Ubuntu 25.10’s new sudo-rs command, rewritten in Rust, had two minor vulnerabilities quickly fixed, leaving security experts with more time to debate whether Rust is the hero or villain of the open-source world. Meanwhile, the Rusty date command had its own existential crisis, confusing yesterday with today.

CISA has issued a dire warning about two Cisco Secure Firewall vulnerabilities exploited by the China-linked ArcaneDoor campaign. The threat actors have been busy exploiting these flaws, so CISA is urging agencies to patch up and shape up before the cyber boogeyman strikes again. Don’t let your cybersecurity be the butt of the joke!

Operation Endgame 3.0 struck a major blow to cybercrime, targeting Rhadamanthys, VenomRAT, and Elysium. Europol led the charge with 11 searches across Europe, seizing domains and disrupting over 1,000 servers. The Rhadamanthys infostealer was a prime target, with millions of credentials and crypto wallets compromised.

Security researchers have unearthed the “IndonesianFoods” attack on the npm ecosystem, spreading spam packages with worm-like techniques. In a maneuver that would make any self-respecting worm envious, this campaign generates over 17,000 packages a day, leaving developers with more headaches than a caffeine-free Monday morning.

CISO compensation packages in North America are on the rise, with the top 1% raking in over $3.2 million. But while salaries soar, budgets are barely keeping up. In this high-stakes game of cybersecurity, these leaders might have to use their Jedi mind tricks to stretch those pennies further.

Banking Trojans Coyote and Maverick have been wreaking havoc in Brazil, targeting WhatsApp users and their financial data. CyberProof’s research highlights how these crafty cyber villains spread through sneaky zip files and PowerShell tricks. With Brazil’s booming digital presence, it’s no wonder these malware masterminds have set their sights on the region.

Microsoft Teams Premium is getting a new feature called “Prevent screen capture” by late November 2025. It blocks screenshots and recordings on Windows and Android devices, ensuring sensitive meeting content stays secret. But beware, crafty colleagues with cameras can still capture your screen-time shenanigans!

The Washington Post has confirmed that 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite attacks. Apparently, the Clop ransomware gang had a data buffet, and the Post was on the menu. Rest assured, they’ve offered complimentary identity-protection services to those affected in this cyber fiasco.

Security researchers are in a frenzy as tens of thousands of malicious NPM packages, dubbed the “IndonesianFoods worm,” are served up by a threat actor. These packages flood the registry with junk, masquerading as a legitimate Next.js app. The worm’s infinite loop of spamming is like a never-ending buffet of chaos!

The NHS has been caught up in the Oracle EBS hacking campaign, joining a list of over 40 alleged victims on Cl0p’s leak website. While the cybercriminals may have named them, the NHS is investigating without any data released so far. Stay tuned as this cyber soap opera unfolds!

Warning: Uhale Android-based digital picture frames come with risks. These frames may download malware from China-based servers at boot time. Quokka’s research found they could be linked to Mezmess and Vo1d malware families. Despite notifying Whale TV, the firm behind Uhale, there’s been no response since May. Proceed with caution!

Beware of the “Safery: Ethereum Wallet” extension! It’s about as safe as a porcupine hug. This malicious Chrome extension masquerades as secure but steals your seed phrases via cunning microtransactions. Stick to trusted wallets, or you might find your Ethereum disappearing faster than socks in a dryer.

SAP security vulnerability alert: A flaw rated 9.9 out of 10 in severity could let cyber attackers take over SAP networks, exposing sensitive data. This code injection threat, known as Note 3668705, requires immediate patching to prevent system compromise. SAP has released fixes, but speedy action is essential to thwart potential exploits.

WatchGuard Firebox firewalls face a critical-severity vulnerability, CVE-2025-9242, that allows unauthenticated remote code execution. With over 73,000 devices unpatched, CISA has added it to its Known Exploited Vulnerabilities list, urging immediate action. Remember, a secure firewall is like a good joke—timing is everything! Patch now, laugh later.

Operation Endgame 3.0 took down three notorious malware strains across 11 countries. Europol led the charge, seizing over 1,025 servers and arresting VenomRAT’s suspected operator. With Rhadamanthys, VenomRAT, and Elysium botnet hit hard, cybercriminals might need a new hobby—perhaps knitting?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. Hackers are racing to exploit these vulnerabilities faster than you can say “update now.”

CISA urgently warns U.S. federal agencies to patch Cisco firewall devices against CVE-2025-20362 and CVE-2025-20333 vulnerabilities, or risk becoming the cybersecurity equivalent of Swiss cheese. With over 30,000 devices still vulnerable, the race is on to avoid being the next headline in a hacker’s success story.

International cops dismantle the Rhadamanthys infostealer operation, seizing 1,025 servers and impacting hundreds of thousands of infected computers. Part of Operation Endgame, this takedown leaves the administrator and customers at large. Europol’s animated video suggests the admin pocketed the best secrets, sparking mistrust in the cybercrime community.

In the race for every new CVE, hackers sprint with automation, while defenders crawl with manual patching. Attackers leverage machine speed, exploiting vulnerabilities within hours, leaving IT teams scrambling and stressed. To keep pace, organizations must embrace automated defenses or risk being outpaced by tireless, AI-driven adversaries.

Operation Endgame hits a high score as Europol and Eurojust dismantle notorious malware networks, including Rhadamanthys Stealer and Venom RAT. With over 1,025 servers down and 20 domains seized, cybercriminals are running out of lives. Meanwhile, the main suspect behind Venom RAT was nabbed in Greece, proving crime doesn’t pay—at least not in euros.