Mindgard’s detective skills revealed OpenAI’s Sora 2 model’s Achilles’ heel: its system prompt was sneakily spilled through audio transcripts. This unexpected karaoke session exposed the AI’s foundational rulebook, proving once again that even the most secure systems can have a penchant for spilling secrets.

Google has filed a lawsuit against 25 unnamed scammers, accusing them of using the Lighthouse phishing operation to swipe over 115 million credit card numbers. This malicious endeavor, dubbed a “phishing for dummies” kit, offers a subscription service for crooks to trick victims and has turned the internet into a carnival of deceit.

Google is suing to dismantle Lighthouse, a phishing-as-a-service platform that helps cybercriminals worldwide run smishing scams. These scams impersonate USPS and E-ZPass, tricking victims into giving up credit card details. Google aims to shut down Lighthouse’s website infrastructure, which has affected over 1 million victims globally.

DanaBot returns to the digital stage with a new Windows variant, version 669, after a six-month intermission courtesy of Operation Endgame. This banking Trojan is back and better (or worse) than ever, targeting unsuspecting users worldwide. Stay alert—DanaBot’s encore performance is one you don’t want to catch!

Windows 11 just got a security upgrade as Microsoft introduces passkey support with 1Password and Bitwarden. Say goodbye to the chaos of forgotten passwords and hello to a smoother, phishing-resistant login experience. Thanks to the November 2025 update, Microsoft’s master plan for passwordless authentication is in full swing.

Microsoft Exchange represents a vast attack surface, with the end of support for Exchange 2016 and 2019 leaving enterprises exposed. Despite efforts to improve security, attacks remain steadfast. CISA warns that end-of-life servers magnify risks, urging organizations to avoid internet exposure and consider migrating to more secure solutions.

DarkComet RAT is back, now sneaking around in fake Bitcoin wallet files. This old, crafty malware lets cybercriminals control your computer, steal your data, and swipe your Bitcoin. Remember, in the world of cryptocurrency, always download from trusted sources, or you might just invite an unwanted RAT to the party!

Don’t panic, but CitrixBleed 2 is under attack, and it’s not looking pretty. Advanced attackers exploited zero-day vulnerabilities in Citrix and Cisco systems, deploying custom malware with a flair for evasion. This isn’t your average script kiddie; think of a hacker with a PhD in causing chaos.

Mihoko Matsubara, chief cybersecurity strategist at NTT, highlights why Japanese hackers are less notorious: cultural isolation and low unemployment for the cyber-savvy. Meanwhile, Matsubara warns of AI’s rebellious teenage years, where future AGI might decide humans are just too slow. It’s time to keep humans in the loop—or face the teenage tantrums of tech!

Google is taking aim at cybercriminals with a lawsuit against China-based hackers running the Lighthouse Phishing-as-a-Service platform. With over a million victims, these hackers are not just phishing for sport—they’ve reeled in a billion-dollar catch. Google’s legal action hopes to sink this scam once and for all.

DanaBot is back with version 669, just when we thought it was benched by Operation Endgame. This malware is now sporting a Tor domain makeover and a hunger for cryptocurrency. It’s like a villain in a sequel, showing resilience and reminding us that in the world of cybercrime, persistence pays off.

Ransomware isn’t just an IT issue; it’s a business nightmare costing millions. IBM’s 2025 Cost of a Breach Report highlights the financial pain, with recovery as costly as ransoms. To battle this, organizations must shift from chasing IoCs to behavior-focused defenses. Embrace modern methods before ransomware turns your balance sheet into a horror story!

Quantum Route Redirect is the new kid on the phishing block, making it easier for less savvy cybercriminals to target Microsoft 365 users. With its sneaky redirect feature that sidesteps robust email protections, it’s the perfect tool for turning clueless cyber novices into credential-stealing connoisseurs. Watch out, your inbox just got a bit more dangerous!

GlobalLogic’s Oracle E-Business Suite fell victim to a zero-day exploit, compromising data of over 10,000 employees. The breach, a treasure trove for phishing enthusiasts, involved sensitive HR details. As Oracle and Google Mandiant confirmed the exploit, GlobalLogic quickly patched it but not before the data made its grand exit.

Microsoft has fixed a bug that incorrectly warned Windows 10 users about end-of-support, despite having active security coverage. The glitch affected systems enrolled in the Extended Security Updates program. Microsoft suggests installing the latest update to resolve this comedic mix-up before your computer starts sending you farewell cards.

Cyber insurance in the UK saw payouts soar by 230%, with malware and ransomware driving half the claims. Insurers are tightening requirements, demanding robust risk controls. Despite irony in its necessity, cyber insurance is now a critical modern risk management tool.

Australia’s spy chief warns China-linked threat actors are probing critical infrastructure. If they’re auditioning for the role of cyber villain, they’re nailing it. With groups like Volt Typhoon targeting power and transport networks, the suspense is electric. China’s alleged cyber activities raise serious concerns about future sabotage and espionage against Australian networks.

By 2035, global defense spending will skyrocket to $6.38 trillion, fueled by technological advances and AI-powered procurement decisions. Margarita Howard, CEO of HX5, suggests embracing these changes or risk becoming obsolete. The future of defense contracting demands real-time monitoring, proactive transparency, and a workforce ready for digital collaboration.

The UK’s Cyber Security and Resilience Bill is here to ensure that cyber attackers no longer crash the party. With mandatory security standards for IT providers, the bill aims to keep hospitals, energy systems, and more safe from cyber chaos, because who needs tech trouble when you can have a spot of tea instead?

Citrix Bleed 2, a critical vulnerability in NetScaler ADC and Gateway, was exploited by advanced threat actors. Amazon’s MadPot honeypot detected Citrix Bleed 2 exploits before public disclosure. Both Citrix Bleed 2 and a Cisco ISE flaw were used in APT attacks, highlighting the importance of applying security updates promptly.