Identity-related weakness is the new darling of cloud attacks, according to ReliaQuest. With credentials sold for as little as $2, attackers are having a field day. Over-privileged cloud identities are the cherry on top, making it a breeze to escalate access. It’s like letting a toddler loose with a credit card!

The 2025 Insider Risk Report reveals 93% of security leaders find insider threats as challenging as external attacks, yet only 23% feel confident in thwarting them. Despite AI-driven risks, many organizations remain reactive, often blindsided by trusted insiders misusing powerful tools.

Google’s AI agent Big Sleep discovered five WebKit flaws in Safari, prompting Apple to fix issues that could lead to browser crashes or memory corruption. With names like CVE-2025-43434, these vulnerabilities sound like they could double as droid names in a sci-fi movie. Luckily, none have been exploited in the wild—yet.

Hackers are using OpenAI’s Assistants API not to wax poetic but as a secret channel for malware control. Dubbed “SesameOp,” this ingenious campaign blends in with normal AI traffic, avoiding detection. Microsoft notes it exploits OpenAI’s capabilities, turning a cloud tool into a cybercriminal’s getaway car.

Operation SkyCloak is a phishing campaign targeting the defense sector in Russia and Belarus. It uses weaponized attachments to deliver malware, setting up persistent backdoors with OpenSSH and Tor. The malware cleverly evades detection with environmental awareness checks, while attackers enjoy remote access and anonymity—like ninjas, but with keyboards.

Apple’s latest iOS and macOS security updates tackle over 100 vulnerabilities. From unexpected crashes to keystroke monitoring, these flaws had more issues than a reality TV star. But fear not, Apple’s got you covered. The updates ensure your devices are more secure than a secret agent’s getaway car.

A China-linked hacking group, Storm-1849, is causing a hullabaloo by compromising Cisco firewalls used by governments and large firms globally. Despite CISA’s emergency patch directive, the hackers keep popping up like a bad internet meme. Experts advise: “Keep calm and patch on!” It’s a digital cat-and-mouse game with high stakes.

Zscaler has snapped up AI security company SPLX, boosting its Zero Trust Exchange platform. SPLX, founded in 2023, specializes in securing AI assets like chatbots and models. While the financial details are top secret, this acquisition promises to secure AI lifecycles with a flair that’s more James Bond than HAL 9000.

Balancer, a top DeFi protocol, was hit with a cyber-attack, resulting in over $120m in losses. The attack exploited a rounding error in Balancer V2 Composable Stable Pools. Meanwhile, phishing scams are circulating, with fraudsters offering a “white-hat bounty” for the return of funds. Balancer assures other pools like V3 are unaffected.

Google’s November 2025 Android update tackles two System component vulnerabilities. Despite the single security patch level, one flaw could allow remote code execution, no user interaction required. After a decade of monthly patches, Google’s security update dance seems to have hit a new rhythm with this fresh twist in Android security updates.

A trio allegedly swapped keyboards for crime, hacking networks of five U.S. companies using BlackCat ransomware. Their digital mischief targeted firms from medical devices to drones, demanding hefty ransoms. While one hacker confessed, another claims innocence. This cyber caper might land them a 50-year stay at the “federal hotel.”

Google’s AI cybersecurity agent, Big Sleep, has helped Apple catch five potential WebKit security flaws in Safari. These vulnerabilities could lead to browser crashes or memory corruption. So, update your devices pronto! Big Sleep, formerly known as Project Naptime, proves that even tech giants need a good night’s rest to keep things secure.

Hackers are using RMM software to hijack trucking firms and make off with cargo, mainly food and drinks. It’s a cyber caper with a side of organized crime, leaving logistics companies scratching their heads—and their cargo bays empty. This cyber-enabled freight theft fuels the rise of digital cargo heists.

Microsoft has revealed a sneaky backdoor named SesameOp, using OpenAI Assistants API for command-and-control operations. Instead of traditional methods, this backdoor leverages AI to stealthily manage malicious activities, making it a high-tech game of hide and seek. Microsoft and OpenAI are working together to address this digital mischief.

Chinese president Xi Jinping joked that Xiaomi smartphones might come with backdoors. During a meeting with South Korea’s president, Xi’s quip about security sparked a laugh. But behind the humor lies a serious concern: fears of surveillance have led many to avoid Chinese telecom products despite their export success.

Australian police arrested 55 individuals after unleashing a backdoored messaging app, AN0M, on unsuspecting criminals. This ingenious ploy began when Phantom Secure vanished, and the FBI and AFP swooped in with their sneaky alternative. Operation Ironside has now reached its third act, with South Australia Police seizing AUD$25.8 million in assets.

Security researchers have uncovered a highly capable Android banking Trojan called Android/BankBot-YNRK, targeting users in Indonesia and Southeast Asia. Disguised as a legit government app, it exploits accessibility features for remote control, data theft, and more. This malware targets crypto wallets and banking apps, making it a formidable player in the threat landscape.

Microsoft has finally fixed the mysterious “Update and shut down” issue that left users scratching their heads and their laptops unexpectedly powered on. No more waking up to a surprise login screen and a drained battery. With this fix, you can now confidently bid your PC goodnight without fearing it’s secretly pulling an all-nighter!

The claim that 80 percent of ransomware attacks come from AI has been debunked faster than you can say “cyberslop.” MIT Sloan yanked its paper after security experts burst into laughter and pointed out the absurdity. Turns out, AI isn’t quite the criminal mastermind we were led to believe.

Ransomware negotiator Ryan Clifford Goldberg and incident response manager Kevin Tyler Martin, once the cybercrime-fighting Batman and Robin, are now accused of turning to the dark side with ALPHV/BlackCat ransomware. Allegedly, they went from saving the day to demanding pay, proving that sometimes the capes were just capers.