Microsoft is finally saying goodbye to the outdated RC4 encryption cipher after 26 years. Despite its vulnerabilities and a senator’s critique, RC4 lingered like a bad habit. By 2026, Microsoft promises to upgrade to the more secure AES standard. So long, RC4—don’t let the digital door hit you on the way out!

Eurojust and European authorities have busted a Ukraine-based fraud operation that swiped over €10m from consumers. With 72 searches and 12 arrests, the fraudsters’ call center antics involved fake IDs, trickery, and polygraph machines! The scammers even had a bonus scheme—work hard, scam harder, and win a new Kyiv apartment!

Ofqual says most students in England will stick to paper-based exams for now, as screen-based assessments could bring more tech trouble than it’s worth. While digital assessments are allowed for certain subjects, students won’t be typing their way through GCSEs anytime soon. It’s a cautious blend of tradition and technology—cheers to pen pals!

GhostPoster has been hijacking Mozilla Firefox add-ons with malicious JavaScript. Advertised as VPNs and other utilities, these add-ons were actually plotting a sinister click and ad fraud scheme. Remember, folks, when it comes to free VPNs, the only thing you might be blocking is your own privacy.

U.S. CISA has added a Fortinet vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. This flaw, tracked as CVE-2025-59718, lets attackers bypass authentication like a sneaky ninja, if FortiCloud SSO is enabled. Fortinet advises disabling this feature until you upgrade to a safer version.

LKQ Corporation fell victim to the Oracle EBS hack, joining a growing list of over 100 targeted organizations. The automotive parts giant confirmed personal data for more than 9,000 individuals was compromised. While LKQ dodged a systems-wide breach, cybercriminals allegedly made terabytes of stolen data available for download. Talk about a turbocharged headache!

Agentic exposure management startup Dux has emerged from stealth mode with $9 million in seed funding. Founded by Israel Defense Forces veterans, Dux uses AI to identify and mitigate vulnerabilities across enterprise environments. By focusing on exploitable threats, Dux reduces attack surfaces and accelerates safety at machine speed.

African nations are stepping up their game against cross-border cybercrime. With over 3,153 cyberattacks weekly, law enforcement agencies are now saying, “Let’s chat!” Cross-border cooperation is essential to tackle these digital threats, but varying laws and data sensitivity concerns still slow progress. So, if you’re a hacker, beware—African nations are starting to talk!

Venezuela’s state oil company PDVSA was hit by a cyber attack, causing temporary administrative chaos but no disruption to oil exports. The company framed the attack as an attempt to seize Venezuelan oil. Meanwhile, employees were told to unplug everything, even their microwaves, just in case they were next!

Ink Dragon, the Chinese espionage crew, has expanded its snooping spree into European government networks. By setting up sneaky relay nodes with compromised servers, they’re infiltrating without a hitch. With a knack for blending in like a chameleon, they scoop up credentials and infiltrate targets, making it look as easy as ordering takeout.

Beware of Cellik, the new Android malware-as-a-service making waves in cybercrime circles. For just $150 a month, cybercriminals can sneak it into Google Play Store apps, turning trusted apps rogue. With features like screen capture and hidden browsing, Cellik might just give Play Protect a run for its money—if Google doesn’t step in soon!

SoundCloud recently detected unauthorized activity in an internal dashboard, compromising user data, but not sensitive financial details. The breach, reportedly by ShinyHunters, affected about 28 million accounts. SoundCloud advises users to stay alert for phishing attempts and suggests changing passwords and enabling two-factor authentication for enhanced security.

California’s new laws focus on privacy, transparency, and accountability. From making consumer privacy laws more user-friendly to banning masked law enforcement officers, it’s a legal smorgasbord! On the flip side, plans to gut wiretapping laws were thwarted, but age verification proposals remain a head-scratcher. EFF continues to champion your rights in the Golden State.

GhostPoster campaign is spooking Firefox users with malicious extensions, hiding JavaScript in image logos to monitor activity and plant a backdoor. With over 50,000 downloads, these ghostly codes hijack links, inject tracking, and commit ad fraud. Users, beware—it’s time to ghost these spooky extensions and secure your cyber haunt.

Mixpanel insists it’s not the culprit in the Pornhub data breach, pointing fingers at an inside job. Meanwhile, ShinyHunters claims responsibility, leaving Mixpanel to say, “Not us!” while Pornhub’s message to its users is, “Blame Mixpanel!” It’s a digital whodunit with a twist of “he said, she said.”

Ad blockers and VPNs are supposed to protect your privacy, but, surprise! Four popular browser extensions are doing the opposite. These extensions are Urban VPN Proxy, 1ClickVPN Proxy, Urban Browser Guard, and Urban Ad Blocker, secretly scooping up your AI conversations and sharing them with developers. Protecting your privacy? More like partying with your data!

PDVSA claims the US is trying to “steal Christmas” after a cyberattack reportedly disrupted operations. While the Venezuelan oil giant insists on minimal impact, sources say the attack sent systems into chaos. If true, it appears the Grinch’s new disguise involves a keyboard and questionable geopolitical motives.

Lt. Gen. Joshua Rudd is set for promotion despite not having a military cybersecurity background. His nomination for NSA and Cyber Command director comes as the agency battles leadership gaps and low morale. Rudd’s Indo-Pacific experience aligns with U.S. goals countering Chinese cyber threats.

Russian threat actors are shifting gears, targeting misconfigured network edge devices instead of exploiting vulnerabilities. Amazon Threat Intelligence highlights how these cyber-sneakers are sneaking around, reducing their risk and resource use, but not their mischief. Organizations should focus on securing these devices to fend off this evolving Russian threat.

The Amazon Threat Intelligence team has thwarted Russian GRU hackers targeting customers’ cloud infrastructure. The hackers pivoted from exploiting vulnerabilities to targeting misconfigured edge devices. Their focus? Western critical infrastructure, particularly the energy sector. It’s like a cyber-spy thriller, but with fewer explosions and more misconfigured routers.