The University of Pennsylvania has confirmed a cyberattack where hackers breached their systems using social engineering, stealing 1.71 GB of internal documents and a donor database. Despite the university’s swift response, hackers still sent an offensive email to 700,000 recipients. The FBI and CrowdStrike are investigating.

Malware is getting a tech upgrade, with AI now its partner in crime. From self-rewriting droppers like PromptFlux to sneaky data miners like PromptSteal, AI-powered malware is evolving. As cybercriminals outsmart AI security, experts warn of a digital arms race, where even the bad guys are using AI to sharpen their tools.

Manufacturers are grappling with operational technology security challenges, from supply chain risks to human factors. Despite increased awareness, the struggle remains real. Outdated systems and abundant access points add to the chaos. Manufacturers must ask, “How do we measure better outcomes?” as they juggle OT security issues and a growing attack surface.

WordPress users, beware! A flaw in a popular plugin with over 400,000 downloads is like an open invitation for hackers to take over your account and website. Researchers urge immediate updates to avoid becoming a part of a looming attack campaign. Don’t let your website become a playground for threat actors.

Google’s Threat Intelligence Group (GTIG) warns of a major shift: adversaries are harnessing artificial intelligence to craft dynamic malware families using large language models. This “just-in-time” self-modifying malware is like a chameleon with a PhD in mischief-making, adapting mid-execution for unprecedented versatility in its digital shenanigans.

Flare raises $30 million to boost its threat exposure management platform, reaching almost $70 million in total funding. The Montreal-based company uses AI to help organizations tackle high-risk exposures from the dark web. New funds will enhance their Identity Exposure Management capabilities and explore strategic acquisitions.

Ransomware gangs are now operating like the SaaS companies of the criminal underworld, using automation, AI, and clever marketing to boost their “success.” According to ReliaQuest, the average breakout time has slimmed to 18 minutes, giving defenders about enough time to microwave a burrito before chaos ensues.

ConductorOne, the identity security provider, just raised $79 million, bringing its total to over $110 million. With AI-driven identity management, it’s on a mission to untangle the web of digital identities. So, if you’re tired of password juggling, rest assured ConductorOne has got you covered, one secure log-in at a time!

Operation Chargeback has swiped out three enormous credit card fraud networks, resulting in 18 arrests and sparing 4.3 million cardholders from further financial heartache. This international takedown was no small change—€300 million in damages, 19 million fake subscriptions, and 193 countries affected. Talk about a global swipe!

Move over, hackers! Your new favorite WordPress plugin, Post SMTP, has a flaw that turns password reset emails into your personal treasure map. With a CVSS score of 9.8, it’s the hottest ticket in town for account takeover attacks. Update to version 3.6.1 pronto, or risk your website becoming a hacker’s playground!

Daylight raises $33 million to light up the cybersecurity scene with its AI-powered Managed Detection and Response platform. By combining the speed of AI with human expertise, Daylight’s MASS offering aims to outpace threats and reduce the need for sleep-deprived IT teams everywhere. Finally, a reason to nap at work without guilt!

Portal26, the GenAI adoption management platform, just snagged $9 million in Series A funding. With Shasta Ventures leading the charge, Portal26 is ready to turbocharge growth and innovation, ensuring companies have real-time visibility into their gen-AI consumption—because nothing says “cutting-edge” like keeping an eye on your AI overlords.

Hackers accessed Nikkei’s Slack accounts, stealing data from 17,000 users through infostealer malware. Fortunately, no information related to sources or reporting was leaked. Nikkei voluntarily reported the attack to Japan’s Personal Information Protection Commission. Remember, folks, cybersecurity is no laughing matter, unless you’re the infostealer malware that just won’t quit.

The U.S. Treasury has sanctioned North Korea’s financial network for money laundering tied to cybercrime and IT worker fraud. North Korean hackers are funding weapons programs through these illicit activities. The Treasury vows to cut off these revenue streams, emphasizing the threat to global security from these schemes.

UNK_SmudgedSerpent has emerged as the new menace on the cyberblock, targeting academics and foreign policy experts amid Iran-Israel tensions. With tactics like impersonating U.S. think tanks and luring victims into downloading fake Microsoft Teams software, they’re phishing for credentials like it’s going out of style!

Microsoft Teams security vulnerabilities let attackers impersonate executives, alter chat histories, and fake notifications. Check Point Research found that attackers could tamper with conversations, leaving almost no trace. Microsoft addressed these issues after disclosure in 2024, rolling out patches over several months. Collaboration tools remain prime targets for attackers.

SMS fraud losses are set to drop by 11% next year, thanks to improved operator security and declining message volumes. But beware! Fraudsters are shifting tactics, targeting Rich Communication Services (RCS) with innovative scams. Operators must up their game with advanced firewalls to keep these digital tricksters at bay.

Iran spying on US policy experts is like reading someone else’s diary to find out what they think of you. In a summer of cyber intrigue, UNK_SmudgedSerpent impersonated top thinkers and sent phishing emails to gather strategic intelligence, leaving experts puzzled about the true identity of these digital pranksters.

Microsoft has issued a warning: after installing the October 2025 Windows updates, some systems might boot straight into BitLocker recovery mode. This glitch affects Intel devices with Modern Standby, causing an unexpected detour to the recovery screen. Affected users will need to dig up that elusive recovery key before returning to business as usual.

Win10 still clings to over 40% of devices, proving it’s the IT equivalent of that one party guest who just won’t leave. Despite Microsoft’s support withdrawal, Defra’s ambitious IT refresh might be buying obsolescence, as they replace outdated systems with something that’s already out of date.