Millions of people and businesses rely on Google Drive to store contracts, reports, photos, and work documents, using the Windows desktop client to sync files between local and cloud folders. But it was this very application that proved vulnerable: a serious bug was discovered that allows anyone on a shared computer to gain full access to the contents of someone else’s Google Drive account without having to request new authorization. Researchers discovered that the program saves copies of synchronized data in a hidden DriveFS folder within the Windows profile. This directory should be accessible only to the owner, but the application doesn’t

Attaullah Baig, who reportedly led WhatsApp’s security team from 2021 to 2025, has filed a lawsuit against parent company Meta. Baig claims he was fired for repeatedly attempting to fix the messaging app’s serious cybersecurity issues. Baig has filed a lawsuit under of the Sarbanes-Oxley Act for allegedly concealing security issues that could have led to potential shareholder fraud, as well as potential violations of the U.S. Securities and Exchange Commission (SEC) rules regarding internal information controls. In In the lawsuit, the former WhatsApp employee (who previously held cybersecurity positions at PayPal and Capital One) alleges that WhatsApp management wrongfully fired him,

It has been discovered that iCloud Calendar invitations have been used to send phishing emails disguised as purchase notifications directly from Apple’s mail servers. This tactic increases the likelihood of bypassing spam filters. Bleeping Computer reported that earlier this month, a reader shared a malicious email purporting to be a receipt for $599, supposedly charged to their PayPal account. The email included a phone number in case the recipient wanted to mark the payment or make changes. The purpose of these emails is to trick users into believing that their PayPal account has been hacked and that the funds are being used

Two significant elevation of privilege vulnerabilities affecting Windows BitLocker encryption have been addressed by Microsoft. These flaws, identified as CVE-2025-54911 and CVE-2025-54912, have been classified as high severity. These vulnerabilities were disclosed on September 9, 2025. Both CVE-2025-54911 and CVE-2025-54912 are classified as “Use-After-Free ” vulnerabilities, a common and dangerous type of memory corruption bug. This weakness, cataloged as CWE-416, occurs when a program continues to use a pointer to a memory location after that memory has been freed or deallocated. The discovery of CVE-2025-54912 has been attributed to Hussein Alrubaye, in collaboration with Microsoft, demonstrating a collaborative effort between the company

Adobe has reported a critical bug (CVE-2025-54236) affecting the Commerce and Magento platforms. Researchers have called this vulnerability SessionReaper and describe it as one of the most serious in the history of these products. This week, Adobe developers have already released a patch for the security bug, which received a CVSS score of 9.1. It is reported that the vulnerability can be exploited without authentication to take control of customer accounts via the Commerce REST API. According to experts at cybersecurity firm Sansec, Adobe notified “select Commerce customers” of the upcoming fix on September 4, which was released on September 9. Customers

Check Point researchers have discovered a large-scale active phishing campaign exploiting Google Classroom, a platform trusted by millions of students and educators worldwide. Over the course of a single week, attackers launched five coordinated waves, distributing more than 115,000 phishing emails targeting 13,500 organizations across various industries. Organizations in Europe, North America, the Middle East, and Asia were targeted. A trusted tool transformed into a threat vector Google Classroom is designed to connect teachers and students through invitations to join virtual classes. Attackers exploited this trust by sending fake invitations containing unrelated commercial offers, ranging from product resale to SEO services. Each

Jaguar Land Rover (JLR), one of Britain’s largest car manufacturers, has been hit by a cyber attack that has paralyzed its IT systems.Production at plants in the UK and abroad has been halted since late August, leaving dealers unable to register new cars and customers unable to receive their payments on time. The downtime costs the company around £5 million in lost profits per day. As reported by the BBC, former Land Rover chief engineer Charles Tennant recalled that under normal conditions the company earns around £75 million per day. According to him, a week of downtime translates into losses of tens

The recent September Patch Tuesday security update saw Microsoft release a comprehensive series of updates, addressing a total of 81 vulnerabilities in its products and services. Specifically, 9 of these vulnerabilities were classified as critical, with 2 of them reported as zero-day, meaning they were already known and exploited before the fixes were released. These latter vulnerabilities have attracted particular attention among industry experts, as they were exploited or described in detail even before security solutions were deployed. The first vulnerability, identified as CVE-2025-55234, affects the SMB server. It allows attackers to perform relay attacks and escalate privileges. Microsoft emphasizes that the

SAP released security updates Tuesday aimed at addressing various vulnerabilities. Among these vulnerabilities, three particularly critical ones exist within the SAP Netweaver environment. These security vulnerabilities could allow the attacker to execute code of their choosing, as well as upload specific files without any particular constraints. This comes after a critical security flaw in SAP S/4HANA, recently patched by the company (CVE-2025-42957, with a CVSS score of 9.9), was actively exploited; This news comes shortly after Pathlock and SecurityBridge raised awareness of the issue, with patches being released only a few days later. An additional highly critical vulnerability has been fixed by

We are making giant strides towards the true ouroboros, or the snake that eats its own tail. We talked about it a few weeks ago that human traffic on the internet is declining dramatically compared to bot traffic, which today exceeds 50% of total traffic. Sam Altman, CEO of OpenAI and Reddit shareholder, confessed that the “AI Twitter” and “AI Reddit” feeds seem increasingly unnatural to him, to the point of becoming a real alarm bell for him. The signal came from the subreddit r/Claudecode, where in recent days many users have reported switching to Codex, OpenAI’s programming service launched in May