AI with our cybersecurity? Only if it’s protected and supervised by humans. Otherwise, AI might mistake your grandma’s cookie recipe for a dangerous virus. Balancing AI with human oversight is key!

CISA warns that commercial spyware is targeting mobile messaging apps like WhatsApp and Signal. Cyber actors use cunning tactics to access victims’ devices, deploying spyware disguised as popular apps. High-value individuals and civil society organizations are at risk. CISA urges vigilance and offers updated guidance for protection.

Cybersecurity startup Vijil secured $17 million in Series A funding, boosting its total to $23 million. Founded by AWS alumni, Vijil enhances AI agent security with a platform that tests, secures, and optimizes agents pre- and post-deployment. This funding fuels Vijil’s mission to make AI agents as trustworthy as a golden retriever.

HashJack is the latest buzz in the cybersecurity world—a sneaky attack that hides commands after the “#” in URLs, tricking AI browser assistants. It’s like AI’s version of “I didn’t see that coming!” Just when you thought URLs couldn’t get any more exciting, they start moonlighting as attack vectors!

The FBI warns of a surge in account takeover fraud schemes, with cybercriminals impersonating financial institutions to steal over $262 million. These crafty criminals use social engineering to gain access, wire funds into crypto wallets, and even lock out account owners. Stay alert, secure your accounts, and report suspicious activity to ic3.gov.

Cybersecurity needs to fix its hiring practices, according to 18-year-old Bandana Kaur. While AI is transforming the industry, she argues that creativity remains irreplaceable. Many entry-level positions remain elusive due to unrealistic HR expectations, not AI. Kaur encourages Gen Z to embrace AI as a learning tool to bridge the skill gap.

Tor is rolling out the Counter Galois Onion (CGO) to replace its old relay encryption, tor1. Enhanced encryption and security measures aim to combat modern traffic-interception. With features like tagging protection and stronger authentication, CGO ensures your data is safer than a penguin in a parka. Keep calm and browse anonymously!

Organizations are leaking sensitive data by pasting passwords into online tools like JSONFormatter and CodeBeautify. With over 80,000 files captured, the blunder reveals everything from usernames to cloud environment keys. The irony? Even cybersecurity sectors aren’t immune. A word to the wise: stop pasting credentials into random websites.

The Everest ransomware group just pulled off a heist that would make a Hollywood director blush. They claim to have snagged a whopping 596 GB of Iberia’s data, including your last in-flight meal choice. Iberia better respond before the group starts airing their digital laundry. Everest ransomware group is not playing around!

Agentic AI is about to make cybercrime more efficient, Trend Micro warns. Cybercriminals can soon automate attacks, leaving them free to focus on other important matters, like perfecting their evil laugh. With AI-powered ransomware on the rise, our dystopian future is just a hack away.

China’s APT31, known for industrial espionage, has allegedly been spying on Russia’s IT sector using creative cloud service hacks like “OneDriveDoor” and “VtChatter.” This clandestine “cyber whack-a-mole” game reveals that even friendly-ish nations, like China and Russia, can’t resist peeking over each other’s digital shoulders.

The Smishing Triad’s phishing escapades have found new territory, impersonating Egyptian giants like Fawry and Egypt Post. Dark Atlas uncovered their crafty tactics, including Telegram channels and international phishing kits. Meanwhile, Darcula’s PhaaS platform is also making waves, boasting AI-driven automation and anti-detection features. It’s a phishing frenzy out there!