Mazda confirms being targeted in the Oracle E-Business Suite hacking campaign. Despite Cl0p ransomware’s claims, Mazda reports no data leakage or operational impact, thanks to swift defensive measures. The carmaker remains vigilant, monitoring systems and applying patches. Meanwhile, Cl0p awaits a response, but Mazda’s confidence suggests they won’t be paying a ransom.

A malicious extension on the Visual Studio Code Marketplace tried a sneaky brandjacking attack by mimicking Prettier. Checkmarx Zero spotted the imposter, prettier-vscode-plus, and teamed up with Microsoft to remove it swiftly. This quick action thwarted a potential security threat before it could cause significant damage.

CISA has ordered US federal agencies to patch the Oracle Identity Manager flaw CVE-2025-61757 in three weeks. This easily exploitable bug allows attackers to commandeer systems, and evidence suggests it’s been abused before a fix was out. Looks like security teams are in for a December surprise!

Microsoft sounds the alarm: WINS is on its way out! IT admins, brace yourselves for the Windows Server 2025 farewell tour, as WINS bids adieu by 2034. Time to switch to DNS, the cooler, more secure cousin. Don’t wait till the last minute; start your DNS migration now and avoid a tech meltdown!

RadzaRat, the sneaky Android spyware, masquerades as a file manager, giving criminals remote access to your device. Shockingly, it evades all major antivirus programs. With a zero-detection rate on VirusTotal and a budget-friendly setup, it’s a hacker’s dream. Certo Software warns users: think twice before downloading apps!

DeepSeek’s AI model, DeepSeek-R1, is more vulnerable when handling politically sensitive topics in China. With a 50% increase in security vulnerabilities, the model seems to prefer coding like it’s walking on eggshells, especially when faced with words like “Tibet” or “Uyghurs.” Who knew politics could bug a computer?

Cox Enterprises has confirmed its Oracle E-Business Suite was hit in a cybercrime spree, with personal info from nearly 9,500 people stolen. While Cox provided this info to the Maine Attorney General, it didn’t comment to SecurityWeek. The Cl0p ransomware group has claimed responsibility for the Oracle EBS campaign.

A critical security vulnerability in Oracle Identity Manager, CVE-2025-61757, is being exploited in the wild. Remote attackers can execute arbitrary code without credentials. With a severity score of 9.8, it’s a prime target for cyber threats. CISA urges immediate patching or isolation of affected services.

Microsoft has confirmed a critical Windows 11 24H2 bug causing File Explorer and the Start Menu to crash after updates. The bug affects users with non-persistent systems, thanks to unregistered XAML packages. Microsoft’s working on a fix, but for now, affected users can enjoy a PowerShell workout to restore functionality.

Iberia Airlines customers, watch out for phishing! A supplier breach exposed personal data, but don’t worry, your financial info is safe. Keep an eye out for suspicious emails. With a 77GB data trove up for grabs, even your loyalty card number might become the star of its own phishing scam! Stay vigilant!

AI attack agents are more like caffeinated interns than rogue robots. They’re fast and efficient, handling the grunt work but leaving humans in charge of strategy. Anthropic’s latest report reveals these agents as accelerators, not autonomous weapons, boosting human attackers without replacing them. AI is the sidekick, not the superhero.

The UK government gears up for the International Defence Esports Games, the world’s first military esports tournament. With 40 nations, this event aims to boost cyber skills for modern warfare. Expect virtual skirmishes, cybersecurity summits, and a chance for soldiers to level up their battlefield prowess—joysticks ready, soldiers!

Two UK teens linked to the Scattered Spider hacking group have pleaded not guilty to charges related to a cyberattack on Transport for London. They appeared at Southwark Crown Court, denying conspiring to commit unauthorized acts against TfL. The case continues to unfold with potential life imprisonment at stake.

The UK team showcased remarkable resilience and ingenuity at the 2025 European Cyber Security Challenge in Poland. Competing against Europe’s elite, they secured 22nd place, proving that British cyber security talent is on the rise. With teamwork, empowerment, and a touch of humor, the team is set to conquer future cyber battles and win it…

Attackers are exploiting a patched Windows Server flaw, CVE-2025-59287, to distribute ShadowPad malware. This vulnerability, a critical deserialization flaw in WSUS, enables remote code execution. It’s like leaving your front door unlocked, only to find malware has made itself at home, snuggled on your server, munching on your data cookies!

The International Association for Cryptologic Research is holding a second election after a trustee lost their private encryption key. Helios, the voting system, needs all trustees’ keys to count votes. Now, the IACR will adopt better key management and try again. Apparently, encryption isn’t foolproof when someone forgets where they put their key.

Researchers have discovered a remote code execution flaw in the glob file pattern matching library’s CLI tool. This vulnerability, which affects versions v10.2.0 through v11.0.3, could allow attackers to execute code by exploiting the tool’s -c flag. Users meeting the vulnerability criteria should update their installations immediately.

Iberia has issued a warning to customers after a third-party supplier experienced a data breach, with a hacker claiming to have snagged 77GB of airline data. Iberia assures that financial data remains safe, but urges vigilance. Remember, if you get an email offering free flights, it’s likely a scam—unless it’s from your mother-in-law.

Google’s Quick Share now plays nice with Apple’s AirDrop, allowing file sharing between Pixel and iPhones. Only Pixel 10-series devices can join the fun for now, but more models will follow. So, Android and iOS users can finally live in harmony—or at least share cat memes more easily.

Iberia’s recent data breach was traced back to a compromised supplier, exposing customer details like names, emails, and loyalty card numbers. Fortunately, passwords and payment info are safe. As hackers claim to have 77 GB of airline data, Iberia swiftly implemented measures to protect customers. Stay alert for suspicious communications!