During Intellectual Property Crime Cyber-Patrol Week, Europol and partners flagged 69 suspect sites for intellectual property violations in Europe. With 25 illicit IPTV services referred to crypto service providers for disruption, $55 million in cryptocurrency flows were traced. The operation highlights Europe’s commitment to tackling online piracy and the growing reliance on cryptocurrency among offenders.

Beware of zipping into trouble! The 7-Zip vulnerability CVE-2025-11001 is being exploited in the wild. Update to version 25.00 to avoid uninvited visitors in your directories.

Cloudflare outage highlights cloud computing ecosystem vulnerabilities. The major disruption, initially suspected as a DDoS attack, was traced to an internal configuration error. Websites like Uber and Canva were impacted, showcasing the fragility of internet dependence. Cloudflare has since resolved the issue and is working to prevent future failures.

Brace yourself for a Brazilian cyber-samba as Eternidade Stealer struts its stuff! This Delphi-based banking trojan uses WhatsApp hijacking and social engineering to tango its way into unsuspecting users’ devices. With a penchant for Portuguese, Eternidade is as persistent as a carnival conga line, targeting Brazilians with a hyper-localized flair.

Eternidade Stealer is shaking up Brazil’s cybercrime scene, using WhatsApp as a digital Trojan horse. This malware blends a WhatsApp-propagating worm, Delphi stealer and MSI dropper to target financial data. Its Brazilian Portuguese focus and Python-powered WhatsApp hijacking make it a uniquely local threat with global ambitions.

U.S. CISA has added a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. This FortiWeb vulnerability, tracked as CVE-2025-58034, could let an attacker execute unauthorized code. CISA wants federal agencies to act fast—before hackers RSVP to this new cyber shindig.

Fortinet FortiWeb users, brace yourselves! Emergency patches are out for two serious flaws, including CVE-2025-64446, now being exploited worldwide. Hackers could practically waltz in, create admin accounts, and take over. Update your software pronto, or your firewall might just become a “fire-what?”

Operation WrtHug hijacks thousands of outdated ASUS WRT routers globally, exploiting six vulnerabilities, with no infections in China. Attackers use command injection flaws and leave devices vulnerable to others. Security updates are available, but if your router’s older than your favorite mixtape, it might be time for an upgrade!

In the wild world of SaaS, blind spots are abundant, but our team took security observability into our own hands. Meet DiSCO, our in-house platform powered by time-series telemetry. It exposes those elusive audit logs, making sure we see who’s using what, when, and from where. Who knew logs could be so groovy?

Mate, a Tel Aviv-based AI-powered Security Operations Center startup, just emerged from stealth mode with $15.5 million in seed funding. Founded by alumni from Wiz and Microsoft, Mate uses AI agents and reasoning models to transform SOCs into continuously learning defense systems, cutting down mean time to respond and reducing false positives.

Researchers have figured out how to spoof train braking signals, exposing outdated systems like Spain’s ASFA to potential hacker hijinks. Apparently, these systems are so old, they predate the era when “hacking” involved more than just a bad cough. Time for railways to upgrade before hackers take a first-class ride.

A sneak peek at the ShinySp1d3r ransomware-as-a-service platform reveals that threat actors are spinning their own web of chaos. Forget borrowing from other ransomware gangs; ShinySp1d3r is all about DIY mayhem. But don’t worry, healthcare is off the menu—unless they change their mind, of course!

CISA has given U.S. government agencies a one-week deadline to patch another Fortinet FortiWeb vulnerability. This flaw, CVE-2025-58034, lets authenticated attackers execute code with minimal effort. Fortinet vulnerabilities are a hacker’s favorite, making them as popular as pumpkin spice lattes in fall.

SquareX’s critical research on Comet’s hidden API reveals a security nightmare lurking in the AI Browser. This secret API lets extensions execute local commands, giving them full control over users’ devices—without consent! It’s a breach of trust that reverses decades of browser security principles. The race for AI browser dominance just got riskier.

Threat actors are exploiting a vulnerability in the Ray AI framework, known as CVE-2023-48022, in a campaign called ShadowRay 2.0. By hijacking Python-based AI clusters, they’ve turned them into crypto-mining machines. Using AI-generated payloads, they’re essentially running the DevOps of cybercrime, proving that even AI can have a rebellious streak!

Operation WrtHug has turned outdated ASUS routers into unwitting participants of a massive botnet, mostly affecting Taiwan, the U.S., and Russia. By exploiting multiple vulnerabilities, the attackers have effectively created a router zombie apocalypse. It’s a grim reminder that even our routers aren’t safe from becoming unwitting accomplices in digital mischief.

Researchers in Austria exploited a WhatsApp flaw, collecting personal data from over 3.5 billion users in what they claim is the largest data leak in history. With the right tools, they extracted user info at lightning speed, while WhatsApp seemingly napped on security. Who knew your phone number could throw such a wild party?

Phishing continues to be a major threat in the cyber landscape, with AI making attacks faster and more convincing. Cybercriminals now use AI for personalized and scalable campaigns, posing new challenges for organizations. To combat phishing, businesses must adopt modern defense strategies focusing on identity protection and advanced threat detection.

Kunal Mehta, also known as “Papa,” “The Accountant,” and “Shrek,” pleaded guilty to laundering at least $25 million in a $230 million cryptocurrency heist. In a plot that sounds like Ocean’s Eleven met The Sims, the gang’s lavish spending spree included private jets, luxury cars, and more.

Ringfencing redefines security beyond allowlisting, ensuring applications stick to their job description. By applying granular containment, it keeps even trusted apps from turning rogue. Imagine Word trying to moonlight as a hacker—denied! This proactive strategy boosts security, reduces alert frenzy, and makes hackers’ lives utterly miserable. Welcome to a Zero Trust revolution!