The job search process has been profoundly altered by artificial intelligence, prompting many companies to revive a more traditional approach: face-to-face interviews, as the WSJ points out. Virtual interviews have become the new norm in recent years, thanks to the rise of remote work and employers’ desire to hire more quickly. However, recruiters say that more and more candidates are using AI to deceive, such as by receiving hidden clues during technical interviews. Rarely, but more dangerous cases do occur: AI tools allow scammers to impersonate job seekers to steal data or money after they secure a job. In response, companies are

OpenAI and its co-founder Sam Altman are preparing to back a company that will rival Elon Musk’s Neuralink by developing technology to connect the human brain to a computer. The new venture, called Merge Labs, is seeking $250 million in funding, at a valuation of $850 million, with a significant portion of the money potentially coming from OpenAI’s venture capital arm. Altman is a strong supporter of the launch, according to sources, and co-founded Merge Labs with Alex Blania, head of the eye-scanning digital identity project World, which Altman also funded. However, he will not be involved in day-to-day management. Merge Labs

Trend Micro has detected a targeted attack on the government and aviation sectors in the Middle East using a new ransomware called Charon. The attackers employed a complex infection chain with DLL sideloading, process injection, and EDR bypass capabilities, typical of both advanced APT operations and regular ransomware. The attack vector begins with the launch of a legitimate Edge.exe (formerly cookie_exporter.exe) file, which is used to load a malicious msedge.dll library called SWORDLDR. The latter decrypts the encrypted shellcode from the DumpStack.log file and injects the payload, i.e., Charon itself, into the svchost.exe process, masquerading as a Windows system service. After decrypting

Several Fortinet security products, including FortiOS, FortiProxy, and FortiPAM, are affected by a high-severity authentication evasion vulnerability. The flaw, tracked as CVE-2024-26009, has a CVSS score of 7.9 and allows unauthenticated attackers to take complete control of managed devices by exploiting the FortiGate-to-FortiManager (FGFM) communication protocol. The key prerequisite for successful exploitation of this security flaw is the attacker’s knowledge of the target FortiManager serial number, which serves as a key authentication component in the compromised protocol implementation. The bug is classified as CWE-288 (Authentication Bypass Using an Alternate Path or Channel). Attackers can exploit this weakness by crafting malicious FGFM requests

A critical security update has been released for Google Chrome, which addresses six security vulnerabilities that could be exploited to execute arbitrary code on affected systems. An emergency security update has therefore been distributed. The update to stable version 139.0.7258.127/.128 for Windows and Mac and 139.0.7258.127 for Linux contains patches for several high-severity security flaws that pose significant risks to user data and system integrity. The security update addresses three high-severity vulnerabilities that could lead to arbitrary code execution. CVE-2025-8879 represents a heap buffer overflow vulnerability in the libaom library, which handles video encoding and decoding operations. This type of vulnerability allows

August Patch Tuesday: Microsoft releases security updates that fix 107 vulnerabilities across its ecosystem products. The update includes fixes for 90 vulnerabilities, classified as follows: 13 are critical, 76 are important, one is moderate, and one is low. Notably, none of these vulnerabilities are listed as actively exploited zero-day vulnerabilities, which offers some relief to IT administrators. The vulnerabilities fall into several categories, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering. On August 12, 2025, Microsoft released its monthly Patch Tuesday security updates, addressing a significant number of vulnerabilities across its product

As part of the August 2025 Patch Tuesday security updates, a critical Remote Code Execution (RCE) vulnerability in Microsoft’s Teams collaboration software has been patched. The critical flaw, tracked as CVE-2025-53783, could allow an unauthorized attacker to read, write, and even delete user messages and data by executing code over a network. An attacker could exploit this flaw to overwrite critical data or execute malicious code within the Teams application. Microsoft claims that a working exploit for this flaw could have significant consequences for the confidentiality, integrity, and accessibility of data of a user, allowing the attacker to gain read, write, and

29,000 Exchange servers are vulnerable to CVE-2025-53786, which allows attackers to move within Microsoft cloud environments, potentially leading to complete domain compromise. CVE-2025-53786 allows attackers who have already gained administrative access to on-premises Exchange servers to escalate privileges in an organization’s connected cloud environment by forging or manipulating trusted tokens and AP requests. This attack leaves virtually no trace, making it difficult to detect. The vulnerability affects Exchange Server 2016, Exchange Server 2019, and Microsoft Exchange Server Subscription Edition in hybrid configurations. The vulnerability is related to changes made in April 2025, when Microsoft released guidelines and a hotfix for Exchange as

A vulnerability was discovered in the online dealership login system of one of the world’s largest automakers—all it took was a little digging into the page’s code. Security researcher Eaton Zwer of Harness reported that he managed to exploit the vulnerability to create an administrative account with full access to the manufacturer’s internal portal. The breach allowed them to obtain sensitive customer data, vehicle information, and even remotely control car functions, including unlocking. Zwer, who had previously identified bugs in car manufacturer systems, accidentally discovered the issue during a personal project over the weekend. He discovered that upon loading the login page,

A vulnerability has been discovered in the online login system for dealerships at one of the world’s largest car manufacturers: all it took was a little digging into the page’s code. Security researcher Eaton Zwer of Harness reported that he managed to exploit the vulnerability to create an administrative account with full access rights to the manufacturer’s internal portal. The breach allowed them to obtain confidential customer data, vehicle information, and even remotely control car functions, including unlocking. Zwer, who had previously identified bugs in automaker systems, discovered the issue by accident during a personal project over the weekend. He discovered that