China’s APT31, known for industrial espionage, has allegedly been spying on Russia’s IT sector using creative cloud service hacks like “OneDriveDoor” and “VtChatter.” This clandestine “cyber whack-a-mole” game reveals that even friendly-ish nations, like China and Russia, can’t resist peeking over each other’s digital shoulders.

The Smishing Triad’s phishing escapades have found new territory, impersonating Egyptian giants like Fawry and Egypt Post. Dark Atlas uncovered their crafty tactics, including Telegram channels and international phishing kits. Meanwhile, Darcula’s PhaaS platform is also making waves, boasting AI-driven automation and anti-detection features. It’s a phishing frenzy out there!

Microsoft is in detective mode, investigating why classic Outlook users in Asia Pacific and North America can’t connect to Exchange Online. While they search for clues, users are advised to swap the classic desktop client for Outlook on the Web. Stay tuned for updates on these classic Outlook search issues!

Morphisec warns that Russian cybercriminals are spreading StealC V2 malware through weaponized Blender files on 3D model sites like CGTrader. These files exploit Blender’s ability to run hidden Python scripts, allowing the malware to execute automatically. The attack is ongoing and has been active for at least six months.

Microsoft is giving Teams a 2026 glow-up! Introducing ms-teams_modulehost.exe, the new call handler promising snappier launch times and smoother calls. IT admins, prepare your allowlists! Users, nothing will change—except for that newfound speed.

Beware of ClickFix scams! Cybersecurity experts warn of fake adult sites and fake Windows updates tricking users into running malicious commands. These scams hijack screens and pressure users into “urgent updates,” all while using obfuscation to hide their tracks. Stay alert and don’t fall for the digital shenanigans!

Malicious LLMs like WormGPT 4 and KawaiiGPT are making cyberattacks as easy as ordering takeout. With dark LLMs, even the least tech-savvy can become cyber villains, crafting phishing emails and malware with ease. Palo Alto Networks warns that these AI tools lower the bar for entry into cybercrime, democratizing digital mischief.

Fluent Bit faces five vulnerabilities that could let attackers wreak havoc in the cloud. From log tampering to remote code execution, these bugs could turn observability pipelines into a stand-up comedy routine—without the laughs. Thanks to Oligo Security for the heads-up, and remember, folks, update to version 4.1.1 to stay safe!

A new macOS malware chain uses staged scripts and a Go-based backdoor to bypass safeguards and harvest credentials. The malware cleverly disguises itself, tricks users with Chrome decoys, and routes stolen passwords to Dropbox. Be wary of unsolicited “interview” assessments and Terminal-based “fix” instructions, warns Jamf Threat Labs.

Dartmouth College is the latest to fall victim to Clop’s Oracle E-Business Suite smash-and-grab. The cyber miscreants used a now-patched zero-day to swipe data, affecting at least 1,494 Maine residents. With the Oracle EBS victim count growing, Dartmouth’s disclosure joins a long list of breaches, proving Clop’s raid is no laughing matter.

JackFix is the latest evolution of the notorious ClickFix attack, adding a heart-pounding twist with fake blue screens and clever phishing lures. These cyber tricksters are using psychological tactics to make victims run commands they’d normally avoid. Reports are pouring in, especially from the US, as security systems struggle to keep up.

Choosing cheap hosting is like buying a discount parachute—sure, you save a buck, but when it fails, you might wish you’d spent a little more. Remember, uptime is invaluable, and Australian web hosting offers not just speed, but peace of mind with local support and compliance. Invest wisely!

ToddyCat, the cyber-sneaker extraordinaire, is back with new tricks! Using TCSectorCopy, they’re bypassing security faster than a cat on a hot tin roof. Who knew a hacking group could be as agile as their feline namesake? Kaspersky warns: if your emails start hissing, it might be ToddyCat at play!

AISLE uncovered a Firefox flaw that could have let hackers run their own instructions on your computer, all thanks to a tiny coding error. Think of it as a digital slip on a banana peel. This bug had 180 million users at risk until Mozilla’s team swooped in to save the day.

SitusAMC suffered a data breach, impacting major US banks like JPMorgan Chase and Morgan Stanley. While the breach didn’t involve encrypting malware, it has sparked a call for improved vendor risk management. Remember, when hackers knock, it’s best to ensure your firewall isn’t just a polite doorman.

JSONFormatter and CodeBeautify’s Recent Links feature exposed over 80,000 user pastes, revealing sensitive data from top sectors. No password needed—just a simple web crawler. WatchTowr researchers found credentials, API tokens, and more, all ripe for the picking. Who knew saving your secrets online could be so public?

AI is reshaping the identity fraud landscape, turning cybercriminals into digital masterminds. While overall fraud attempts have slightly decreased, the sophistication of these attacks has jumped 180%. This “sophistication shift” means fewer incidents, but each is a blockbuster hit in the cybercrime world, making prevention more complex than ever.

Cybersecurity researchers have uncovered a campaign using Blender Foundation files to deliver the StealC V2 information stealer. Malicious .blend files on platforms like CGTrader auto-execute Python scripts when opened. It’s like downloading a free 3D model and getting a surprise malware bonus. Remember, trust no .blend file unless you want a side of cyber chaos!

CISA warns that cyber villains are using commercial spyware and RATs to target WhatsApp and Signal users. These digital scoundrels are phishing, impersonating apps, and even exploiting bugs to infiltrate your messaging apps. Stay vigilant, because these threat actors have more tricks up their sleeves than a magician at a kids’ party!

CISA alerts us to cyber-mercenaries sneaking into Signal and WhatsApp accounts using commercial spyware. These digital intruders bypass encryption with phishing, fake apps, and zero-click exploits, targeting “high-value” users globally. So, while you think you’re texting, someone might be eavesdropping. Stay vigilant, and remember, not all QR codes are your friends.