OpenAI is preparing a major change to ChatGPT’s rules: starting in December, age-verified users will be able to interact with adult content, including erotica. The company’s CEO, Sam Altman, announced the change, emphasizing his commitment to respecting adult users. This change will be part of the age restriction system that OpenAI intends to fully implement by the end of the year. The company had previously announced its intention to allow the development of ChatGPT apps with adult content, subject to all required controls and age verification. It’s now clear that this isn’t just about external developments: the platform itself will begin supporting

Harvard University has confirmed that it was hit by a recent campaign that exploited a vulnerability in Oracle’s E-Business Suite (EBS). In a statement to Recorded Future News, the university said it was investigating recent hacker reports that data was stolen from the system. Officials confirmed that the incident “impacted a limited number of individuals associated with a small administrative unit.” “Harvard is aware of reports that data associated with the University was obtained due to a zero-day vulnerability in the Oracle E-Business Suite system. This issue has impacted many Oracle E-Business Suite customers and is not unique to Harvard,” a university

The People’s Liberation Army (PLA) has announced a shift in ground forces tactics, from traditional close-quarters tank combat to long-range, beyond-line-of-sight operations. This shift was made possible by the introduction of the latest Type 100 main battle tanks. According to military command officials, this represents a complete transformation of ground combat. Armored units are receiving not only new vehicles, but also sensor systems, artificial intelligence components, and automated control systems. Analysts believe China is among the few countries capable of conducting ground combat without visual contact, relying on a distributed digital infrastructure. The commander of one of the armored brigades, Song Yongming,

Attackers are abusing the legitimate npm infrastructure in a new phishing campaign on Beamglea. This time, the malicious packages don’t execute malicious code, but instead exploit the legitimate CDN service unpkg[.]com to show users phishing pages. At the end of September, security researchers at Safety identified 120 npm packages used in such attacks, but now their number has exceeded 175 , security firm Socket reports. These packages are designed to attack over 135 organizations in the energy, industrial, and technology sectors. Targets include Algodue, ArcelorMittal, Demag Cranes, D-Link, H2 Systems, Moxa, Piusi, Renishaw, Sasol, Stratasys, and ThyssenKrupp Nucera. The attacks are primarily

In its latest update, the tech giant fixed 175 vulnerabilities affecting its core products and underlying systems, including two actively exploited zero-day vulnerabilities , the company said in its latest security update . This is the largest set of bugs disclosed by the tech giant this year. The zero-day vulnerabilities, CVE-2025-24990 affecting the Agere Windows Modem Driver and CVE-2025-59230 affecting the Windows Remote Access Connection Manager , both have a CVSS score of 7.8. The Cybersecurity and Infrastructure Security Agency (CISA) added both zero-day vulnerabilities to its KEV catalog of known vulnerabilities on Tuesday. Microsoft said the third-party Agere modem driver ,

While Microsoft actively promotes its Copilot tools for businesses, the company also warns of the dangers of uncontrolled use of “shadow” AI by employees. A new report raises the alarm about the rapid growth of so-called “shadow AI,” where employees use third-party neural networks and bots in their work without the approval of the company’s IT department. According to Microsoft, 71% of UK respondents admitted using AI services for personal use at work without the knowledge of system administrators. Furthermore, more than half continue to do so regularly. This practice covers a wide range of activities: nearly half of employees use unauthorized

Ivanti has published 13 vulnerabilities in its Endpoint Manager (EPM) software , including two high-severity flaws that could allow remote code execution and privilege escalation . Despite the lack of exploitation, CVE-2025-9713 stands out among the vulnerabilities as a high severity path traversal issue with a CVSS score of 8.8, which allows unauthenticated remote attackers to execute arbitrary code if users interact with malicious files. This is CWE-22, which is exploited due to poor input validation during the configuration import process, which could allow attackers to upload and execute malicious code on the server. Rounding it all out is CVE-2025-11622, an insecure

McAfee researchers have reported new activity by the Astaroth banking trojan , which has started using GitHub as a persistent channel for distributing configuration data. This approach allows attackers to maintain control over infected devices even after the primary command and control servers are disabled, significantly increasing the malware’s survivability and making it more difficult to neutralize. The attack begins with a phishing email disguised as a notification from popular services like DocuSign or purporting to contain a candidate’s resume . The body of the email contains a link to download a ZIP archive. Inside is a shortcut file (.lnk) that launches

Satellite communications links used by government agencies, the military, businesses, and mobile operators have been discovered to be the source of a massive data leak. Researchers at the University of California, San Diego, and the University of Maryland have found that about half of all geostationary satellites transmit information without any protection . Over the course of three years, they intercepted signals using equipment costing no more than $800 and discovered thousands of phone conversations and text messages from T-Mobile users, data from the U.S. and Mexican military, and internal communications from energy and industrial companies. Using a standard satellite dish on

Developer Andrej Karpathy has unveiled nanochat , a minimalist, fully open-source version of ChatGPT that can be trained and run on a single computer. Designed as a learning platform for Eureka Labs’ LLM101n course , the project allows users to build their own language model “from scratch to the web interface” without cumbersome dependencies or complex infrastructure. The goal of nanochat is to demonstrate that a basic analog of ChatGPT can be built in a few hours and for about $100. The speedrun.sh script automatically performs all the steps, from tokenization and training to inference and launching a web interface that can