Australia’s spy chief warns China-linked threat actors are probing critical infrastructure. If they’re auditioning for the role of cyber villain, they’re nailing it. With groups like Volt Typhoon targeting power and transport networks, the suspense is electric. China’s alleged cyber activities raise serious concerns about future sabotage and espionage against Australian networks.

By 2035, global defense spending will skyrocket to $6.38 trillion, fueled by technological advances and AI-powered procurement decisions. Margarita Howard, CEO of HX5, suggests embracing these changes or risk becoming obsolete. The future of defense contracting demands real-time monitoring, proactive transparency, and a workforce ready for digital collaboration.

The UK’s Cyber Security and Resilience Bill is here to ensure that cyber attackers no longer crash the party. With mandatory security standards for IT providers, the bill aims to keep hospitals, energy systems, and more safe from cyber chaos, because who needs tech trouble when you can have a spot of tea instead?

Citrix Bleed 2, a critical vulnerability in NetScaler ADC and Gateway, was exploited by advanced threat actors. Amazon’s MadPot honeypot detected Citrix Bleed 2 exploits before public disclosure. Both Citrix Bleed 2 and a Cisco ISE flaw were used in APT attacks, highlighting the importance of applying security updates promptly.

Amazon’s threat intelligence team uncovered a sneaky threat actor exploiting Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC vulnerabilities to deliver custom malware. This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure. Remember, even the best-laid security plans need a backup plan… and maybe a backup…

KONNI hackers use spear phishing to trick victims into opening malicious files, then spy and erase data through a two-part attack. They exploit trust by impersonating roles and spreading malware via KakaoTalk. Later, they remotely wipe devices using Google Find Hub. Always verify sources and enable two-factor authentication for better protection.

Israeli cybersecurity startup Sweet Security raises $75 million in Series B funding, totaling $120 million. Specializing in AI-powered security, Sweet Security offers real-time threat detection and response for cloud and AI environments. With a focus on exposing shadow AI and preventing prompt injections, they’re ready to expand globally and innovate further.

Google has flexed its legal muscles against the Smishing Triad, a notorious cybercrime group from China. This band of text-messaging miscreants has been impersonating everyone from toll services to social media platforms. With a lawsuit under its belt, Google aims to dismantle their operation and prevent users from falling for their phishing antics.

Synnovis, once known as Viapath, faced a massive “oops” moment after a ransomware attack in June 2024. Patient data, including NHS numbers and test results, was stolen. Synnovis is notifying healthcare organizations, while the NHS handles patient notifications—because what’s more British than queuing for data breach news?

Ivanti and Zoom have released patches for vulnerabilities including high-severity issues like code execution and privilege escalation. Ivanti fixed bugs in Endpoint Manager, while Zoom addressed flaws in mobile and desktop clients. Although no exploits have been reported, users are urged to update to avoid becoming a hacker’s next favorite target.

Google’s bugSWAT event at ESCAL8 awarded $458,000 in bug bounties to 38 top hunters. With 107 bugs reported, the event also launched Google’s AI Vulnerability Reward Program, offering up to $20,000 for critical AI vulnerabilities. Nearly 200 attendees joined the conference, including students and bug hunters, making it a bug-tastic success!

Zhimin Qian’s epic seven-year scam saga finally concludes with an 11-year prison sentence for her cryptocurrency capers. After fleeing China, she lived lavishly in London while laundering stolen Bitcoin—over £4.8 billion worth! Her accomplices weren’t as lucky either, as the Metropolitan Police cracked down on this record-setting fraud.

Microsoft has released patches for 63 security vulnerabilities, including four critical ones. The highlight? A zero-day Windows Kernel flaw, CVE-2025-62215, that’s actively being exploited. So if your Windows starts behaving like it’s possessed, it might just be a hacker attempting to win a race condition. Better update those systems pronto!

Managing Facebook advertising? Beware of phishing emails from the real @facebookmail.com domain, as attackers impersonate Facebook Business pages. With over 40,000 emails sent globally, these cunning invites aim to steal credentials. Always verify invites through official channels and enable multi-factor authentication to stay secure. Your inbox might just be the new Wild West!

The UK government is tightening its grip on datacenters with the Cyber Security and Resilience Bill, turning them from digital guardians into cybersecurity juggernauts. With penalties reaching £100,000 a day, it’s like a fitness boot camp for datacenters, ensuring they flex those cybersecurity muscles. Datacenters, get ready to sweat!

Intel, AMD, and Nvidia have uncovered vulnerabilities in their products that could lead to privilege escalation, denial of service, and information leaks. Intel alone released 30 security advisories for over 60 vulnerabilities, proving once again that even the smartest chips can have their own “oops” moments.

Microsoft resolved a bug causing Windows 11 Task Manager to linger in the background, thanks to the KB5068861 update. Previously, Task Manager refused to fully quit, leading to stuttering and CPU issues. Now, users can breathe easy, knowing their Task Manager isn’t secretly moonlighting as a system resource hog.

Synology fixed a critical BeeStation RCE flaw, CVE-2025-12686, unveiled at Pwn2Own Ireland 2025. This bug, caused by unchecked buffer input, allowed hackers to execute arbitrary code. BeeStation users, it’s time to update—unless you enjoy living on the edge of a digital beehive.

Google’s lawsuit against the Lighthouse network aims to tackle Chinese smishing groups that have scammed over a billion dollars by impersonating entities like the USPS. With advanced phishing-as-a-service tools and endless creativity, these cybercriminals have become a relentless menace. Can Google strike a blow against this digital hydra, or will it just grow more heads?

Microsoft’s November Patch Tuesday tackled over 60 CVEs, including an actively exploited one. Experts say CVE-2025-62215 lets low-privileged attackers escalate to system privileges. Chaining it with others could lead to server compromise. Meanwhile, critical RCE bug CVE-2025-60724 demands urgent patching due to server-side vulnerabilities.