CISA just expanded its Known Exploited Vulnerabilities catalog. Two new stars: XWiki’s flaw, which lets hackers inject malicious code faster than you can say “CVE-2025-24893,” and VMware’s bug, offering a VIP backstage pass to root privileges. Patch up by November 20 or face the wrath of BOD 22-01!

Zombie assets are haunting businesses, from undead code to forgotten hardware, causing cybersecurity nightmares. These forgotten projects, much like bad horror movies, refuse to die and continue to expose companies to risks. The graveyard of old tech is expanding attack surfaces, creating a breeding ground for potential breaches.

A Chinese threat actor, UNC6384, is exploiting CVE-2025-9491, an unpatched Windows shortcut vulnerability, to target European diplomats. This misrepresentation flaw is cleverly used to disguise malicious files as innocuous shortcuts. Despite Microsoft’s stance, Arctic Wolf highlights the ongoing espionage antics, proving yet again that shortcuts in cybersecurity lead to long-term headaches.

Clearview AI, the US-based facial recognition firm, faces a criminal complaint in Austria for allegedly dodging EU data protection laws. The European Center for Digital Rights, noyb, has filed this action, claiming Clearview AI has ignored fines and violated GDPR by processing European citizens’ data without compliance. Jail time could be on the cards!

Ukrainian national Oleksii Lytvynenko faces 25 years in the U.S. for his alleged role in the Conti ransomware operation. Accused of controlling stolen data and sending ransom notes, his extradition comes after an Irish arrest. Conti, a notorious cybercrime syndicate, has extorted millions globally and caused havoc in critical infrastructure.

Suspected Chinese actors have hacked U.S.-based Ribbon Communications, accessing customer files on two laptops. Though the intrusion might have started in December 2024, it was discovered in September 2025. The company reports no significant financial impact and is collaborating with cybersecurity experts to investigate and enhance security measures.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new guidance to harden Microsoft Exchange Server instances. By embracing measures like multi-factor authentication and zero trust security, organizations can outsmart cyber villains and their penchant for chaos. Remember, in cybersecurity, prevention is better than a “whoops, we got hacked” moment!

How to hack a poker game? Just ask a card shuffler! Turns out, the DeckMate 2, a common shuffling machine, can be rigged to reveal card order, turning poker into a high-stakes guessing game. WIRED’s Andy Greenberg and his crew show how even non-gamblers could be affected. So, are your tech devices really secure?

Digital authoritarianism is on the rise, and it’s not just a spy movie plot. Experts reveal that while some companies are taking commendable steps to protect user data, like Apple’s Lockdown Mode, the spyware market is booming, fueled by both democratic and non-democratic governments. It’s a cyber wild west out there, and your data might…

Eclipse Foundation rescues Open VSX from token turmoil! After some tokens were leaked in VS Code extensions, they swooped in, revoked them, and tightened security. Thanks to some developer oopsies, tokens were exposed, but fear not—new measures are in place, including a snazzy token prefix and reduced token lifetimes.

Japan’s Ministry of Economy, Trade and Industry has rolled out a 130-page OT security guide for semiconductor factories. Aimed at device makers, it draws on Japan’s Cyber/Physical Security Framework and NIST’s CSF 2.0. In a world where hackers are as common as sushi, this guide is a must-read for chipmakers.

CISA adds a Broadcom VMware Tools flaw to its Known Exploited Vulnerabilities catalog. This high-severity vulnerability could let attackers achieve root-level privileges, and it was already exploited as a zero-day. Federal agencies have until November 2025 to patch up before things go from “uh-oh” to “oh no!”

NHS hospitals are stuck in the past, blocked from fully upgrading to Windows 11 by stubborn suppliers. Some suppliers are demanding steep fees to update medical devices, leaving a small percent of NHS tech in a Windows 10 time warp. This digital dilemma risks patient data and care—talk about a tech-induced heart attack!

The ECB is set to give the Euro a digital makeover by 2029! With two-thirds of digital payments in the Eurozone handled by non-European companies, a Digital Euro aims to keep the currency “fit for the future.” But will it be a financial revolution or just another Euro trip?

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added XWiki Platform, Broadcom VMware Aria Operations, and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. These vulnerabilities include a critical XWiki code injection flaw and a VMware privilege escalation issue. CISA urges immediate patching to prevent unauthorized access and exploitations.

Age gating is like the bouncer of the internet, telling kids “no entry” without checking IDs. Meanwhile, age assurance throws everyone into a guessing game of how old you look, while age verification demands you “show your papers” like you’re entering a top-secret club. It’s all about privacy, data, and your online rights.

The Akira ransomware group claims to have breached Apache OpenOffice, stealing 23GB of data. Akira’s alleged loot includes sensitive documents and financial records. While the Apache Software Foundation hasn’t confirmed the breach, OpenOffice users are urged to download only from the official site, lest they want a surprise “feature” added to their software.

Criminal hackers once outgunned by nations like China and Russia are now leveling the cyber playing field with the help of artificial intelligence. Thanks to AI, these mid-tier troublemakers have upgraded from digital pickpockets to full-blown cyber ninjas, giving the FBI a run for its encrypted money.

OpenAI’s GPT-5 Instant now acts as a virtual emotional support buddy, recognizing when users are having a tough time. It’s like having a therapist with a PhD in speed, rerouting sensitive conversations to ensure you’re heard and supported. Rest assured, this chatbot is ready to lend a virtual ear with expert guidance.

In a revelation that could make Windows AI sweat circuits, researcher hxr1 shows how trusted ONNX files can serve as sneaky malware delivery systems. It’s like hiding a needle in a haystack, where the haystack is a neural network and the needle is a malicious payload. Talk about a tech twist!