Fortinet has released updates to fix a FortiWeb zero-day vulnerability, CVE-2025-58034, actively exploited by threat actors. This flaw allows authenticated hackers to execute code via crafted requests. Admins should upgrade their devices to block attacks. Remember, in the world of cybersecurity, it’s always patch o’clock somewhere!

Sneaky 2FA is living up to its name, now with Browser-in-the-Browser tricks that fool users into thinking they’re on legitimate Microsoft login pages. It’s like phishing with a fake mustache—harder to spot, but just as mischievous. As attackers get craftier, it’s crucial to stay alert and not fall for these cunning schemes.

Cloudflare service disruption on Tuesday caused chaos across the web, but it wasn’t a hacker attack. Instead, a sneaky bug crashed after a routine change, disrupting major services like ChatGPT, X, and League of Legends. While hacktivists might try to claim credit, Cloudflare’s CTO assures us it was just a tech hiccup.

San Jose police are under fire for turning the city into a real-life Truman Show, using nearly 500 automated license plate readers (ALPRs) to track drivers without a warrant. The EFF and ACLU-NC lawsuit aims to put the brakes on this privacy invasion. Remember, folks, Big Brother is watching… unless the courts say otherwise.

The FCC is flipping the cybersecurity script, wanting to ditch Biden-era rules set after the notorious Salt Typhoon attacks. The new plan? Less “prescriptive, burdensome” regulation and more of an “agile and collaborative approach.” Apparently, cybersecurity’s not about who can patch the fastest but who can dance the industry tango.

Sysmon is getting a glow-up! Microsoft is integrating it natively into Windows 11 and Windows Server 2025. This means no more standalone installations and easier management. Admins can now install Sysmon via “Optional features” and receive updates through Windows Update, making threat hunting as breezy as a Sunday morning, minus the coffee spills.

On November 18, 2025, Cloudflare took an unexpected coffee break, leaving web users worldwide with error pages and inaccessible apps. The culprit? A bug triggered by routine tinkering, not an attack. As Cloudflare scrambled to fix the mess, the internet had its second major infrastructure hiccup in a month.

America is tired of being the hackers’ playground, says US National Cyber Director Sean Cairncross. Uncle Sam is ready to go from defense to digital offense, but Cairncross is keeping the timeline a secret. With a new National Cyber Strategy brewing, the US aims to give cybercriminals a taste of their own medicine.

Google’s on a bug-squashing spree with an emergency patch for a high-severity Chrome bug, CVE-2025-13223, already exploited in the wild. It’s the seventh zero-day this year, proving bugs are multiplying faster than rabbits. Update your browser now or risk your computer doing the digital equivalent of a faceplant.

The Trump administration’s national cybersecurity strategy aims to be a quick, no-nonsense guide to dealing with cyber adversaries. With a focus on shaping adversary behavior, Trump 2.0 plans to introduce consequences faster than you can say “password123!” Expect a strategy that’s short but makes cyber foes think twice.

Bug bounty programs have become the superheroes of modern cybersecurity, swooping in to save organizations from costly traditional testing. By tapping into global expertise, these programs offer cost-effective security solutions, continuously evolving to outsmart threats. With bug bounty programs, it’s not just about plugging holes; it’s about building a fortress with flair!

Malicious npm packages are playing a cunning game of “Spot the Researcher,” using Adspect cloaking to show security experts a harmless white page while leading victims on a merry dance to fake crypto sites. It’s like a digital version of “Who Wants to Be Scammed?” with a CAPTCHA twist. Stay alert!

Pajemploi, the French social security service, has fallen victim to a data breach impacting 1.2 million individuals. Hackers nabbed personal information but missed bank details. While operations remain smooth, URSSAF warns of potential phishing attempts. Remember, if you get a suspicious email, it’s not the French Riviera calling—just a cybercriminal!

Microsoft Teams is stepping up its security game! Users can now report false-positive threat alerts in chats. With this feature reaching general availability by November 2025, Teams aims to improve detection accuracy and keep your chats safe. It’s like giving your security team a pair of glasses—finally, they can see clearly now!

Get ready to say goodbye to the Sysmon install headache! Microsoft is making Sysmon a native feature in Windows 11 and Windows Server 2025. No more standalone tool hassle—now you can enjoy built-in threat hunting with just a few clicks and a dash of Command Prompt charm.

MI5 warns British lawmakers that Chinese spies are using LinkedIn profiles to recruit and cultivate them. These spies, working for the Chinese Ministry of State Security, are “conducting outreach at scale” using networking sites and recruitment agents. The alert highlights the threat to national security as espionage activity becomes more targeted and widespread.

The Cybersecurity Information Sharing Act (CISA 2015) just got a temporary extension, thanks to lawmakers trying to reboot the government. While cybersecurity pros welcome the short-term fix, they’re hoping for a longer-term solution. After all, cyber threats won’t take a vacation just because the law might.

Benjamin Ismail runs the App Censorship Project, tracking global app censorship with AppleCensorship.com and GoogleCensorship.org. He fights digital suppression with the finesse of a tech-savvy superhero, but insists true heroes remain in the shadows. Perhaps he’s more of a capeless crusader in the spotlight of free speech.

WhatsApp Research Proxy is Meta’s new tool, giving bug bounty hunters a peek into WhatsApp’s network protocol. With WhatsApp as a lucrative attack surface, this initiative invites researchers to lower the barrier of entry and join the program. Meanwhile, a security flaw exposed 3.5 billion phone numbers, including millions from banned countries.

A new malware campaign by “dino_reborn” uses npm packages and fake crypto-exchange CAPTCHAs to separate victims from researchers. The scheme is a comedy of errors: if you’re a researcher, you get a “white page”; if you’re a victim, you’re redirected to a malicious site. It’s like malware with a sense of humor.