A recent discovery has uncovered a sophisticated technique that bypasses Windows User Account Control (UAC), allowing privilege escalation without user intervention through the use of the private font editor, raising global concerns among system administrators. The attack disclosed by Matan Bahar exploits eudcedit.exe, Microsoft’s built-in private font editor, located in C:WindowsSystem32, originally designed to create and edit end-user-defined fonts (EUDC). Security researchers have discovered that this seemingly harmless utility can be exploited to bypass Windows’ primary security gatekeeper. The security flaw is caused by critical settings embedded in the eudcedit.exe application manifest. This vulnerability is triggered by two specific metadata tags. This

A new custom firmware for the Flipper Zero multi-purpose device is capable of bypassing many of the rolling code security systems implemented in the majority of modern vehicles, potentially exposing millions of cars to theft. Evidence presented by the YouTube channel “Talking Sasquach” shows that the firmware, presumably circulating on the dark web, is capable of replicating a vehicle’s key fob with a single, rapid signal interception. For decades, rolling code security has been the industry benchmark for enabling keyless vehicle access. The system was designed to prevent so-called “replay attacks.” But a new algorithm synchronized between the transmitter, i.e., the keychain,

In recent months, the debate over artificial intelligence has taken on increasingly extreme tones. On the one hand, large companies developing and selling AI solutions are pushing apocalyptic narratives, warning that those who don’t embrace this technology risk being excluded from the market, or even succumbing. On the other hand, surveys are emerging that tell a very different story: public and many business trust in AI is decreasing, in some cases at a worrying rate. In the United States, this phenomenon is already seen as a potential national security issue, as skewed or slow adoption could cause the company to lose ground

Linux usage on corporate desktops and laptops continues to grow. An analysis of nearly 18.5 million devices found that Linux’s share of enterprise devices increased from 1.6% in January to 1.9% in June 2025. And among new assets introduced after March 1, the share reached 2.5%. While the numbers may seem small, on the order of a million devices, this is no longer a random phenomenon, says Guido Patanella, CTO of Lansweeper. Rather than an isolated anomaly, he says, it’s a “steady acceleration” in growth. The main factor is not so much the end of Windows 10 support, but rather increased security

Germany’s Supreme Court rules that police can only use spyware to investigate serious crimes.It ruled that law enforcement cannot use spyware to monitor personal devices in cases carrying a maximum sentence of less than three years. The court responded to a lawsuit filed by the German digital freedoms organization Digitalcourage. The plaintiffs argued that a 2017 rule change, allowing law enforcement to use spyware to intercept encrypted chats and messaging platforms, could unfairly expose communications belonging to people who are not suspected of crimes. The 2017 amendment to the Code of Criminal Procedure The German criminal code was not sufficiently precise regarding

A serious vulnerability has been discovered in Google’s recently released Gemini CLI tool, which allows attackers to silently execute malicious commands and leak data from developers’ computers if certain commands are enabled on the system. The vulnerability was discovered by Tracebit just two days after the tool’s release. The issue was immediately reported to Google, and update 0.1.14 was released on July 25, eliminating the vulnerability. Gemini CLI is a command-line interface for interacting with Google’s Gemini AI, released on June 25. 2025. The tool is designed to assist developers by loading project files in a “context” and enabling natural language interaction

The FortiGuard Labs team has published a detailed analysis of a heavily obfuscated web shell used to attack critical infrastructure in the Middle East. The research focuses on the UpdateChecker.aspx script running on the Microsoft IIS platform. It is implemented in C# as an ASPX page and hides its actual content behind a layer of encoded and encrypted code. All variable and class method names were randomly generated and then encoded in Unicode. All constants, including strings and numbers, were encrypted or scrambled. During the analysis, the experts deobfuscated the code and converted random names to human-readable names. The main Page_Load function

The complex infrastructure of the fraudulent ad network VexTrio Viper has returned to the spotlight after researchers at Infoblox revealed details of a massive fake mobile app scheme. Under the guise of legitimate services—from VPNs to RAM cleaners, spam filters to dating apps—fraudsters inserted malicious programs into the official Apple and Google app stores. These programs were distributed under the guise of various purported developers, including HolaCode, LocoMind, Hugmi, Klover Group, and AlphaScale Media. The total number of downloads is in the millions. Once installed, these applications forced users to accept opaque terms, tricked them into providing personal data, bombarded the device

We’ve often talked about how ransomware attacks work and how the ransomware as a service (RaaS) pyramid works, which assigns a role to each team of criminal hackers, as seen in the article What is ransomware? In the popular imagination, cybercrime is thought to be linked to individuals with exceptional computer skills. But if you want to extort millions of dollars from a large company, you can’t do it all alone; you need a “team” with diverse, advanced, and vertical IT skills. In fact, the vast majority of cybercriminals do not have all the necessary technical skills to do everything themselves and

Ransomware gang data leak sites (DLSs) pose an increasingly widespread threat to businesses and individuals using the internet. These sites were created by cyber gangs to publish data stolen during a ransomware attack, when the data owner refuses to pay the ransom. In this article, we will explore what ransomware is, how it works and what the consequences of data leak sites are for victims, how they are used by cyber gangs, what the protected section is, the automations, who develops them and their exposure. The concept of ransomware and double extortion Ransomware is a type of malware that represents an increasingly