Microsoft mitigated the largest cloud DDoS ever recorded at 15.7 Tbps, courtesy of the Aisuru botnet’s 500,000 IP attack on Azure. The internet’s version of a heavyweight boxing match, but with data packets instead of punches!

Coinbase extorted for $20M, bribed support staff, and left customers scammed in a colossal SNAFU. Security researcher Jonathan Clark reported the breach in January, but Coinbase stayed mum until May. Apparently, they were more committed to ghosting than ghostbusters.

Princeton University’s database took a digital nosedive in a cyberattack, exposing personal info of alumni, donors, and more. The breach was courtesy of a crafty phishing attack on a staff member. While no financial data was leaked, Princeton advises everyone to keep their eyes peeled for fishy messages.

In a plot twist worthy of a cyber-thriller, Dutch police seized 250 physical servers from a bulletproof hosting service, leaving cybercriminals scrambling for new hideouts. Though the authorities played coy with the service’s name, insiders whispered CrazyRDP was the culprit, as its servers went dark faster than a hacker’s conscience at a cybersecurity conference.

The Aisuru botnet just broke the internet’s speed limit with a 15.72 Tbps DDoS attack on Microsoft’s Azure, launched from over 500,000 IP addresses. That’s like streaming a million 4K videos at once—impressive if it weren’t so menacing. This Turbo Mirai-class IoT botnet is exploiting home routers and cameras everywhere.

Cybersecurity researchers have unveiled the EVALUSION campaign, where ClickFix tricks users into launching Amatera Stealer and NetSupport RAT. These sneaky tactics involve bogus reCAPTCHA verifications leading to PowerShell mischief. Amatera, an evolved stealer, is the malware equivalent of a Swiss Army knife, exfiltrating data with flair and finesse.

North Korean IT worker scams are on the rise in the US, with citizens unknowingly aiding Pyongyang’s regime. The Department of Justice recently nabbed four Americans and a Ukrainian identity broker in a scheme involving fake tech workers. If you’re planning to lend your identity to Kim Jong Un’s IT team, the FBI will find…

Everest ransomware gang claims to have infiltrated Under Armour, stealing 343 GB of data. They even revealed some sample data to prove their point. Under Armour has a seven-day ultimatum before the hackers unleash chaos. Meanwhile, customers might want to consider changing passwords and avoiding emails offering suspiciously good sneaker deals. Stay vigilant!

Anyone could send “official” DoorDash emails thanks to a flaw in their business platform, now patched. The researcher and DoorDash are locked in a blame game, with accusations of neglect, extortion, and ethical breaches flying faster than a delivery driver in rush hour. Who knew email vulnerabilities could be this spicy?

Extremists exploit gaming ecosystems by embedding coded content in games and chats, then sharing it on mainstream social networks. Europol’s recent action flagged over 6,500 links to such materials. The effort highlights the challenge of detecting hidden messages within gaming platforms.

Cursor’s AI-powered developer environment is the latest playground for cybercriminals, thanks to a flaw more inviting than an all-you-can-eat buffet. Researchers found that by exploiting this weakness, attackers can inject JavaScript and execute malicious code, turning Cursor’s browser into their personal credential-stealing paradise. Who knew coding could be this risky?

Pennsylvania’s attorney general office faced a cyber whodunit when the INC Ransom gang claimed responsibility for their August 2025 ransomware attack. The gang allegedly stole 5.7TB of sensitive info, including access to an FBI network. Pennsylvania’s cybersecurity seems to have more holes than Swiss cheese!

Jaguar Land Rover confirms September’s cyberattack cost the company £196 million, halting production and impacting data. The attack, claimed by Scattered Lapsus$ Hunters, disrupted operations and caused significant financial loss. Despite the chaos, Jaguar Land Rover reassures that customer data remains safe, but the company is still revving up recovery efforts.

Europol’s Internet Referral Unit is on a mission, tackling gaming platforms like a boss. They reported thousands of URLs hosting extremist content, proving that even in the world of gaming, radical nutjobs are targeting gamers. So, gamers beware: your next raid might include more than just dragons!

Cybersecurity teams are confident but not capable, scoring just 22% accuracy in simulations, according to Immersive’s latest report. Despite “record investment,” response times remain sluggish. Organizations often train for outdated threats, leaving them “over-prepared for yesterday’s threats.” True resilience demands continuous practice and adaptability to evolving challenges, not just checking boxes.

Cyber readiness is hitting a speed bump as over-confident teams overlook sluggish incident response times, despite increased spending. Immersive’s report reveals that while 91% of leaders claim they can handle major incidents, response times remain stuck in the slow lane. Apparently, confidence is high, but so are the delays.

Microsoft is tackling a glitch that’s turned installing Microsoft 365 desktop apps into a quest worthy of a video game. Thanks to misconfigured authentication components, users are left puzzled and app-less. Fear not, the Microsoft 365 team is on it, with a fix expected soon, ensuring your apps are back in business faster than a…

Meet APT42, the hacking group with more aliases than a spy in a bad action movie. Known for their sophisticated espionage, they’re now targeting senior officials and their families, using charm and WhatsApp to fish for secrets. Their TameCat malware is so stealthy, it could sneak past a ninja in a library.

New research reveals that the EchoGram vulnerability can outsmart today’s top Large Language Models, like GPT-5.1. By adding a random string, attackers can trick guardrails into allowing harmful requests or blocking harmless ones, causing chaos and “alert fatigue.” Time to update those defenses before AI goes rogue!

DoorDash users, Dashers, and merchants are reeling from a data breach caused by a social engineering attack. While names and addresses were compromised, DoorDash assures us no sensitive data like Social Security numbers was accessed. The company is on high alert, but don’t worry—your pizza delivery remains secure!