The 7-Zip RCE flaw, CVE-2025-11001, has made its grand entrance, wreaking havoc in the wild. Remote attackers can exploit it to execute arbitrary code by using malicious ZIP symlinks. NHS England warns users to update promptly before their files decide to take an unsanctioned field trip!

Google AI mode is getting a major upgrade with the integration of Gemini 3, now offering interactive UI experiences on the fly. Imagine learning complex topics like RNA transcription through dynamic simulations rather than just text and images. This feature could redefine the web and make staying on Google even more tempting!

Tell USPTO: The public has a right to challenge bad patents! Proposed rules could let patent trolls thrive, leaving small companies defenseless. We need your voice to keep the inter partes review process open. Speak up before December 2 and help stop these potential changes from turning innovation into a patent troll paradise.

Operation WrtHug has hijacked over 50,000 outdated ASUS routers worldwide, creating a botnet. Mainly affecting Taiwan, the U.S., and Russia, these routers now form a network so large it could probably use its own postal code. Time for an upgrade, folks, or risk becoming part of the world’s laziest cyber espionage team!

Alexander Volosovik, aka Yalishanda, has been exposed by the UK’s National Crime Agency for running a bulletproof hosting operation aiding cybercrime groups like Evil Corp. While ransomware gets the headlines, Volosovik’s digital fortress was crucial in keeping these attacks running smoothly behind the scenes.

Secure.com just raised $4.5 million in pre-seed funding to unleash its Digital Security Teammates (DSTs) into the wild. These AI agents are like the security team’s new best friends—without the coffee breaks. They’re designed to handle the mundane, freeing up humans for high-impact tasks, all while insisting they did it faster and cheaper.

Secure.com just raised $4.5 million in pre-seed funding to unleash its Digital Security Teammates (DSTs) into the wild. These AI agents are like the security team’s new best friends—without the coffee breaks. They’re designed to handle the mundane, freeing up humans for high-impact tasks, all while insisting they did it faster and cheaper.

Amazon’s threat intelligence experts reveal Iran’s use of ‘cyber-enabled kinetic targeting’, combining hacking with physical strikes. From ships to security cameras, Amazon highlights how digital espionage preludes missile attacks. As cyber and kinetic operations blur, Amazon warns defenders to brace for this evolving warfare trend.

Powerful institutions are using automated decision-making against us in areas like housing, healthcare, and employment. Fortunately, the Colorado AI Act, a new law that regulates high-risk AI systems, aims to protect people. However, the Electronic Frontier Foundation (EFF) believes the Act needs to be strengthened to ensure robust enforcement and civil rights protection.

In today’s cyber-kinetic landscape, warfare involves more than just missiles. Nations like Iran use digital reconnaissance to scope out targets before launching attacks, Amazon warns. This new model intertwines cyber operations and physical strikes, leaving companies like shipping and electronics firms caught in the crossfire.

A critical flaw in the W3 Total Cache plugin lets sneaky hackers execute PHP commands by slipping a malicious payload into comments. Affecting over a million sites, this vulnerability is like an unwanted guest who doesn’t even need an invite. Update to version 2.8.13 before your site becomes the next victim!

The U.S., U.K., and Australia have teamed up to sanction Russian bulletproof hosting providers aiding cybercriminals. These BPH companies, known for ignoring law enforcement, are a major support for ransomware gangs. With sanctions in place, cybercriminals might finally learn their “bulletproof” plans have a few holes.

Samsung’s latest headache: hacker 888 claims they’ve snagged sensitive data from a third-party contractor, offering it on a cybercrime forum. In a plot twist worthy of a spy novel, the data for sale includes everything from source code to private keys. Samsung’s response remains to be seen, but the privacy stakes are high.

During Intellectual Property Crime Cyber-Patrol Week, Europol and partners flagged 69 suspect sites for intellectual property violations in Europe. With 25 illicit IPTV services referred to crypto service providers for disruption, $55 million in cryptocurrency flows were traced. The operation highlights Europe’s commitment to tackling online piracy and the growing reliance on cryptocurrency among offenders.

Beware of zipping into trouble! The 7-Zip vulnerability CVE-2025-11001 is being exploited in the wild. Update to version 25.00 to avoid uninvited visitors in your directories.

Cloudflare outage highlights cloud computing ecosystem vulnerabilities. The major disruption, initially suspected as a DDoS attack, was traced to an internal configuration error. Websites like Uber and Canva were impacted, showcasing the fragility of internet dependence. Cloudflare has since resolved the issue and is working to prevent future failures.

Brace yourself for a Brazilian cyber-samba as Eternidade Stealer struts its stuff! This Delphi-based banking trojan uses WhatsApp hijacking and social engineering to tango its way into unsuspecting users’ devices. With a penchant for Portuguese, Eternidade is as persistent as a carnival conga line, targeting Brazilians with a hyper-localized flair.

Eternidade Stealer is shaking up Brazil’s cybercrime scene, using WhatsApp as a digital Trojan horse. This malware blends a WhatsApp-propagating worm, Delphi stealer and MSI dropper to target financial data. Its Brazilian Portuguese focus and Python-powered WhatsApp hijacking make it a uniquely local threat with global ambitions.

U.S. CISA has added a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. This FortiWeb vulnerability, tracked as CVE-2025-58034, could let an attacker execute unauthorized code. CISA wants federal agencies to act fast—before hackers RSVP to this new cyber shindig.

Fortinet FortiWeb users, brace yourselves! Emergency patches are out for two serious flaws, including CVE-2025-64446, now being exploited worldwide. Hackers could practically waltz in, create admin accounts, and take over. Update your software pronto, or your firewall might just become a “fire-what?”