The Inc ransomware group has claimed responsibility for a massive data breach at the Pennsylvania Attorney General’s office, reportedly making off with 5.7 TB of data. The attack, which began in August 2025, disrupted operations and paused trials, proving once again that hackers are the ultimate party crashers.

Nimbus Manticore is back at it again, bringing a whole new twist to job hunting scams. These Iranian government-backed cyber attackers have expanded their European operations, using fake job portals and sneaky malware like MiniJunk and MiniBrowse, proving once more that their dream job is your worst nightmare.

The newly discovered npm package ‘fezbox’ uses QR codes for cookie-stealing shenanigans. By hiding malware in these 2D barcodes, it’s like giving hackers a secret decoder ring. This sneaky package managed at least 327 downloads before being pulled, proving once again that hackers can find creative ways to misuse anything—QR codes included!

Threat actors are sprinting through cybersecurity defenses faster than a caffeinated cheetah. ReliaQuest’s report highlights the alarming speed of attacks with breakout times dropping to just 18 minutes. These clever criminals are also using SMB protocols for ransomware, making endpoint protection feel like bringing a spoon to a knife fight.

GitHub is tightening its security game with changes to authentication and publishing options due to recent npm supply chain attacks. The new trusted publishing eliminates the need for npm tokens, using cryptographic trust to secure package publishing. It’s like replacing your padlock with a biometric scanner—just without the eye scan.

UK chancellor Rachel Reeves blames Moscow for Britain’s cyber woes, despite evidence pointing to local hackers. Her claims of Russian involvement seem shakier than a Jenga tower in an earthquake, as UK authorities arrest local suspects linked to recent retail hacks. Meanwhile, researchers suggest teen pranksters, not Kremlin operatives, are the true culprits.

A teenager was arrested for cyberattacks on Las Vegas casinos, linked to the notorious hacking group Scattered Spider. The FBI identified the suspect, who surrendered to the Clark County Juvenile Detention Center. Authorities aim to try the teenager as an adult—proof that age is just a number when it comes to hacking escapades!

Stellantis confirmed it was hit by a cyber incident involving a third-party supplier, potentially exposing customer contact information. While no sensitive data was accessed, brace yourself for phishing attempts. In an unfortunate twist, the breach comes amid a challenging financial period for Stellantis, with revenue taking a nosedive.

Jaguar Land Rover has hit the brakes on production yet again, thanks to a recent cyber-attack. The carmaker, owned by Tata Motors, is keeping its plants idle until October 2025, giving cybersecurity experts time to put out the digital fire. Meanwhile, the Scattered Lapsus$ Hunters are enjoying a joyride through JLR’s systems.

BadIIS is the new villain on the block, turning innocent searches into a game of “Where’s the Malware?” for unsuspecting users. This Chinese-speaking threat actor has a knack for SEO poisoning, manipulating search results like a digital puppet master. Who knew search engines could be so… dramatic?

Stellantis has hit a speed bump with a data breach impacting its North American operations. While no sensitive information was accessed, the company is warning customers about potential phishing attacks. In the words of a cyber expert, third-party integrations might just be the carpool lane hackers love to exploit.

The RCMP made headlines by shutting down TradeOgre, seizing $40 million and setting a Canadian record for crypto asset seizure. This marks the first time a cryptocurrency exchange has been dismantled by Canadian authorities. TradeOgre was known for its niche, privacy-centric coins and minimalist trading features sans identity checks.

Germany-based Digital Charging Solutions is in hot water after a service provider turned their customer data into a peek-a-boo game. They assured Kia customers that only a few single-digit cases of unauthorized access occurred, and the data involved was limited to names and email addresses. Remember, in data breaches, always keep your “phishing” radar on!

The TikTok ban’s irony? Swapping one puppet master for another! While TikTok’s national security threat was as elusive as Bigfoot, now we have to wonder if the platform will dance to the U.S. government’s tune. Stay tuned for the next episode of “Whose Propaganda Is It Anyway?”

Stellantis, the global automaker, confirmed a data breach in its North American customer service operations. The breach was detected on a third-party provider’s platform but only involved limited personal data. Stellantis urges vigilance against phishing attempts. So, keep an eye out for “Jeep-er Creepers” trying to trick you!

Nimbus Manticore, an Iran-linked cyber-espionage group, has expanded its operations to target critical infrastructure in Western Europe. Using sophisticated malware like MiniJunk, they deploy highly obfuscated attack techniques to stay undetected. Their spear-phishing emails are so tailored, they probably know what you had for breakfast! Stay vigilant, because cybersecurity is no joke.

Hackers pulled a virtual heist on airports across Europe, targeting the MUSE system through a ransomware attack. Heathrow, Brussels, and Berlin’s Brandenburg airports were hit, leading to over 100 delayed or canceled flights. Collins Aerospace is racing to fix the chaos while passengers hope their planes take off before their patience does.

In the digital age, shadowbanning is like the ultimate game of hide-and-seek, where creators talk about sex and abortion, and social media simply pretends not to see them. Our Stop Censoring Abortion campaign uncovers how platforms ‘accidentally’ suppress critical conversations, leaving users wondering if their posts fell into a black hole.

The American Archive of Public Broadcasting’s website had a flaw allowing unauthorized media downloads for years. Despite reporting it in 2021, the issue was only patched recently. The vulnerability, involving insecure direct object reference, was exploited by ‘data hoarders’ on Discord, leading to leaks of protected content. Access controls have since been strengthened.

A teen hacker might have thought he hit the jackpot with Las Vegas casino network intrusions, but instead, he cashed out at the Clark County Juvenile Detention Center. The Las Vegas police, with the FBI’s Cyber Task Force, cracked the case faster than a slot machine payout.