The US Cybersecurity and Infrastructure Security Agency released a guide on curbing cybercrime fueled by bulletproof hosting. These services act like the shady landlords of the internet, ignoring legal complaints and letting cybercriminals run amok. The guide offers steps to make life harder for these digital squatters and protect critical systems.

Canadian privacy watchdogs say school boards share blame with PowerSchool for a mega-breach affecting millions. The reports reveal widespread failings, with schools neglecting basic security measures, effectively outsourcing risk but not responsibility. It’s a wake-up call: if schools don’t learn their privacy ABCs, the next breach will be an inevitable pop quiz failure.

AI-native social engineering defense provider Doppel raised $70 million, boosting its valuation to over $600 million. With AI-powered protection against phishing and impersonation, Doppel’s platform tackles AI-boosted social engineering attacks. The company plans to expand its innovative offerings and team, serving Fortune 500 companies and more than 200 organizations globally.

In the latest BlueVoyant survey, 97% of organizations reported being hit by a supply chain breach, up from 81% in 2024. Despite this, there’s a push for maturity in third-party risk management programs, though challenges like internal support and compliance-driven approaches persist. Looks like TPRM is the new “adulting” in cybersecurity!

Asus routers have been hijacked in a global espionage campaign by a Chinese state-sponsored actor, SecurityScorecard reports. Dubbed Operation WrtHug, the hackers exploited vulnerabilities to compromise the AiCloud service. With over 50,000 compromised devices spanning multiple continents, it’s like a bad Wi-Fi signal you just can’t escape!

Eternidade Stealer, a banking trojan, is using WhatsApp to target Brazilian bank customers. With a cunning social engineering scheme, it tricks users into clicking malicious files, taking over their accounts, and spreading rapidly. Be wary of unexpected WhatsApp messages, especially those with files, to avoid falling victim to this financial heist.

Photocall, a TV piracy streaming platform with over 26 million users annually, has been forced to cease operations after a crackdown by the Alliance for Creativity and Entertainment and DAZN. The service illegally offered access to 1,127 channels, including sports like MotoGP and Formula 1, leaving fans wondering if it’s time to find a new…

In a plot twist worthy of a cybercrime sitcom, the US, UK, and Australia slapped sanctions on Russian bulletproof hosting service providers. Media Land and its partners allegedly helped ransomware groups wreak havoc, proving that crime doesn’t pay—unless you’re a sanctioned hosting provider.

Hackers are playing cat and mouse with governments, but the stakes are high. From fake job recruiters on LinkedIn spying on unsuspecting users to new malware targeting Apple’s Mac protections, cybersecurity is no longer just for the experts. Stay informed, update your apps, and watch out for new tricks to keep your digital life secure.

Comet AI Browser users, brace yourselves! A hidden feature in Perplexity’s Comet AI browser could give cybercriminals the keys to your digital kingdom. Researchers warn that the secret MCP API makes security vanish faster than your last bag of chips. Stay vigilant, or your browser might end up running the show—and not in a good…

A research team from the University of Vienna cracked a technique to enumerate 3.5 billion WhatsApp accounts, revealing a flaw in WhatsApp’s defenses. WhatsApp owner Meta quickly rolled out fixes, emphasizing that no private messages were leaked. The researchers have since securely deleted the data, proving they are better at breakups than most of us.

Sturnus, a new Android banking trojan, swoops in like a European starling, mimicking encrypted messages and stealing credentials. It’s a digital Houdini, staging fake login screens and masquerading as software updates. With its ability to capture keystrokes and monitor device activity, it’s a malware maestro orchestrating financial fraud across Europe.

HackOnChat, a WhatsApp account-hacking spree, uses deceptive portals and clever impersonation tactics to snatch user accounts. It’s like catfishing, but with less romance and more panic. CTM360 reports a surge in attacks, especially in the Middle East and Asia, highlighting how social engineering preys on trust.

Malicious traffic targeting Palo Alto Networks’ GlobalProtect portals surged dramatically, hitting a 90-day high. GreyNoise detected this wave, with scans targeting systems in the US, Mexico, and Pakistan. The spike mirrors patterns seen before past VPN-related incidents, making security teams twitchy and vigilant for any potential vulnerabilities.

NHS England warns of active exploitation of a patched 7-Zip vulnerability (CVE-2025-11001) that allows remote code execution. The flaw involves symbolic link handling in ZIP files, impacting Windows systems. So, if your 7-Zip is behind on updates, it’s time to zip up those security concerns before hackers unzip chaos!

Samourai Wallet founders Keonne Rodriguez and William Lonergan Hill were sentenced to prison for laundering over $237 million. Their cryptomixing app, downloaded over 100,000 times, helped conceal illicit cryptocurrency transactions. Despite their “Whirlpool” and “Ricochet” features, their legal defense was more like a leaky sieve than a bulletproof vest.

Iran-linked actors are utilizing cyber operations to support physical attacks, a tactic known as cyber-enabled kinetic targeting. By hacking ship Automatic Identification System data, they enhance missile strike precision, blurring the lines between cyber warfare and traditional military operations. This coordinated approach marks a significant evolution in how nation-states conduct warfare.

Aging digital infrastructure is like an old car—cheap to keep, but a breakdown waiting to happen. With generative AI making hacking easier, Cisco’s Resilient Infrastructure initiative is a wake-up call to update outdated tech. After all, you can’t drive to the future in a clunker from the past.

Unauthorized AI tools could cause chaos by 2030, affecting 40% of organizations, according to Gartner. While employees enjoy GenAI’s speed, it may come at a cost: lost IP, data exposure, and mounting technical debt. To avoid a tech apocalypse, CIOs should craft policies, conduct audits, and embrace open standards.

Sturnus, a new Android banking trojan, is here to ruin your day. This sneaky malware can capture messages from encrypted apps like Signal, WhatsApp, and Telegram, and it’s not even fully developed yet! With full Android device takeover capabilities, Sturnus is like the unwanted houseguest you just can’t get rid of.