As expected, the infamous WinRAR bug is now being actively exploited by attackers on a large scale, given the software’s widespread use and popularity. ESET experts have reported that the recently patched WinRAR vulnerability (CVE-2025-8088) was used as a zero-day exploit in phishing attacks and was used to install the RomCom malware. The vulnerability was related to directory traversal and was fixed in late July with the release of WinRAR version 7.13. The issue allowed the use of specially crafted archives and the decompression of files along a path specified by the attackers. “When decompressing a file, older versions of WinRAR, Windows

The Government of the People’s Republic of China (“China”) and the Government of the United States of America (“USA”), according to a report by Beijing-based Xinhua news agency on August 12, and based on the China-US Joint Statement on the Geneva Economic and Trade Talks reached on May 12, 2025, reportedly agreed to again suspend the application of the 24 percent tariff for 90 days starting August 12, 2025. The two sides recalled their commitments under the Geneva Joint Statement and agreed to take the following measures by August 12: 2025: 1. The United States will continue to modify the implementation of

Johns Hopkins University in Maryland is preparing to upgrade its AI-powered wargaming tools to help the Pentagon identify adversaries’ weaknesses in real-world conflicts. The work, conducted at the university’s Applied Physics Laboratory (APL), involves upgrading two systems, Generative Wargaming (GenWar) and the Strategic AI Gaming Engine (SAGE), using proprietary data for Department of Defense programs. Wargaming, used to practice decision-making in complex and uncertain environments, remains a key tool for analyzing human behavior in complex and uncertain contexts through experiential learning. However, traditional wargaming requires skilled facilitators and complex design, which reduces the speed and scalability of the process. GenWar combines generative

A lawsuit has been filed in California against Microsoft, accusing it of prematurely ending support for Windows 10 and forcing users to purchase new devices. The plaintiff, San Diego resident Lawrence Klein, claims that the decision to stop security updates on October 14, 2025, will affect approximately 240 million computers worldwide, half of which will be unable to upgrade to Windows 11 due to stringent hardware requirements. He claims this will force millions of people to pay for “extended support” (from $30 a year for consumers to $244 a year for businesses in the third year) or replace working devices, creating mountains

Why can’t we tear ourselves away from our screens, even when we’ve found what we’re looking for? Why do we keep mindlessly scrolling through our feeds while time flies by? Scientists are searching for answers to these questions, and perhaps monkeys with iPads can help. In an experiment conducted at the Japan Central Institute of Experimental Medicine and Life Sciences, 14 monkeys were placed in a cage with tablets for 10 minutes. Nine short, silent videos of different primate species were shown simultaneously on the screen. If the animal touched one of the videos, it expanded to fill the entire screen, and

A new scheme for distributing malicious code disguised as .svg images has been discovered on dozens of foreign adult content sites. As Malwarebytes experts discovered , attackers embed obfuscated JavaScript code in such files, which, when clicked, launch a hidden chain of scripts that ends with the download of Trojan.JS.Likejack. This malware silently clicks the “Like” button on a predefined Facebook post if the victim has an active Facebook account at the time. This way, pages with explicit content gain greater visibility and visibility thanks to compromised browsers. SVG (Scalable Vector Graphics) differs from the usual .jpg and .png formats in that

Beijing announced a package of support measures for humanoid robots at the World Robot Conference (WRC) 2025, aiming to reach an annual production capacity of 10,000 units by 2027. The new policy includes initiatives to expand the scope of real-world robot use and extensive subsidies covering the entire value chain of humanoid robot production. As part of the initiative, the Robomall, described as a 4S robot shop, and the Robot Restaurant opened in Beijing have made headlines. The venues are designed to create sales channels for the robots while also offering the public the opportunity to interact with the technology. Morgan Stanley

Lumia experts have published a technical investigation called AppleStorm, alleging that the Siri voice assistant transmits more user data to Apple servers than is necessary to complete tasks. In particular, attention has focused on messages dictated via Siri in the WhatsApp and iMessage messaging apps: They are apparently sent to the company’s servers even though the task can be processed locally, without accessing cloud systems. Apple claims high privacy standards and uses a hybrid AI model that combines local processing with the Private Cloud Compute (PCC) cloud service. However, it was discovered that Siri also accesses other servers that are not part

Linus Torvalds harshly criticized the first batch of RISC-V patches proposed for inclusion in Linux 6.17, stating that the changes arrived too late and contained what he called “garbage” unrelated to RISC-V and affecting common kernel headers. He was particularly annoyed by the new macro helper make_u32_from_two_u16(), which according to Torvalds made the code less clear and made things worse. He noticed that simply writing the form (a immediately showed what was happening, while using the “helper” obscured word order and introduced ambiguity. No, this is garbage and it came too late. I asked for an early pull. requests because I’m traveling,

A recently discovered security flaw in the popular file compression software 7-Zip has raised considerable concern within the security community. All versions of 7-Zip prior to 25.01 are affected by this vulnerability, which results from improper handling of symbolic links during file extraction. This vulnerability is CVE-2025-55188, discovered and reported by security researcher Landon on August 9, 2025, and allows attackers to perform arbitrary writes to files during archive extraction, potentially leading to code execution on vulnerable systems. When users extract a maliciously crafted archive containing unsafe symbolic links, 7-Zip follows these links during extraction, allowing attackers to write files to locations