Cybersecurity researchers are raising alarms over a campaign targeting WordPress sites with malicious JavaScript injections. This operation redirects users to suspicious sites, making you feel like your browser is running an underground marathon without your consent. Time to update your passwords and maybe your luck!

Salesforce won’t budge against cybercriminals demanding ransom for nearly 1 billion customer records. With a firm “no” to paying, the CRM giant claims no platform compromise and continues working with affected customers. Meanwhile, the hackers are offering $10 in Bitcoin for anyone willing to “endlessly harass” execs.

The DataTribe Challenge is the ultimate cybersecurity startup showdown, where the most promising firms battle for glory and a chance to pitch to top investors. This year’s finalists, including AI-centric companies and the hardware-focused Tensor Machines, are the ones to watch. Get ready for a cybersecurity innovation extravaganza!

The UK Metropolitan Police arrested two 17-year-olds suspected of launching a ransomware attack on Kido nurseries. The cybercriminals demanded £600,000 in Bitcoin, pressured parents, and posted photos on the dark web. Despite a retreat and claims of deleting the files, the incident underscores the education sector’s growing vulnerability to cyber attacks.

Service Finder WordPress theme users, meet CVE-2025-5947—a vulnerability so popular even cybercriminals couldn’t resist. With more than 13,800 attempts since August, attackers are logging in as administrators without a password. If you haven’t updated to version 6.1, it’s like leaving your front door wide open with a “Welcome Hackers” sign.

Threat actors with suspected ties to China have turned Nezha into a cyber weapon, launching Gh0st RAT malware through log poisoning. This creative hacking approach has affected over 100 machines, primarily in Asia, proving that even benign tools can become villainous if you have a knack for mischief and malware.

The UK Metropolitan Police arrested two 17-year-olds for the doxing of children after a ransomware attack on a nursery chain. The cybercrime gang behind the attack tried to extort the nurseries. This incident adds to the growing trend of teenagers involved in high-profile cyberattacks in the UK.

DraftKings recently blocked a credential stuffing attack using stolen logins but advises users to reset passwords and enable MFA. No evidence of a data breach was found, but some user data was accessed. DraftKings is enhancing security measures to protect against future credential stuffing attempts.

DeepMind’s latest AI creation, CodeMender, is like a superhero for software, finding and patching security holes faster than a speeding bug. With its Gemini DeepThink models, it promises to save developers from the villainous exploits lurking in millions of lines of code. Watch out, vulnerabilities, CodeMender is on the case!

In the latest cybersecurity comedy of errors, a third of European IT pros report more cyberattacks than last year. Confidence in readiness lags behind, with budget and staffing issues adding to the stress. Despite this, organizations are still struggling to retain cybersecurity professionals and hiring entry-level roles remains a slow process.

API security is like a seatbelt for your AI-powered car – without it, you’re just hoping for the best while barreling down the digital highway. New research by Salt Security highlights that while enterprises eagerly embrace AI, they’re leaving the API security backdoor wide open, risking not just innovation but also their sanity.

Nezha’s gone rogue! The open-source tool is now starring in a cyber campaign targeting vulnerable web apps. With log poisoning and a PHP web shell, it’s like a hacker’s variety show. The twist? Nezha’s first public appearance in web server mischief! Remember, folks, patch those apps and watch for sneaky intrusions.

DragonForce, LockBit, and Qilin have teamed up for a strategic ransomware alliance, because why not combine forces like a cybercrime boy band? This coalition aims to boost their ransomware attacks, proving once again that crime pays, especially when you split the bill with your fellow cyber crooks.

Germany opposes the EU’s “Chat Control” regulations, a move that has privacy advocates cheering louder than a neighbor winning the lottery. With Germany’s support, the chance of these regulations passing is now about as likely as finding a unicorn in your backyard.

Google’s new AI Vulnerability Reward Program is offering big bucks for bug hunters. But don’t go thinking you’ll get rich reporting chatty chatbots, because prompt injections and jailbreaks are out of scope. Focus instead on account hijinks and data leaks, with rewards reaching $20,000 for top-notch sleuthing.

Account takeover fraud is surging in the US, making it the most damaging form of digital fraud, accounting for 31% of losses. Globally, it’s skyrocketed by 141% since 2021, proving that fraudsters are working harder than your average gym-goer. Time to pump up those security measures, folks!

The figma-developer-mcp server vulnerability, CVE-2025-53967, is like giving hackers a backstage pass to your system. This command injection bug lets attackers execute arbitrary commands by exploiting unvalidated user inputs. While it’s patched now, it’s a stark reminder that even AI tools can inadvertently play the role of an unwanted accomplice.

Hackers are embracing AI like a kid with a new toy, using ChatGPT for reconnaissance while other AI models handle the dirty work. OpenAI’s report highlights cybercriminals exploiting AI to turbocharge their existing scams and strategies, proving once again that even in the world of crime, efficiency is key.

North Korean hackers have turned crypto theft into a blockbuster hit, swiping over $2 billion in 2025 alone. This staggering haul highlights their growing reliance on cyber heists to fund their regime. With advanced laundering tricks, they’re outpacing James Bond villains, but blockchain sleuths are hot on their trail!

Jaguar Land Rover’s sales hit a speed bump with a 25% drop due to a cyber incident. The company is now shifting gears, beginning a phased restart of operations. JLR’s plan includes revving up engine production and assembling the team to boost their manufacturing comeback.