Non-human identities are multiplying faster than rabbits on a honeymoon. But unlike rabbits, they don’t have owners, often have too many privileges, and are security risks. They’re the digital equivalent of leaving your front door wide open. To tackle this, an identity security fabric can turn chaotic sprawl into organized control.

ENISA confirmed ransomware caused airport chaos, leaving passengers stuck in lines longer than a Monday morning after a holiday weekend. Collins Aerospace’s Muse software was hit, grounding flights and vacation plans. But fear not—manual check-in came to the rescue, proving once again that sometimes old-school beats the cyber age.

Europol’s task force has cracked down on online child sexual exploitation, identifying 51 children and charging 60 suspects. With officers from 18 countries, they used AI-driven forensic tools to speed up offender detection. Europol’s model aims to make it tougher for offenders to hide behind encryption.

Threat actors are impersonating known brands to infect macOS users with information stealer malware, warns LastPass. They’re using fake GitHub repositories and SEO trickery to lure victims. So, unless you fancy opening a malware zoo on your MacBook, maybe double-check that “LastPass Premium” download link before clicking!

The FBI warns cybercrime victims about spoofed IC3 websites. These look-alikes aim to steal personal data or scam money. To stay safe, type www.ic3.gov directly, avoid sponsored search results, and never trust FBI impostors asking for money. Remember, the real IC3 has zero social media presence. Stay vigilant, folks!

SentinelOne has uncovered MalTerminal, the earliest known LLM-enabled malware, which dynamically generates malicious code, complicating detection. Presented at LABScon 2025, this pioneering threat showcases how attackers exploit AI technology, using fake tools, phishing, and LLM-assisted vulnerabilities. Researchers leverage API key patterns and prompt structures to hunt down these elusive threats.

Researchers at Radware have uncovered a flaw in OpenAI’s ChatGPT Deep Research tool that allows hackers to swipe data like a sneaky ninja in a zero-click attack. Dubbed ShadowLeak, this service-side exfiltration operates right under users’ noses, making it a perfect candidate for the “Most Inconvenient Data Breach” award.

Beware of cyber tricksters spoofing the FBI’s IC3 website! These savvy scammers use clever domain tweaks to swipe your personal data. Remember, the real IC3 site ends with .gov and never charges a dime to recover lost funds. Stay sharp, don’t let these digital pranksters catch you off guard!

A cyber-attack on RTX’s Muse software led to chaos at European airports, forcing staff to resort to pen and paper for check-ins. With airlines scrambling and passengers in limbo, it’s clear that aviation has entered the age of cyber turbulence. Let’s hope the next flight isn’t delayed by a rogue Wi-Fi signal!

A gamer lost $32,000 to a cryptodrainer hidden in Block Blasters, a verified Steam game. This retro 2D platformer turned wallet thief during a live fundraising event. If you downloaded Block Blasters, change your passwords and secure your wallets now. Steam’s been a hotbed for malware lately, so play safe and stay vigilant!

Lloyds Banking Group is diving into AI, but they’re not letting their 28 million customers’ data run wild on untested AI playgrounds. Michelle Conway assures that Lloyds’ security is tighter than grandpa’s belt after Thanksgiving dinner. Hugging Face is blocked for now, as Lloyds cautiously keeps AI antics at bay.

Fortra patches a critical GoAnywhere MFT vulnerability that could lead to command injection and remote code execution. No wild exploits yet, but it’s a ten on the CVSS scale, so patch it like your data depends on it—because it does!

MI6 has rolled out Silent Courier, a dark web platform for aspiring spies to connect with the UK securely. It’s a modern twist on recruitment, swapping trench coats for VPNs and face-to-face encounters for encrypted messages. Sir Richard Moore assured, “Our virtual door is open,” proving that even spies are going digital.

Mac users beware: fake GitHub repos are spreading Atomic infostealer malware, masquerading as legitimate tools. LastPass warns that these crafty cyber tricksters are targeting tech firms and password managers with Terminal commands that install the malware. Remember, not everything that glitters on GitHub is gold—or safe for your Mac!

Michael Dell is reportedly in the mix to acquire TikTok’s US operations, alongside Oracle’s Larry Ellison. With TikTok potentially hosted on Oracle’s cloud and running on Dell’s infrastructure, it seems TikTok’s American dream involves a lot more than just dance challenges—it’s a tech takeover tango!

Jaguar Land Rover’s car production has hit a standstill, thanks to a cyberattack that’s turned their assembly lines into ghost towns. This digital debacle, causing losses of up to £50 million a week, has suppliers sweating and Jaguar Land Rover’s cyberattack crisis threatening to become a full-blown automotive apocalypse.

A critical token validation flaw in Microsoft Entra ID (formerly Azure Active Directory) could have let attackers impersonate any user, including Global Administrators. With a CVSS score of 10.0, this vulnerability was no laughing matter, but thankfully it was patched before any nefarious actors could create chaos.

Collins Aerospace’s ARINC cMUSE system experienced a cyberattack, leading to flight chaos across Europe. Meanwhile, in the US, cut cables at Dallas Fort Worth Airport grounded flights faster than a toddler’s tantrum. The FAA blamed outdated infrastructure, proving once again that even in the sky, technology can crash-land.

In a twist fit for a heist film, thieves made off with $705,000 in gold from a French museum after a ransomware attack disabled security systems. The Natural History Museum’s alarms were down, making it a golden opportunity for the criminals to use an angle grinder and blowtorch for the blingy burglary.

ESET uncovers a rare collaboration between Russia-linked groups Gamaredon and Turla. These groups teamed up in cyberattacks on Ukraine, combining tools to increase impact on critical systems during a tense geopolitical climate. The first technical link marks a new level of coordination between these two cyberespionage actors.