Unauthorized AI tools could cause chaos by 2030, affecting 40% of organizations, according to Gartner. While employees enjoy GenAI’s speed, it may come at a cost: lost IP, data exposure, and mounting technical debt. To avoid a tech apocalypse, CIOs should craft policies, conduct audits, and embrace open standards.

Sturnus, a new Android banking trojan, is here to ruin your day. This sneaky malware can capture messages from encrypted apps like Signal, WhatsApp, and Telegram, and it’s not even fully developed yet! With full Android device takeover capabilities, Sturnus is like the unwanted houseguest you just can’t get rid of.

OpenAI’s GPT 5.1-Codex-Max is here to rule the coding world, one line at a time! It’s faster, smarter, and even Windows-friendly, making it the ideal partner for your coding escapades. Forget coffee breaks—this Codex works tirelessly, outperforming its predecessors and leaving competitors like Claude Code sweating in the terminal.

Bulletproof hosters, the cybercriminals’ favorite “invisibility cloaks,” face sanctions from the UK, US, and Australia. With property seizures and banking restrictions, notorious hosters like Media Land and Aeza Group will find it harder to support their shady clientele. The aim? To take the “bulletproof” out of bulletproof hosting and curb cybercrime.

Iranian-linked threat actors are blurring the lines between cyber and kinetic warfare, says Amazon. By fusing digital reconnaissance with physical attacks, these cyber-enabled kinetic targeting operations are reshaping warfare. Recent cases show how digital intelligence aids precise physical assaults on maritime and urban targets, spotlighting the evolving nature of state-sponsored cyber warfare.

SolarWinds has released patches for three critical vulnerabilities in its Serv-U file transfer solution. These flaws, which can allow code execution, are a hacker’s equivalent of finding a free dessert buffet. Users should update to version 15.5.3 to keep cybercriminals from feasting on their data.

TamperedChef serves up a spicy malware dish, tricking users with bogus installers masquerading as popular software. This malvertising campaign aims to establish persistence and deliver JavaScript malware for remote access. With fake app names, SEO, and abused certificates, it’s a recipe for remote control chaos. Bon appétit, cybercriminals!

Palo Alto Networks CEO Nikesh Arora predicts hostile nations will have quantum computers by 2029, sparking a security overhaul. Shareholders are thrilled, envisioning a quantum-FUD frenzy. Palo Alto plans to cash in with quantum-safe products, rivaling the AI boom. Meanwhile, they’ve acquired Chronosphere for $3.5 billion to enhance AI-era observability.

In a $3.35 billion move, Palo Alto Networks is snapping up Chronosphere to enhance its AI-driven data monitoring. This acquisition aims to keep data centers running smoother than a ballroom dancer on roller skates, with real-time observability and agentic remediation. Nikesh Arora emphasizes the need for uninterrupted uptime in modern AI data centers.

The Scam Center Strike Force is on a mission to dismantle Southeast Asian cybercrime syndicates that have stolen billions from Americans. With the US government agencies combining forces, they’re tightening the net around scam centers, hoping to stop criminals from making “pig butchering” the next national pastime.

US, UK, and Australia have sanctioned Russia-linked entities like Media Land for aiding ransomware gangs like Lockbit. This action marks the third strike against “bulletproof” hosts this year. These nations hope their sanctions will stop Media Land from supporting cybercrime and put a dent in the bulletproof hosting business.

Fortinet’s FortiWeb firewall faced another zero-day flaw, CVE-2025-58034, allowing attackers to execute unauthorized code. A patch is out, but this flaw, combined with a previous vulnerability, might create an exploit chain for remote code execution. Fortinet, Trend Micro, and CISA are on high alert. Stay patched, folks!

Fortinet’s FortiWeb is in hot water again with another zero-day vulnerability, CVE-2025-58034, that lets savvy hackers run wild with OS command injections. What’s the latest advice? Update your FortiWeb versions, keep them off the internet, and watch out for suspicious user accounts. Who knew cybersecurity could be this thrilling?

AI affairs are now grounds for divorce, and Google is suing a staggering scam text operation. Meanwhile, the Department of Homeland Security has been caught illegally gathering data on Chicago residents. It’s a week of technological love triangles, courtroom dramas, and privacy breaches—all without needing a streaming subscription!

Data localization laws might promise cybersecurity, but they often deliver a comedy of errors. Ismail Ahmed, CEO of Yalla Hack, warns that navigating these laws is like juggling flaming swords—potentially opening cyber gaps. At Black Hat Middle East, Ahmed will reveal how these legal tightropes can trip companies into cybersecurity chaos.

Sneaky2FA has upped its game with browser-in-the-browser phishing, adding a touch of deception drama! By mimicking Microsoft login windows, attackers steal credentials and active sessions, even with two-factor authentication. BitB, the ultimate disguise technique, fools victims into thinking they’re safe, while Sneaky2FA swipes their info with the grace of a digital pickpocket.

Agentic AI tools can make LLM chatbots seem like choirboys. These autonomous wizards can leak data, compromise organizations, and even open the calculator app without permission. Join Rallapalli’s session to learn how to tame these digital Houdinis and protect against the latest agentic AI threats.

Google’s Gemini 3 is changing the game—literally! It nails 3D LEGO editors in one shot and recreates iOS classics like Ridiculous Fishing from a text prompt. While it boasts impressive reasoning and multimodal capabilities, it still lags in adherence compared to competitors like Claude Code. Nonetheless, Gemini 3 is a powerhouse for complex queries.

The 7-Zip RCE flaw, CVE-2025-11001, has made its grand entrance, wreaking havoc in the wild. Remote attackers can exploit it to execute arbitrary code by using malicious ZIP symlinks. NHS England warns users to update promptly before their files decide to take an unsanctioned field trip!

Google AI mode is getting a major upgrade with the integration of Gemini 3, now offering interactive UI experiences on the fly. Imagine learning complex topics like RNA transcription through dynamic simulations rather than just text and images. This feature could redefine the web and make staying on Google even more tempting!