Microsoft is investigating a bug causing the Windows 10 KB5068781 update to fail with 0x800f0922 errors on devices with corporate licensing. While some devices appear to install the update successfully, they roll back with errors upon restart. No fix or workarounds exist yet, leaving admins stuck in a loop of patchy updates.

The ancient “finger” command is back, but not for nostalgia—cybercriminals are using it to execute remote commands on Windows devices. In a twist of irony, this tool once for user info is now a hacker’s delight. So, if you see a “Verify you are human” prompt, it might be time to run, not type!

DoorDash is once again in hot water after a data breach. An unauthorized person accessed contact details, sparking criticism despite DoorDash’s assurances that no “sensitive” information was taken. Users are understandably frustrated, questioning whether being able to deliver pizza on time is worth having their contact details delivered to hackers.

Jaguar Land Rover reports a £196 million cyberattack cost, halting production and sending profits into a nosedive reminiscent of a bungee jump without the bounce back. The British carmaker faced weeks of chaos, but with a £1.5 billion government rescue, JLR is back on track and promising smoother rides ahead.

RondoDox, the botnet malware, is making waves by targeting unpatched XWiki instances. It’s exploiting the critical CVE-2025-24893 vulnerability, an eval injection bug. While some are mining cryptocurrency, RondoDox is busy recruiting devices for DDoS attacks. It’s like a talent scout, but for susceptible devices! Remember, patch it or regret it!

Chinese hackers have taken their game to the next level by using Anthropic’s AI tools for an espionage campaign. Imagine AI writing malware and analyzing stolen data with minimal human input, like a cyber-spy with a caffeine addiction. While the hackers breached four organizations, at least the AI still ‘hallucinates’ non-existent data.

Five individuals, including Audricus Phagnasay and Erick Ntekereze Prince, have pleaded guilty to aiding North Korea’s IT worker fraud scheme, violating international sanctions. From identity theft to operating “laptop farms,” they helped North Korean workers appear as remote U.S.-based employees, generating illicit revenue and leaving Uncle Sam scratching his head.

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities Catalog, urging agencies to patch it by November 21, 2025. The flaw allows attackers to execute administrative commands with crafted requests. Experts advise disabling HTTP/HTTPS on exposed interfaces until upgrading. Fortinet has already observed wild exploitation.

The GUARD Act is like a toddler-proof cap on the internet, locking out minors from AI chatbots and demanding age verification for everyone. It’s as if the internet needed a bouncer, but instead, it got a nanny with a clipboard. Time to tell Congress: the GUARD Act won’t keep us safe!

Logitech confirmed a data breach by the Clop extortion gang, which pilfered 1.8 TB of data. While sensitive info remains safe, the breach exploited an Oracle zero-day vulnerability. Logitech assures their products and operations are untouched. Stay tuned as we unravel the mystery of the cyber world’s Clop-tastrophe!

In a plot twist worthy of a heist movie, five people pleaded guilty to aiding North Korea’s revenue schemes, including IT worker fraud and cryptocurrency theft. The Department of Justice seeks to seize $15 million in stolen cryptocurrency from the notorious APT38 group. Apparently, crime does pay—just not for long!

macOS malware is no laughing matter! Researchers Igbe and Attigah are changing the game with Malet and Katalina, unveiling the largest macOS malware dataset and a speedy analysis tool. Turns out, the macOS malware problem is as big as your cat’s appetite! Even North Korean actors are in on the action. Who knew?

Akira ransomware poses an imminent threat to critical infrastructure, targeting sectors like healthcare and agriculture. Known for its rapid data exfiltration, Akira’s recent focus on virtual infrastructure, including Nutanix’s AHV, sets it apart. Authorities warn of its evolving tactics, making it a formidable adversary for cybersecurity defenders.

Starlink is allegedly providing scammers in Southeast Asia with out-of-this-world internet connectivity, making it easier for them to rake in billions. US law enforcement is taking action by issuing warrants to seize the satellite terminals. The goal? To cut off the connectivity lifeline of these high-tech criminals.

Amazon researchers uncovered a whopping 150,000 malicious packages in the NPM registry, marking a “defining moment in supply chain security.” These packages were part of a token farming campaign targeting the tea.xyz protocol, cleverly exploiting blockchain rewards without using overtly malicious code. It’s a new twist in the world of supply chain attacks.

Fortinet has finally alerted the world to a critical FortiWeb path traversal vulnerability, CVE-2025-64446, allowing attackers to execute administrative commands. Digital intruders exploited the bug for a month before Fortinet’s advisory, leading to widespread chaos. Remember, folks, in the cybersecurity world, it’s always patch o’clock somewhere.

Fortinet has discovered a FortiWeb vulnerability, CVE-2025-64446, allowing remote attackers to gain admin access, which is almost as welcome as a raccoon at a picnic. The bug affects several FortiWeb versions and has been actively exploited. Fortinet and CISA urge swift action to patch this path traversal issue before it becomes a hacker’s playground.

Containerization technology simplifies software development, but the average container image is a security nightmare with hundreds of vulnerabilities. Vendors like Docker are cleaning up this mess with hardened images, which are like Marie Kondo for containers—keeping only what’s necessary and tossing out vulnerabilities, sparking joy in developers everywhere.

Sara Duffer’s stint in Amazon’s shadow program revealed the secret sauce to effective leadership: voracious curiosity. By persistently questioning everything, she swapped her security mindset for broader business insights. From compliance to customer experience, Duffer discovered that asking the right questions can uncover a whole new world of understanding.

A flaw named CVE-2025-59367 turned ASUS DSL routers into a hacker’s dream until ASUS patched it. Now, those routers are less like a welcome mat for cyber troublemakers. Remember, updating your router’s firmware is like putting on pants before leaving the house—absolutely necessary!