During Cybersecurity Awareness Month 2025, experts discovered that password hygiene remains poor and phishing attacks continue to work, despite increased awareness efforts. While security pros advocate for longer passphrases like “my cat clarinet loves Sam,” nearly 30% of companies still cling to outdated 8-character passwords. It’s like trying to win a jousting match with a…

Salesforce has been hit by another third-party breach, potentially involving ShinyHunters. Gainsight apps connected to Salesforce were the culprit this time. The CRM giant has revoked access tokens and removed the apps from its AppExchange to prevent further unauthorized access to customer data. Salesforce assures the issue is external, not a platform vulnerability.

Trump’s executive order aims to punish states regulating AI. The draft labels laws like Colorado’s AI Act as “onerous” and seeks to challenge them legally. This misguided approach could stifle progress and innovation, leaving citizens vulnerable to AI-related harms. Instead of supporting advancement, it risks setting AI regulation back to the Stone Age.

Coordinated sanctions from the US, Australia, and the UK target Russian bulletproof hosting providers aiding ransomware groups like LockBit and BlackSuit. Media Land and its affiliates face repercussions for facilitating cybercrime, as authorities aim to disrupt these operations. The crackdown highlights global efforts to combat the misuse of bulletproof hosting services.

Despite their best efforts, researchers have found that LLMs are getting better at writing malware but still not ready for prime time. Even when they managed to coax GPT-4 into creating malicious code, the results were deemed too unreliable for real-world deployment. Looks like evil geniuses will have to wait a bit longer!

Data from Italy’s FS Italiane Group has been exposed after a hacker breached Almaviva, its IT services provider. The hacker claims to have swiped 2.3 terabytes of data, now leaked on a dark web forum. Almaviva confirmed the breach, ensuring its specialized team is on the case. The investigation is ongoing.

Matrix Push turns browser notifications into phishing tools, offering cybercriminals a command-and-control framework that’s as easy to use as a retro video game. With templates for brands like PayPal and Netflix, hackers can effortlessly lure victims into scams. The hardest part? Convincing users to click “allow” in the first place.

The FCC voted to reverse a security measure aimed at protecting telecom networks from Chinese hacks. The decision sparked concerns over cybersecurity, with critics arguing that handshake agreements won’t stop state-sponsored hackers. Senator Mark Warner emphasized that flexible solutions won’t prevent future breaches like the Salt Typhoon cyberespionage campaign.

The Tsundere botnet is targeting Windows users, executing arbitrary JavaScript from a command-and-control server. It cleverly uses gaming lures and employs Node.js to unleash its malicious payload. With a fondness for Ethereum and a secret identity, this botnet is like a masked bandit—only without the dramatic cape or catchy theme music.

Oligo Security warns of attacks exploiting an old Ray AI framework flaw, turning NVIDIA GPU clusters into cryptocurrency mining botnets. Dubbed ShadowRay 2.0, the campaign leverages GitLab and GitHub to spread malware, turning Ray’s orchestration features into a self-propagating cryptojacking operation that can even launch DDoS attacks.

Everest ransomware group hit a high note by targeting Petrobras, claiming to have pilfered 176 gigabytes of seismic data. That’s a lot of earth-shattering intel! Petrobras hasn’t commented yet, but if they’re looking for advice, maybe they should start dusting off their negotiation skills—or their dancing shoes!

Malicious scanning activity on Palo Alto Networks GlobalProtect VPN portals skyrocketed, increasing 40 times in just 24 hours. GreyNoise has linked this escalation to previously identified campaigns, with a 90-day high reached in November. Primarily targeting the US, Mexico, and Pakistan, these attacks highlight the need for vigilance and proactive security measures.

Salesforce revoked refresh tokens for Gainsight apps amid a data theft probe. Apparently, this isn’t a CRM hiccup but more of an “app connection gone rogue” situation. Salesforce assures affected users they’re on it, but if you’re missing data, check behind the virtual couch cushions—just in case!

An Ohio IT contractor really took the term “revenge is a dish best served cold” to heart, hacking into his former employer’s systems and causing nearly $1 million in damage. Maxwell Schultz’s unauthorized password reset party left thousands locked out and now he’s looking at a potential 10-year stay in a different kind of locked…

TP-Link is taking legal action against Netgear, accusing it of spreading false rumors about TP-Link’s alleged ties to the Chinese government. TP-Link, which is headquartered in California, seeks damages for defamation and breach of contract, claiming Netgear’s CEO fueled these claims during earnings calls, harming TP-Link’s reputation.

Meet Sturnus, the Android banking trojan that thinks it’s a secret agent. Not content with just stealing banking info, it crashes secure messaging apps like WhatsApp, Telegram, and Signal, reads your messages, and even logs your keystrokes. It’s like having a nosy neighbor living inside your phone!

The UNC2891 ATM fraud campaign has given “money laundering” a whole new twist. With Raspberry Pi infiltration and a touch of TeamViewer coordination, this group turned ATMs into their personal piggy banks. Their secret weapon? A CAKETAP rootkit, proving that even cybercriminals appreciate a good dessert metaphor while bypassing PINs.

SonicWall is urging customers to patch a high-severity SonicOS SSLVPN security flaw. This vulnerability, known as CVE-2025-40601, could crash firewalls faster than you can say “denial-of-service.” While no exploits are reported yet, staying ahead of hackers is like wearing sunscreen—better safe than scorched!

D-Link warns that the DIR-878 router is as secure as a screen door on a submarine. With three juicy command execution vulnerabilities, hackers might find it more irresistible than a catnip buffet. Despite reaching end-of-life, the router is still on sale, so consider upgrading before your network joins the botnet party!

Large language models could revolutionize malware by dynamically generating code, potentially bypassing hardcoded instructions. However, their current operational reliability leaves a lot to be desired. So, while future malware might be LLM-powered, right now it’s more like a digital deer trying to navigate a virtual highway—plenty of potential, but a little shaky.