The ESET research team has published a detailed analysis revealing how the cyber-espionage group RomCom exploited a previously unknown path-traversal vulnerability in WinRAR (CVE-2025-8088) to stealthily install malicious software on victims’ computers. This flaw...
Researchers have determined that a critical flaw in the SSH stack implementation of Erlang/Open Telecom Platform had been actively exploited as early as May 2025, with roughly 70% of detections targeting firewalls safeguarding industrial...
Analysts from FortiMail Workspace Security have uncovered a targeted campaign against Israeli companies and organizations within critical infrastructure sectors. The attackers exploited a compromised internal email system to send highly convincing messages to regional...
Pavel Durov announced that over the past 20 days, Telegram has received hundreds of reports from users about cases of extortion and doxxing. Based on these complaints, the platform initiated a large-scale purge of...
Automation of IT infrastructure management through artificial intelligence, as revealed in a recent study by RSAC Labs and George Mason University, may carry substantial risks. The researchers found that AIOps solutions—systems leveraging models akin...
No AI product in history has stirred such a tidal wave of anticipation as OpenAI’s long-awaited GPT-5. Yet, following its high-profile launch last week, the model swiftly found itself under fire—a troubling omen for...
Since its emergence in the spring of 2024, the ransomware-as-a-service (RaaS) group Embargo has rapidly secured a prominent position in the cybercriminal landscape. According to TRM Labs, wallets linked to the operation may have...
A hidden system prompt for GPT-5 has surfaced online, published on GitHub. This set of internal rules defines what ChatGPT may and may not do, which types of data it can retain, and which...
A wave of SMS fraud sweeping across the United States and beyond has entered a new and more insidious phase. Behind seemingly mundane yet convincing messages about unpaid fines or failed deliveries lies a...
Security experts at SafeBreach have disclosed the details of a vulnerability in the Windows Remote Procedure Call (RPC) protocol, patched by Microsoft in the July 2025 security update. Tracked as CVE-2025-49760 with a CVSS...
A vulnerability was discovered in the online access system for auto dealers of one of the world’s largest car manufacturers—uncovered simply by examining the page’s code. Security researcher Eitan Zwer of Harness reported that...
Researchers at Forcepoint X-Labs have identified a new malware campaign targeting macOS users. The attack employs an enhanced ClickFix technique—combining phishing with social engineering—to steal data from cryptocurrency wallets, browser accounts, and confidential files....
At DEF CON 33, researchers from SafeBreach unveiled a new attack technique dubbed Win-DDoS, capable of transforming thousands of publicly accessible domain controllers (DCs) worldwide into a powerful botnet for large-scale DDoS attacks. The...
Researchers at Eclypsium have uncovered critical vulnerabilities in the Lenovo 510 FHD and Lenovo Performance FHD webcams that allow them to be transformed into BadUSB-style attack devices. The issue, dubbed BadCam, was presented at...
In 2024, Americans over the age of 60 lost an astronomical $700 million to online fraud—a record high in the entire history of monitoring by the U.S. Federal Trade Commission (FTC). The latest Consumer...
After Grok-4 was compromised in just two days, GPT-5 fell within a mere 24 hours to the same group of researchers. Almost simultaneously, the SPLX testing team (formerly SplxAI) declared: “Out-of-the-box GPT-5 is practically...
