Phishing campaign targets hotels with a ClickFix twist, tricking managers into downloading PureRAT malware. The scheme mimics booking platforms like Booking.com, stealing credentials and banking details. Cybercriminals even enlist “traffers” for malware distribution. It’s like a cybercrime Airbnb, but instead of guests, you’ve got unwanted malware checking in!

The GlassWorm campaign is back, now targeting the Visual Studio Code ecosystem. These sneaky threat actors use invisible Unicode characters to hide malware in extensions, causing chaos by pilfering credentials and cryptocurrency. Despite efforts to squash the worm, it wriggles back, proving more persistent than a toddler at bedtime.

Cisco’s new AI model, clocking in at a whopping 17 billion parameters, is set to outmuscle its predecessor, Foundation-Sec-8B. This model aims to not just detect threats but offer advice on tackling them too. Expect its debut just after Christmas—because nothing says holiday spirit like bolstering cyber defenses!

Microsoft is set to launch a “new class” of AI agents known as “agentic users” that can autonomously attend meetings, send emails, and perform tasks. While these digital colleagues promise productivity, concerns loom about potential rogue antics and the nightmare of predicting their consumption costs. Ready for AI coworkers with minds of their own?

QNAP has patched seven zero-day vulnerabilities unveiled at Pwn2Own 2025. The affected software includes QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Customers are advised to update to the latest versions to stay secure. Who knew zero-days could have such a busy social life?

Chinese infosec blog MXRN reports a data breach at security firm Knownsec, leaking over 12,000 classified documents. The breach included cyber weapons info, remote access trojans, and massive data theft from India and South Korea. Knownsec’s attacks on 80 overseas targets were also exposed, with some documents briefly surfacing on GitHub.

Infosec in brief: Who knew the Louvre’s security was more open than a Parisian café? With passwords like “LOUVRE” and “THALES,” it’s a hacker’s dream come true. Hopefully, the museum has tightened up faster than a beret on a windy day!

AI chat privacy is under siege! Microsoft’s Whisper Leak attack lets snoopers decode encrypted AI chat topics, threatening user confidentiality. By analyzing encrypted traffic patterns, attackers can infer conversation themes, exposing sensitive discussions. Microsoft warns of severe privacy risks as AI chatbots become integral in everyday and sensitive fields.

Beware iPhone owners: scammers are sending phishing texts claiming your lost device is found, but they’re really after your Apple ID credentials. Remember, Apple won’t text you about a found phone. Stay sharp, and don’t let these cyber tricksters turn your hope into a phishing frenzy!

Three vulnerabilities in the runC container runtime used by Docker and Kubernetes could let attackers bypass isolation and access the host system. These flaws, tracked as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, could lead to container escapes. RunC developers recommend using rootless containers as a precaution.

GlassWorm is back, slithering through OpenVSX with three new VSCode extensions. Despite last month’s exposure, it’s downloaded over 10,000 times. Using invisible Unicode characters, it stealthily targets GitHub and cryptocurrency wallets. Koi Security, tracking this Russian-speaking menace, is coordinating with law enforcement. Stay alert; those “blank” spaces might not be so empty!

Windows 10 extended security updates are a lifesaver for those not ready to embrace Windows 11. With options ranging from $30 to free (if you’re a Microsoft rewards hoarder), it’s a small price to pay to avoid a security nightmare. Stay protected and laugh in the face of vulnerabilities with the Windows 10 extended security…

Hold onto your keyboards, folks! OpenAI is rolling out the GPT-5.1 family like it’s the latest smartphone: GPT-5.1 for everyone, Reasoning for deep thinkers, and Pro for those with deep pockets. Expect improved performance and health guardians, but don’t worry—your wallet’s health might need a guardian too with that $200 subscription!

China-linked hackers infiltrated a U.S. policy-focused nonprofit in April 2025, sneaking in like digital ninjas. Using DLL sideloading and other sneaky tactics, they maintained access for weeks, honing their skills in covert operations. It’s clear they’re not just interested in policy discussions but also in how these policies might impact China’s interests.

An Italian political adviser, Francesco Nicodemo, became the fifth Italian entangled in the government’s Graphite spyware scandal. With a growing list of 90 victims, including journalists and activists, it’s clear Italy’s surveillance tactics are more invasive than a nosy neighbor with binoculars. Graphite spyware is raising eyebrows—and not in a good way.

The FBI’s got a new mystery on its hands—who’s behind Archive.today, the paywall-evading website? With a subpoena hot off the press, they’re digging for clues. The website’s owner remains as elusive as a sneaky cat burglar. Will the FBI unmask this digital ghost, or will the mystery persist? Stay tuned!

Microsoft’s Whisper Leak attack allows cyber attackers to detect chat topics, even when encrypted, by analyzing traffic patterns. This poses privacy risks, especially on untrusted networks. To protect yourself, avoid sensitive topics on public Wi-Fi and consider using a VPN or non-streaming models. Remember, sometimes silence is golden, especially in the cloud!

Interviewing digital rights activist Esra’a Al Shafei, she reveals her mission to uncover companies behind surveillanceware, inspired by a spyware encounter over a decade ago. Her project, Surveillance Watch, maps 695 surveillance entities today. “Surveillance is a global trade,” she warns, highlighting its pervasive reach beyond authoritarian regimes.

The LANDFALL spyware exploited the Samsung zero-day CVE-2025-21042, spreading through DNG image files via WhatsApp. This zero-click malware targeted Samsung Galaxy devices in the Middle East, enabling stealthy surveillance and data theft. Samsung has since patched the vulnerability, but the sophistication of this spyware campaign underscores the risks of image-processing flaws.

The government shutdown is causing chaos, even in the digital realm. The Congressional Budget Office hack highlights the cyber vulnerabilities that emerge when essential staff are furloughed. As federal workers juggle crises, the nation’s digital defenses might just be the unsung casualty of this prolonged political impasse.