The Cybersecurity Information Sharing Act (CISA 2015) just got a temporary extension, thanks to lawmakers trying to reboot the government. While cybersecurity pros welcome the short-term fix, they’re hoping for a longer-term solution. After all, cyber threats won’t take a vacation just because the law might.

Benjamin Ismail runs the App Censorship Project, tracking global app censorship with AppleCensorship.com and GoogleCensorship.org. He fights digital suppression with the finesse of a tech-savvy superhero, but insists true heroes remain in the shadows. Perhaps he’s more of a capeless crusader in the spotlight of free speech.

WhatsApp Research Proxy is Meta’s new tool, giving bug bounty hunters a peek into WhatsApp’s network protocol. With WhatsApp as a lucrative attack surface, this initiative invites researchers to lower the barrier of entry and join the program. Meanwhile, a security flaw exposed 3.5 billion phone numbers, including millions from banned countries.

A new malware campaign by “dino_reborn” uses npm packages and fake crypto-exchange CAPTCHAs to separate victims from researchers. The scheme is a comedy of errors: if you’re a researcher, you get a “white page”; if you’re a victim, you’re redirected to a malicious site. It’s like malware with a sense of humor.

DoorDash data breach exposes names, addresses, emails, and phone numbers after an employee fell for an online scam. Don’t worry, no sensitive information like bank details was accessed. But remember, folks, even the best delivery service can’t deliver you from a social engineering attack.

Meta’s bug bounty program shelled out $4 million in 2025, topping $25 million total since inception. A notable bug could let malicious apps on Quest VR headsets wreak havoc, while another exposed WhatsApp account vulnerabilities. Meta’s new WhatsApp Research Proxy tool aims to help researchers crack WhatsApp’s mysterious code.

Cybersecurity researchers revealed a cyber attack on a major U.S. real-estate company, exploiting the Tuoni C2 framework. The attackers reportedly used social engineering via Microsoft Teams impersonation. Despite the attack’s failure, it highlights the misuse of red teaming tools like Tuoni for nefarious purposes.

Iranian threat actors are back at it, deploying backdoors like TWOSTROKE and DEEPROOT to target aerospace and defense in the Middle East. Dubbed UNC1549, these cyber sleuths are the Houdinis of hacking, using trusted third-party relationships like a Trojan horse to infiltrate and outsmart even the most robust defenses.

SpyCloud’s latest report, “The Identity Security Reckoning,” reveals 2026’s top cyber threats. A surge in identity-based threats, evolving tactics, and AI-driven risks are on the horizon. From crafty teen hackers to synthetic identities with deepfakes, it’s a cybercriminal playground. Brace yourself as SpyCloud uncovers the wild world of identity threats!

Princeton University revealed a data breach affecting its community, with personal details of alumni, donors, and more exposed. Despite the breach, no sensitive financial data or passwords were compromised. This cybersecurity snafu was due to a phone phishing attack. Princeton advises vigilance against suspicious communications in the wake of this incident.

The Pennsylvania Office of the Attorney General was hit by a ransomware attack, leading to a data breach with 5.7 TB of data allegedly stolen. While no ransom was paid, the hackers claim they accessed sensitive information, including FBI details. The breach’s full impact remains unclear, but cybersecurity experts raise an eyebrow.

Nudge Security has just raised $22.5 million in Series A funding to bolster its AI and SaaS security platform. Aiming to secure “the Workforce Edge,” they offer automated solutions to close identity security gaps. With this fresh capital, the Austin-based startup plans to fuel product innovation and expand its market reach.

The Tuoni C2 attack demonstrates how attackers are leveraging AI and advanced techniques like steganography and in-memory execution to evade traditional defenses. With AI-assisted delivery methods, they’re essentially playing hide-and-seek with your security systems, and spoiler alert: they’re really good at hiding.

Cybersecurity researchers warn of a threat actor, “dino_reborn,” using Adspect cloaking in npm packages to separate real victims from researchers. Victims end up on sketchy crypto sites, while researchers see a decoy. It’s like a digital version of a bouncer, but instead of a club, it’s questionable crypto sites.

WhatsApp’s mass adoption makes it easy to find new contacts, but it’s also a paradise for data scrapers. Researchers extracted 3.5 billion phone numbers using WhatsApp’s contact discovery feature. If “contact discovery” sounds like a friendly feature, just remember, it’s also a shortcut to a global phone book!

DoorDash has confirmed a data breach in October 2025, resulting from a social engineering scam targeting an employee. While sensitive information wasn’t accessed, customer names, phone numbers, and email details were. DoorDash is enhancing security systems and employee training. This marks the third breach for DoorDash in six years.

Eurofiber’s ticket management platform and ATE portal were hit by a data breach, affecting Eurofiber France customers. A hacker named ByteToBreach exploited vulnerabilities, exfiltrating 10,000 password hashes and more. Luckily, sensitive banking details were spared—because who needs money when you have SQL backups and internal documents to cuddle with?

Cloudflare’s global network hit a snag, leaving the internet with a case of the Mondays. Users encountered “internal server error” messages, turning the web into a digital ghost town. With 449 Tbps of capacity and 13,000 networks connected, you’d think it could handle a little Monday blues. Don’t worry, recovery is on the horizon!

Fraudsters are embracing AI technology to commit new account fraud, with deepfakes comprising a fifth of biometric fraud attempts. Armed with generative AI, scammers create hyper-realistic replicas of identity documents, bypassing even biometric checks. It’s a digital dance of deception, as fraudsters swap faces and animate selfies to trick identity verification systems.

Google releases an emergency security update to tackle the seventh Chrome zero-day bug this year, raising the question: is “zero-day” just Google-speak for “we’re on it, but good luck until then”? While the patch is rolling out, users can manually update to stay ahead of the cyber villains lurking in the digital shadows.