A vulnerability in the popular AI model launcher Ollama opened the door to drive-by attacks, allowing attackers to silently interfere with the local application via a specially crafted website, read personal correspondence, and even replace the models used, even uploading infected versions. The security flaw was discovered and disclosed on July 31 by Chris Moberly, Senior Security Manager at GitLab. The vulnerability affected Ollama Desktop v0.10.0 and was related to an incorrect implementation of CORS controls in the local web service responsible for the GUI. As a result, JavaScript on a malicious page could scan a range of ports on the victim’s

Red Canary specialists have discovered an unusual campaign using the new DripDropper malware, targeting Linux cloud servers. The attackers gained access via the CVE-2023-46604 vulnerability in Apache ActiveMQ, then gained a foothold in the system and installed a patch to close the very hole they had entered through. This paradoxical move allowed them not only to cover their tracks, but also to block access to competitors, leaving the infected server under their complete control. Analysts recorded the execution of reconnaissance commands on dozens of vulnerable hosts. On some of them, the attackers deployed remote control tools, from Sliver to Cloudflare tunnels, providing

Google, Kairos Power, and the Tennessee Valley Authority (TVA) have entered into an agreement to supply nuclear power to data centers in the United States. The agreement is part of the two tech giants’ strategy to find sustainable sources of clean energy to meet the growing demand for computing power due to the development of artificial intelligence. Kairos Power is building a 50-megawatt reactor in Tennessee that will power the TVA grid, which in turn will supply power to Google’s data centers in Alabama and Tennessee. There will be no direct supply to Google; The company will receive attribution certificates proving it

Researcher BobDaHacker discovered that McDonald’s app rewards point validation was only handled client-side, allowing users to claim free items like nuggets even without enough points. BobDaHacker reported the issue, but a software engineer dismissed it as “too much effort,” although the bug was fixed days later, likely after the engineer reviewed it. The researcher subsequently dug deep into McDonald’s systems and discovered vulnerabilities in the Design Hub, a platform used for brand assets by teams in 120 countries. This platform relied on a client-side password for protection. The API also provided guidance to users about any missing fields, making account creation incredibly

Louisiana Attorney General Liz Murrill has filed a lawsuit against Roblox, accusing the company of allowing its platform to become a haven for sexual predators and distributors of child-themed content. The lawsuit alleges that the company violates state laws by failing to adequately protect users and warn parents of the risks. The lawsuit alleges that Roblox facilitates the distribution of material that exploits minors and fails to take concrete steps to address the loopholes. One of the arguments was a study in which a community of over 3,000 registered members was caught exchanging such material and attempting to extort intimate material from

Proofpoint has released the second volume of its annual study “Human Factor 2025“, focusing on phishing and URL-based attacks. Analysis of data from May 2024 to May 2025 shows that attackers are increasingly using social engineering in combination with links, which have become the primary vector for attacking users. According to statistics, links were encountered four times more often than attachments with malicious content. Over 55% of SMS messages with phishing traces contained a URL, and the number of campaigns using the ClickFix technique increased by nearly 400% in one year. In total, researchers recorded 3.7 billion attempts to steal credentials using

A complex attack operation was recently discovered, in which cyber attackers used Cisco’s security infrastructure to perform online deception maneuvers. Attackers are targeting Cisco Safe Links technology, designed to protect users from malicious URLs, to evade detection systems and bypass network controls, taking advantage of the credibility associated with the Cisco name in the security industry. According to Raven AI analysis, the attack vector leverages Cisco Safe Links, a component of Cisco’s Secure Email Gateway and Web Security Suite that rewrites suspicious URLs in emails, routing clicks through Cisco’s scanning infrastructure at secure-web.cisco[.]com. Attackers have discovered several methods to generate legitimate Cisco

Scammers in Southeast Asia have found a new way to launder money using stolen credit cards. Researchers have reported a system they call “ghost-tapping,” in which stolen card data is uploaded to a phone called a “burner” and then used to make purchases in stores. First, criminals obtain credit card data through phishing, social engineering, or mobile viruses. To bypass the protection, they intercept the one-time codes that the bank sends to the customer. The stolen information is then linked to the phone under the fraudsters’ control. Sometimes special software is used that allows data to be sent to multiple devices simultaneously.

Chinese engineers have announced the development of a miniature traveling-wave tube (TWT) that could revolutionize the capabilities of modern electronic warfare systems and radar. This special type of vacuum tube amplifies radio frequency signals in the microwave range and has long been considered a key element of radar systems and satellite communications links. The main feature of the TWT is that the electromagnetic wave interacts with the electron beam along the entire length of the spiral, ensuring a wide bandwidth and high efficiency. For a long time, the large-scale introduction of TWTs was hampered by their size: integrating hundreds and thousands of

Researchers recorded that a critical flaw in the Erlang/Open Telecom Platform SSH stack implementation began being actively exploited as early as early May 2025; approximately 70% of detections occurred on firewalls protecting industrial segments. The campaign began after the fixes were released: the patches appeared in April in versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20. The vulnerability has been assigned the identifier CVE-2025-32433 and a maximum CVSS score of 10.0. It concerns the lack of authentication in the native SSH implementation: By having network access to the Erlang/OTP service, an attacker can execute arbitrary code without credentials. Considering that the built-in SSH is responsible