Texas deputies used Flock Safety’s surveillance data in an abortion investigation, despite claims it was a welfare check. Over 83,000 cameras were involved, raising privacy concerns. The detective’s affidavit contradicted public statements, revealing a “death investigation” of a “non-viable fetus.” The case highlights the risks of unchecked surveillance.

BK Technologies Corp got a surprise visit from cyber gremlins, leading to “minor disruptions.” While the hackers played digital hide and seek, the company assured that operations and finances remain steady. With insurance covering the cleanup, BK Technologies is back to focusing on keeping radios, not rumors, buzzing.

Google’s AI Vulnerability Reward Program is offering bounties up to $30,000 for finding security flaws. Now, researchers can turn their knack for finding glitches into a lucrative side hustle. After all, who wouldn’t want to get paid to break things, legally, in Google’s flagship AI products?

Discord has been hit by a ransomware attack, exposing customer data due to a compromised third-party support provider. Hackers accessed names, usernames, emails, and limited billing info. No full credit card numbers or passwords were breached. Discord is contacting affected users via email—so no need to panic if your phone isn’t ringing!

In September 2025, Accenture acquired IAMConcepts, further expanding its presence in Canada. Meanwhile, Cato Networks, Check Point, and CrowdStrike made moves to bolster their AI security prowess. Even Mitsubishi Electric joined the frenzy with a billion-dollar deal. It’s a cybersecurity M&A party, and everyone’s invited—except hackers, of course.

XWorm malware is back! Now with more plugins than a Swiss Army knife on steroids, it can keylog, steal credentials, and even dabble in a bit of ransomware. Trellix researchers say its evolution highlights the need for robust security measures. Always remember, no malware is ever truly gone—it’s just waiting for a comeback tour!

The Enterprise AI and SaaS Data Security Report from LayerX reveals AI isn’t just “emerging”—it’s already a major risk for data leaks. Alarmingly, 67% of AI use is through unmanaged accounts, with copy/paste being the primary data escape route. It’s time to rethink security strategies and embrace AI as a core focus.

French cybersecurity startup Filigran has raised $58 million in Series C funding, aiming to expand into new markets like Japan and Saudi Arabia. The Paris-based company plans to invest in AI advancements and hire fresh talent. With over 6,000 organizations already on board, Filigran is redefining cyber threat management with its innovative OpenCTI platform.

Recorded Future uncovered BIETA’s ties to China’s Ministry of State Security, revealing a penchant for steganography research. BIETA and its sidekick CIII are likely MSS front organizations, busy with covert communications, malware, and intelligence operations. So, next time you see a seemingly innocent cat video, remember it might just be hiding state secrets!

Beware! Your trusty computer mouse might be moonlighting as a secret agent. Researchers at the University of California, Irvine, have found that high-performance mice can be turned into listening devices through tiny desk vibrations. Dubbed Mic-E-Mouse, this sneaky side-channel attack could redefine computer privacy as we know it.

Chinese ransomware group Storm-1175 turned Fortra GoAnywhere MFT into a zero-day buffet, exploiting a deserialization flaw for remote code execution. With a CVSS score of 10/10, this flaw was like a backstage pass to hacking heaven. Now, the only thing more elusive than the attackers’ private keys is Fortra’s updated advisory.

Oracle E-Business Suite customers, brace yourselves: the Clop ransomware group has been exploiting a zero-day vulnerability, CVE-2025-61882, like a kid in a candy store. It’s time to patch that critical flaw before your data becomes the next ransom note in Clop’s collection. Don’t wait for a knock-knock joke—update now!

Storm-1175 strikes again! Microsoft has linked this cybercriminal group to exploiting a critical Fortra GoAnywhere flaw, CVE-2025-10035, to unleash Medusa ransomware. With a CVSS score of 10.0, this bug lets attackers inject commands without even saying ‘please.’ It’s a serious security sitcom, and Fortra’s got some explaining to do!

Redis has revealed a critical flaw, CVE-2025-49844, allowing remote code execution. Dubbed “RediShell,” it requires authenticated access to exploit. The vulnerability impacts all Redis versions with Lua scripting, urging users to secure instances and update to patched versions. Remember, leaving Redis exposed is like leaving your door open with a sign saying “Free Wi-Fi.”

Beware the Cl0p of thunder! CrowdStrike has linked Oracle’s EBS flaw CVE-2025-61882 to the notorious Cl0p group. This bug is like a remote-control for hackers, letting them crash your Oracle party without an invite. Oracle’s emergency patch is your best bouncer—apply it before Cl0p becomes the life of your server!

Britain’s Ministry of Defence is boldly going where no defense project has gone before, developing technology to protect satellites from laser attacks. With space contributing nearly 20% to the UK’s GDP, they’re on a mission to keep those orbiting assets safe from adversaries wielding high-tech laser pointers.

Hackers can exploit the Y2K38 bug today, thanks to time manipulation. By spoofing time settings to 2038, attackers could crash systems, bypass security, and cause chaos. Researchers warn this is no future problem; it’s an imminent threat. So, brace yourselves: it’s time to panic, but not too much, just enough!

Redis vulnerability RediShell, lurking for 13 years, poses a critical security threat by exposing 60,000 servers to potential exploitation. With no authentication and internet exposure, attackers can execute malicious scripts. Redis urges immediate updates and enhanced security measures. It’s a wake-up call for proactive exposure management—time to lock that Redis door!

The UK’s Home Office is revving up a £60 million plan for ANPR application development, aiming to catch criminals and improve national security. While some view ANPR as a privacy-invading speed trap, the Home Office insists it’s a vital tool. Expect live alerts and data integration, but no new police cameras—just yet.

The U.S. Cybersecurity and Infrastructure Security Agency has added flaws from Oracle, Mozilla, Microsoft Windows, and the Linux Kernel to its Known Exploited Vulnerabilities catalog. These vulnerabilities include everything from privilege escalation to remote code execution, making it a hacker’s buffet, but not the kind you’d want to RSVP to anytime soon.