Google’s AI assistant Gemini is facing a hilarious yet serious threat: ASCII smuggling. This sneaky attack method uses invisible characters to trick Gemini into spreading fake info or worse. It’s like convincing a vending machine to serve you a pizza instead of a soda—just with more potential for chaos.

Storm-1175 exploits GoAnywhere MFT vulnerability CVE-2025-10035, making remote code execution as easy as ordering pizza online. This flaw, a zero-day glitch, is the secret ingredient in Medusa ransomware attacks. Microsoft suggests a digital lockdown: update servers, restrict internet connections, and block suspicious activity like a bouncer at a club.

Employees are getting chummy with ChatGPT, sharing PII and PCI data like it’s a juicy office gossip. According to LayerX, 77% of AI users have pasted data into chatbot queries, with 22% involving sensitive info. With ChatGPT’s enterprise usage at 43%, CISOs might want to start sweating over data security.

DraftKings customers face a betting twist as hackers score big in a credential stuffing attack. Despite keeping sensitive data safe, the gambling giant urges users to reset passwords and enable multifactor authentication. Forget blackjack, it’s now all about the password shuffle!

BatShadow is on the prowl, using social engineering to lure unsuspecting job seekers and digital marketing professionals into downloading Vampire Bot. Disguised as job descriptions, these deceptive files unleash a Golang malware capable of wreaking havoc. Think twice before opening that “dream job” PDF; it might just bite back!

Asahi is brewing up trouble after a ransomware attack stopped operations and left data fizzling out of their servers. Meanwhile, the Qilin gang is toasting to being the top ransomware group, stirring up cyber chaos like it’s happy hour.

The Clop ransomware gang, notorious for zero-day exploits, has been exploiting a critical Oracle E-Business Suite vulnerability, CVE-2025-61882, since August. This vulnerability allows attackers to execute remote code without authentication. Oracle urges urgent patching as Clop has been leveraging this flaw to steal data and extort companies through ransom demands.

The newly discovered RediShell vulnerability in Redis is like finding a decade-old sandwich under your server rack. Rated a perfect 10.0, it’s a serious issue lurking in the Lua interpreter. With 330,000 instances potentially exposed, it’s time to patch, lock those doors, and ensure your Redis isn’t serving up more than just data!

In 2025, North Korean hackers made a grand heist, swiping $2 billion in cryptocurrency, smashing previous records. These digital pirates use the loot to bolster nuclear weapons programs, leaving blockchain experts at Elliptic scratching their heads. This year’s Bybit hack alone netted $1.46 billion, showcasing North Korea’s evolving cyber-theft prowess.

Avnet confirmed a data breach but reassures that the stolen information is unreadable without their proprietary tools. Imagine stealing a diary only to discover it’s written in an alien language! The breach involved an internal sales tool used in the EMEA region, but Avnet says global operations remain unaffected.

Florida-based Doctors Imaging Group has admitted that sensitive medical and financial data of 171,862 patients was stolen during a 2024 cyberattack. The group took its time notifying affected individuals, wrapping up its investigation in August. While no free identity theft protection was offered, patients were told to check their credit reports.

OpenAI bans ChatGPT accounts linked to Chinese government entities for trying to use AI for surveillance. The focus is on users asking ChatGPT to design tools for large-scale monitoring, though not implementing them directly. As the battle between AI and misuse intensifies, OpenAI continues to crack down on nefarious activities.

Qilin cybercrime group strikes again, disrupting Mecklenburg County schools with a ransomware attack. Teachers were forced to dust off their penmanship skills as the internet took a week-long vacation. With 305GB of sensitive data allegedly stolen, the school district is still investigating and refuses to pay up, proving education doesn’t come cheap—or easy!

Qilin cybercrime group strikes again, disrupting Mecklenburg County schools with a ransomware attack. Teachers were forced to dust off their penmanship skills as the internet took a week-long vacation. With 305GB of sensitive data allegedly stolen, the school district is still investigating and refuses to pay up, proving education doesn’t come cheap—or easy!

Microsoft is pulling the plug on sneaky local Windows account setups in the Windows 11 Insider Preview Build 26220.6772. They’re closing loopholes faster than a caffeine-fueled programmer, all in the name of making sure your device isn’t only half-baked. So, say goodbye to shortcuts and hello to fully configured PCs!

Google’s DeepMind has introduced CodeMender, an AI agent that automatically detects and patches vulnerable code. This digital superhero not only fixes new vulnerabilities but also rewrites existing codebases to eliminate entire classes of vulnerabilities. It’s like having a tech-savvy exterminator for bugs that never sleep.

BK Technologies, a Florida-based maker of mission-critical radios, confessed to a cyber intrusion that briefly rattled its IT systems. The company detected “potentially suspicious activity,” leading to a digital fire drill. Fortunately, only a “limited number of non-critical systems” were disrupted, and BK claims its operations are now back to normal.

Medusa ransomware is exploiting a CVSS 10.0 deserialization vulnerability in GoAnywhere MFT, granting attackers unauthenticated Remote Code Execution and system takeover. Despite a patch, exploitation began earlier, allowing attackers to persist and deploy ransomware. Organizations using GoAnywhere must patch immediately to avoid becoming the next unwilling guest of Medusa’s comedy of errors.

The new INE Security report, “Wired Together: The Case for Cross-Training in Networking and Cybersecurity,” highlights the need for cross-training to tackle operational friction between IT teams. By bridging the networking-cybersecurity gap, organizations can save costs and improve efficiency, avoiding the costly “implement-break-fix” cycle.

Texas deputies used Flock Safety’s surveillance data in an abortion investigation, despite claims it was a welfare check. Over 83,000 cameras were involved, raising privacy concerns. The detective’s affidavit contradicted public statements, revealing a “death investigation” of a “non-viable fetus.” The case highlights the risks of unchecked surveillance.