The U.S. Cybersecurity and Infrastructure Security Agency has added flaws from Oracle, Mozilla, Microsoft Windows, and the Linux Kernel to its Known Exploited Vulnerabilities catalog. These vulnerabilities include everything from privilege escalation to remote code execution, making it a hacker’s buffet, but not the kind you’d want to RSVP to anytime soon.

Discord reveals a third-party data breach affecting customer support interactions. User data like names, emails, and even government ID images were exposed. Don’t worry, though—Discord itself wasn’t breached. They’re urging impacted users to remain vigilant for shady messages. Remember, folks, if a prince from a faraway land asks for money, it’s probably a scam!

Red Hat data breach drama intensifies as ShinyHunters extortion plot unfolds. With 570GB of compressed data at stake, hackers play a high-stakes game of “pay up or leak out.” Red Hat’s silence might be golden, but for ShinyHunters, it’s just another day in the Extortion-as-a-Service office.

Merlin Group’s new chief strategy officer, Matt Hartman, is swapping Homeland Security for cyber-wizardry. With a knack for national policy and government-industry collaboration, he’s set to amplify Merlin’s impact and sprinkle some cybersecurity magic. As Merlin’s founder says, Hartman’s insights will help deliver game-changing solutions.

Storm-1175 is making waves by exploiting a GoAnywhere MFT vulnerability in Medusa ransomware attacks. While Fortra patched it without fanfare, this cybercrime group has been busy since September, turning vulnerabilities into opportunities. It’s a good reminder that sometimes it’s not the storms you see coming that get you, but the ones named Storm-1175.

Cybersecurity researchers at ESET have uncovered two mobile spyware campaigns in the UAE, duping users into installing fake versions of Signal and ToTok. These malware strains, ProSpy and ToSpy, swipe personal data by masquerading as trusted apps. Remember, folks: if it’s not from an official app store, it’s probably not your friend.

Microsoft is tackling a glitch that causes Copilot issues when juggling multiple Office apps. If Excel beats Word to the WebView2 punch, Copilot might freeze. Closing Excel first is like giving Copilot a green light! Microsoft is working on a fix so Copilot can stop playing favorites.

Zeroday Cloud hacking competition is offering $4.5 million for researchers to break into open-source cloud and AI tools. With prizes up to $300,000, hackers can prove their skills at Black Hat Europe in December. But watch out, Trend Micro accused them of pulling a rulebook heist from Pwn2Own’s playbook!

Get ready to pulse with excitement! OpenAI’s ChatGPT Pulse is set to hit the web, offering personalized updates if you’re a $200 Pro subscriber. Imagine starting your day with a custom update card, perfect for reminding you of meetings you forgot you had! Just don’t expect it on the $20 Plus plan—yet.

At Europol’s 4th Annual Cybercrime Conference, experts discussed the dilemma of balancing data access with privacy rights. Criminals are outpacing regulators by exploiting encryption and new tech. Europol’s Catherine De Bolle warned, “When digital evidence remains out of reach, organized crime thrives.” Time to catch up, or criminals might just start their own conference.

At Europol’s 4th Annual Cybercrime Conference, experts discussed the dilemma of balancing data access with privacy rights. Criminals are outpacing regulators by exploiting encryption and new tech. Europol’s Catherine De Bolle warned, “When digital evidence remains out of reach, organized crime thrives.” Time to catch up, or criminals might just start their own conference.

Redis has patched a severe vulnerability dubbed RediShell that allows remote code execution on thousands of instances. This flaw, CVE-2025-49844, can be exploited using a crafted Lua script. Admins, patch now or risk having your data hijacked faster than you can say “free RAM cookies!”

Scattered Lapsus$ Hunters is offering $10 in Bitcoin for help in a crowdsourced extortion scheme. The group, known for poor spelling, wants emails sent to execs to press for ransoms. Despite claiming retirement, they’re active, with over $1,000 allegedly paid out, but trusting cybercriminals is always a risky bet.

OpenAI is building a tool called AI Builder, which could be the Visual Studio moment for creating AI agents. Imagine building agentic experiences with flowcharts, nodes, and arrows. It’s like playing with digital Lego, but instead of a colorful castle, you end up with an AI-powered customer service rep.

Discord has confirmed that hackers swiped personal data from a third-party customer service provider. While your financial info and passwords remain safe, your contact details might’ve gone on an unexpected adventure. Discord is working on it, but keep an eye out for any suspicious messages sliding into your DMs.

The Trinity of Chaos has turned cybercrime into a reality show, debuting a data leak site on the TOR network. This ransomware collective is allegedly tied to Lapsus$, Scattered Spider, and ShinyHunters. They threaten Salesforce with unprecedented legal tactics, while flaunting a collection of 1.5 billion records. Tune in for chaos!

LinkedIn is suing ProAPIs Inc. and its founder for allegedly scraping data with a million fake accounts. The lawsuit seeks to stop scraping, delete collected data, and demand damages. ProAPIs allegedly marketed a tool called iScraper API, charging up to $15,000 a month. LinkedIn aims to combat unauthorized data collection aggressively.

Beijing Institute of Electronics Technology and Application, likely tied to China’s Ministry of State Security, is reportedly developing tech to support intelligence missions. Among their secretive projects? Steganography for covert communications and malware deployment. Basically, they’re like the James Bond of tech, minus the Aston Martin and martinis.

Oracle has patched a critical flaw in its E-Business Suite, CVE-2025-61882, exploited by Cl0p hackers. This cybercrime group was having a field day with data theft attacks, but Oracle’s emergency patch aims to shut down their party. E-Business Suite users, it’s time to patch up and lock them out!

LinkedIn has leveled a lawsuit against ProAPIs and its CEO, Rahmat Alam, for allegedly scraping user data through millions of fake accounts, charging clients up to $15,000 a month. Not only does this scheme overload LinkedIn’s servers, but it also turns “networking” into a whole new kind of sport.