SitusAMC suffered a data breach, impacting major US banks like JPMorgan Chase and Morgan Stanley. While the breach didn’t involve encrypting malware, it has sparked a call for improved vendor risk management. Remember, when hackers knock, it’s best to ensure your firewall isn’t just a polite doorman.

JSONFormatter and CodeBeautify’s Recent Links feature exposed over 80,000 user pastes, revealing sensitive data from top sectors. No password needed—just a simple web crawler. WatchTowr researchers found credentials, API tokens, and more, all ripe for the picking. Who knew saving your secrets online could be so public?

AI is reshaping the identity fraud landscape, turning cybercriminals into digital masterminds. While overall fraud attempts have slightly decreased, the sophistication of these attacks has jumped 180%. This “sophistication shift” means fewer incidents, but each is a blockbuster hit in the cybercrime world, making prevention more complex than ever.

Cybersecurity researchers have uncovered a campaign using Blender Foundation files to deliver the StealC V2 information stealer. Malicious .blend files on platforms like CGTrader auto-execute Python scripts when opened. It’s like downloading a free 3D model and getting a surprise malware bonus. Remember, trust no .blend file unless you want a side of cyber chaos!

CISA warns that cyber villains are using commercial spyware and RATs to target WhatsApp and Signal users. These digital scoundrels are phishing, impersonating apps, and even exploiting bugs to infiltrate your messaging apps. Stay vigilant, because these threat actors have more tricks up their sleeves than a magician at a kids’ party!

CISA alerts us to cyber-mercenaries sneaking into Signal and WhatsApp accounts using commercial spyware. These digital intruders bypass encryption with phishing, fake apps, and zero-click exploits, targeting “high-value” users globally. So, while you think you’re texting, someone might be eavesdropping. Stay vigilant, and remember, not all QR codes are your friends.

UK lawmakers urge the government to fortify economic security against cyber threats, warning that Britain’s defenses are as sturdy as a wet biscuit. With AI lowering the cost of cyber-aggression, the call is for a new doctrine to guard against attacks, as foreign investments grow and hostile actors become more audacious.

Dartmouth College fell victim to the Clop extortion gang, who exploited an Oracle E-Business Suite vulnerability. The data breach affected at least 1,494 individuals, but the true impact could be far greater. Dartmouth’s spokesperson was unavailable for comment, likely busy pondering if a 7:1 student-to-faculty ratio could help solve cybersecurity issues.

Orkney’s lights went out, and conspiracy theories lit up. While locals linked the power cut to Russian spy ships, it turns out the real culprit was a glitchy wind farm, not Putin’s plot. So, no spies, just some electrical hiccups. Or maybe SSEN’s been infiltrated? The truth is often as thrilling as watching paint dry.

The Shai-Hulud worm is back, and it’s not just stealing secrets—it’s making a grand entrance in the npm ecosystem. With more packages under its belt than a shopaholic at a sale, this malware is targeting popular projects like Zapier and PostHog, putting millions of users at risk.

SitusAMC confirms a data breach exposed customer information, but no ransom demands were made. Their services remain operational, and they’re working with experts to investigate. The real estate financing firm assures clients that they are directly informed about the breach’s impact. It’s like finding out your house is haunted but the ghost pays rent.

Canon confirms its involvement in the recent Oracle EBS hacking campaign, but rest assured, only a subsidiary web server was affected. Canon “optically” dodged a data leak this time around, unlike their 2020 ransomware attack. The cybercriminals have yet to spill the beans, or in this case, the terabytes.

Bad actors are using commercial spyware and remote access trojans to target mobile messaging apps, warns CISA. These cyber sleuths are like digital magicians, making your secrets vanish before your eyes. So, unless you want your private chats to become public stand-up material, follow CISA’s tips to keep your messaging app as secure as Fort…

ClickFix attacks are back, tricking users with fake Windows update screens. This sneaky social engineering tactic now leads victims to download infostealer malware like Rhadamanthys. Remember, a real Windows update won’t ask you to open the Run prompt! Stay alert and avoid running suspicious commands.

Threat actors are exploiting the ShadowRay vulnerability in the Ray framework, turning AI infrastructure into cryptomining and botnet launchpads. This campaign highlights how attackers hijack misconfigured AI environments to run unauthorized workloads. With over 230,000 exposed Ray environments, ShadowRay 2.0 shows the risk of ignoring configuration best practices.

A semicolon in Oracle’s Identity Manager code lets hackers waltz past security like it’s a VIP pass. This Java vulnerability, CVE-2025-61757, scores a whopping 9.8 on the CVSS scale. Oracle customers, patch now—or risk joining a not-so-exclusive breach club!

Beware of Blender files from 3D model marketplaces—they might come with a side of StealC V2 malware! This Russian-linked campaign uses malicious Blender files to sneakily deliver malware. Remember, if it looks too good to be true, it probably needs a sandbox! Stay safe, and check your Auto Run settings.

AWS has stunned the tech world by reviving Amazon CodeCommit, a service once deemed obsolete, proving that even giants can admit when they’re wrong. With apologies to customers and fresh investments in place, it’s like watching a corporate zombie flick—except this time, the undead product is actually useful.

The cybersecurity job market is being disrupted as automation and AI start taking over traditional entry-level roles. Experts discuss the challenges of finding top talent and the need for human networks, practical experience, and creative thinking to nurture future cybersecurity professionals. Stay ahead by embracing AI and building a robust network.

Vision language models are like toddlers with a PhD—they’re smart but still need some hand-holding. These models combine computer vision and natural language processing to tackle real-world enterprise challenges. From deciphering x-rays to enhancing security, the potential is vast, but they could use a bit more maturity and supervision.