The U.S. Department of Justice has indicted Ukrainian Volodymyr Tymoshchuk on seven counts of computer hacking and extortion. He is considered one of the most dangerous hackers of recent years. The investigation alleges that Tymoshchuk and his accomplices distributed the LockerGoga, MegaCortex, and Nefilim viruses. These programs encrypted victims’ data, and the attackers demanded ransom, threatening to publish confidential information. “Tymoshchuk is a serial ransomware attacker who has targeted major U.S. companies, healthcare institutions, and major foreign industrial enterprises,” said Joseph Nocella Jr., U.S. Attorney for the Eastern District of New York. According to prosecutors,the group attacked more than 250 companies in

On September 9, 2025, two significant vulnerabilities were discovered in Microsoft Office, for which dedicated patches were created. These vulnerabilities, if exploited by attackers, could allow malicious code to be executed on affected systems. The vulnerabilities, identified as CVE-2025-54910 and CVE-2025-54906, have raised security concerns for users, as they affected various versions of the popular productivity suite. While Microsoft currently deems these vulnerabilities unlikely to be exploited, the potential for remote code execution requires urgent action by users and system administrators. These vulnerabilities are at risk for user security. Due to these vulnerabilities, identified as CVE-2025-54910 and CVE-2025-54906, user security is at

Google announced that it will integrate C2PA Content Credentials technology into the Pixel 10 camera app and Google Photos to help users distinguish authentic images from those created or modified by artificial intelligence. Google noted that the problem of labeling synthetic content has become much more acute in recent years, as traditional approaches are virtually ineffective and leave room for different interpretations and distortions of information. On the latest Pixel 10 smartphones, every JPEG photo will automatically receive Content Credentials, which contain information about how the photo was created. photos. “Content credentials contain a rich set of information about how media files

Two Kenyan documentary filmmakers were placed under surveillance by security services for their work on a film about youth protests. Computer forensics researchers say their phones were infected with FlexiSPY spyware while they were in police custody. Brian Adagala and Nicholas Wambugu were arrested on May 2nd on charges of spreading false information but were released the next day. However, their mobile devices remained in the possession of authorities and were only returned on July 10th. According to lawyer Jan Mutiso, it was during this time that the surveillance program was installed on the devices. The analysis was conducted by specialists from

A new tool called SpamGPT has appeared on underground forums and has quickly become a hot topic in the cybersecurity community. The malicious software combines the capabilities of generative artificial intelligence with a complete system for sending mass emails and presents itself as a ready-to-use solution for conducting phishing campaigns. Its developers openly call the product “spam-as-a-service,” emphasizing that it combines all the functions of a professional marketing platform, but is used for illegal activities. The SpamGPT interface faithfully replicates legal email marketing services: modules are available for campaign management, SMTP and IMAP settings, delivery controls, and analytics. The dark control panel

Sophos has announced that it has fixed a critical authentication bypass vulnerability affecting its AP6 series wireless access points. The flaw allowed a remote attacker to gain administrative privileges by accessing the device’s management IP address. The discovery was made during internal security testing conducted by the company. The issue affects firmware versions prior to 1.7.2563 (MR7). In these releases, the vulnerability exposed access points to the risk of complete compromise, allowing an attacker to control configurations and functionality. Sophos has rated the vulnerability’s severity as critical, with a CVSS score of 9.8. The technical description traces it to a flaw classified

At the DefCon security conference, researchers presented a significant exploit chain that allows attackers to gain administrator permissions for vehicle entertainment systems through Apple CarPlay. The attack known as “Pwn My Ride” targets a series of vulnerabilities in the protocols that govern the operation of wireless CarPlay. These vulnerabilities can be exploited to remotely execute code (RCE) on the vehicle’s multimedia unit, jeopardizing the security of the system. The attack, in its nature, consists of a sequence of weaknesses inherent in the protocols that govern wireless CarPlay. This allows remote code execution on the vehicle’s multimedia unit, potentially allowing attackers to take

Volkswagen announced on the first day of the IAA Mobility international trade fair in Munich its intention to integrate artificial intelligence into all areas of its business, with the aim of generating significant cost savings. The investment will focus on the development of AI-based vehicles, industrial applications, and the expansion of high-performance IT infrastructure. According to estimates, the large-scale adoption of artificial intelligence could lead to savings of €4 billion by 2035. The company expects that the use of AI will significantly accelerate the development of new models and bring advanced technologies to market more quickly. “For us, artificial intelligence is the

Millions of people and businesses rely on Google Drive to store contracts, reports, photos, and work documents, using the Windows desktop client to sync files between local and cloud folders. But it was this very application that proved vulnerable: a serious bug was discovered that allows anyone on a shared computer to gain full access to the contents of someone else’s Google Drive account without having to request new authorization. Researchers discovered that the program saves copies of synchronized data in a hidden DriveFS folder within the Windows profile. This directory should be accessible only to the owner, but the application doesn’t

Attaullah Baig, who reportedly led WhatsApp’s security team from 2021 to 2025, has filed a lawsuit against parent company Meta. Baig claims he was fired for repeatedly attempting to fix the messaging app’s serious cybersecurity issues. Baig has filed a lawsuit under of the Sarbanes-Oxley Act for allegedly concealing security issues that could have led to potential shareholder fraud, as well as potential violations of the U.S. Securities and Exchange Commission (SEC) rules regarding internal information controls. In In the lawsuit, the former WhatsApp employee (who previously held cybersecurity positions at PayPal and Capital One) alleges that WhatsApp management wrongfully fired him,