Google’s lawsuit against the Lighthouse network aims to tackle Chinese smishing groups that have scammed over a billion dollars by impersonating entities like the USPS. With advanced phishing-as-a-service tools and endless creativity, these cybercriminals have become a relentless menace. Can Google strike a blow against this digital hydra, or will it just grow more heads?

Microsoft’s November Patch Tuesday tackled over 60 CVEs, including an actively exploited one. Experts say CVE-2025-62215 lets low-privileged attackers escalate to system privileges. Chaining it with others could lead to server compromise. Meanwhile, critical RCE bug CVE-2025-60724 demands urgent patching due to server-side vulnerabilities.

Drone incursions are no joke, and Britain’s aviation watchdog warns it’s only a matter of time before “organized drone attacks” hit UK airports. Despite tightened rules, the bad guys got smarter and the toys got cheaper, leaving the skies open for disruption. It’s not if, but when, these drone disruptions will strike.

The UK government has unveiled the Cyber Security and Resilience Bill, aiming to fortify national security and the economy. It’s a digital shield to battle sophisticated cyber-attacks and AI threats. With penalties tougher than a two-day-old scone, the bill’s success hinges on practical implementation. Cybersecurity: it’s not just for techies anymore!

Google unveils Private AI Compute, a cloud-based “secure, fortified space” for AI that keeps your data private—even from Google itself. Think of it as a high-security vault for your digital secrets, guarded by futuristic technology and a bunch of AI bodyguards. Because who needs privacy breaches when you can have privacy fortresses?

The “Bitcoin Queen” has traded her crown for a cell, sentenced to 11 years for laundering $7.3B. Her crypto caper defrauded 128K in China, leading to the world’s largest crypto seizure of £5.5 billion. UK authorities hope the seized billions will plug some budget holes. Bitcoin Queen, meet Her Majesty’s prison.

Industrial giants Siemens, Schneider Electric, and Rockwell Automation are on a mission, patching vulnerabilities faster than a whack-a-mole champion. Siemens dealt with bugs in Comos and Solid Edge, while Rockwell and Aveva tackled high-severity issues. Schneider’s fixing flaws in EcoStruxure and PowerChute. It’s like tech spring cleaning—just more critical!

Microsoft’s November Patch Tuesday update is here, tackling 63 flaws, including a pesky zero-day Windows kernel bug. With four critical and 59 important vulnerabilities, it’s like a game show where everyone’s a winner—except the bugs. This month marks the first with Windows 10 out of the update loop.

China’s National Computer Virus Emergency Response Center has accused the USA of a 2020 bitcoin heist, aligning with an unusual ally. The stolen bitcoin remained untouched for years, hinting at a nation-state actor. Meanwhile, China’s advice to mining pools appears out of sync with its own cryptocurrency ban.

Australia’s top spy warns that authoritarian regimes are increasingly willing to sabotage critical infrastructure through cyber-attacks. With cyber-enabled threats on the rise, ASIO’s Mike Burgess urges organizations to ditch complacency and PowerPoint defenses. He recommends proactive, connected security strategies, stressing that the risks are foreseeable and vulnerabilities knowable.

The Rhadamanthys infostealer operation hit a snag after cybercriminals found themselves locked out of their own servers. As if getting a taste of their own medicine, these unsavory “customers” are now blaming German police for the disruption. Rhadamanthys infostealer isn’t stealing anything but the spotlight now!

Synology patched a critical BeeStation OS remote code execution vulnerability demonstrated at Pwn2Own. This “buffer copy without checking” flaw could turn your “personal cloud” into a public storm. No mitigations exist, so upgrade now! Who knew a “buffer” could cause such a ruckus?

SAP addressed 19 security issues, including a critical flaw with hardcoded credentials in SQL Anywhere Monitor, tracked as CVE-2025-42890. This vulnerability could allow remote code execution, leading to a high impact on confidentiality, integrity, and availability. Experts suggest discontinuing its use and deleting existing monitor database instances as a temporary workaround.

Tenzai, a Tel Aviv-based cybersecurity startup, has burst from stealth mode with a staggering $75 million in seed funding. With their AI-driven platform for penetration testing, they’re automating the process of finding software vulnerabilities. It’s like upgrading from a magnifying glass to a high-powered telescope overnight!

Microsoft’s latest Patch Tuesday updates tackle over 60 vulnerabilities, including a zero-day privilege escalation flaw. Known as CVE-2025-62215, this flaw allows hackers to race to System privileges. With more than 30 vulnerabilities enabling privilege escalation, it’s like a hacker’s decathlon out there. Stay updated, stay secure!

In November’s slimmed-down security update, Microsoft patches 63 CVEs, including the critical CVE-2025-60724. This GDI+ vulnerability poses a significant risk, potentially allowing attackers to execute arbitrary code without user involvement. Despite being deemed “exploitation less likely,” experts urge immediate action due to its high severity score. Prioritize patching this vulnerability.

Adobe’s latest Patch Tuesday updates squash 29 vulnerabilities across various products, including critical issues in InDesign and Photoshop. While Adobe says no wild exploitation has occurred, the “critical” label means they’re not taking any chances. Users are advised to update, even if the priority rating suggests malicious exploitation isn’t expected.

Cl0p strikes again, this time targeting NHS UK with a data breach. The ransomware group blames NHS’s lax security while exploiting Oracle E-Business Suite vulnerabilities. As they continue their spree, experts warn of ongoing threats to unpatched systems, adding NHS UK and The Washington Post to their growing victim list.

CyberProof has identified striking similarities between two malware strains, Coyote and Maverick, both targeting Brazilian banks via WhatsApp. Written in .NET, they decrypt, target banking URLs, monitor applications, and spread through WhatsApp Web. This malware evolution could spell trouble for Brazilian banks, as Maverick has been unleashed with a cunning new attack chain.

Windows 11 23H2 Home and Pro editions are done with updates, officially entering the “you’re on your own” phase. Time to embrace Windows 11 25H2, or as Microsoft calls it, the “please don’t make us say we told you so” update.