BI.ZONE specialists have identified two vulnerabilities (CVE-2025-62592 and CVE-2025-61760) in Oracle VirtualBox. When combined, they allowed an attacker to exit a virtual machine and reach the ARM-based macOS host system. It is noted that this is the first publicly known vulnerability chain of this kind since the release of VirtualBox version 7.1.0 in 2024, which introduced ARM support to macOS. CVE-2025-62592 (CVSS score 6.0) was discovered in the QemuRamFB virtual graphics card in the MMIO read handler qemuFwCfgMmioRead . This vulnerability allows an attacker to read an unlimited amount of memory beyond the bounds of the array. This allows an attacker to

Google specialists removed over 3,000 videos from YouTube that spread hidden information disguised as hacked software and video game cheats. Check Point researchers dubbed this campaign ” YouTube Ghost Network” and reported that it had been active since 2021, with a sharp increase in 2025, when the number of malicious videos tripled. According to researchers, the perpetrators of these attacks hijacked legitimate YouTube accounts and, using their identities, posted tutorials promising free pirated versions of Photoshop and FL Studio, as well as cheats and hacks for Roblox. Instead of the promised software, victims received the Rhadamanthys and Lumma infostealers, which stole credentials

A survey conducted by the European Broadcasting Union (EBU), with support from the BBC, has highlighted that the most popular chatbots tend to distort news , changing its meaning, confusing sources and providing outdated data. The project, which involved 22 editorial teams from 18 countries, saw experts subject ChatGPT, Microsoft Copilot, Google Gemini, and Perplexity to thousands of standardized queries, comparing the responses obtained with those actually published. The results were quite disturbing: approximately half of the responses contained significant errors, while eight out of ten cases contained small inaccuracies. According to the report, 45% of the responses contained significant problems, 31%

We’ve often quoted this phrase: “Fighting cybercrime is like pulling weeds: if you don’t completely eradicate them, they’ll grow back, much more vigorous than before,” and it’s more relevant than ever. After months of silence and the FBI’s seizure of the breachforums.sh domain, the underground cybercrime community is back in the news: BreachForums is back online. The announcement was made on October 20, 2025, by user and moderator koko , who in an official post announced the reopening of the platform and the relaunch of its infrastructure, promising a safe and responsible reconstruction of the community. Disclaimer: This report includes screenshots and/or

Chinese startup Neolix , specializing in Level 4 autonomous vehicles for urban deliveries, announced on October 23 that it has closed a Series D round of over $600 million , marking the largest private investment in China’s autonomous driving sector and one of the largest in 2025. The funding was led by Emirati firm StoneVenture , with participation from Gaocheng Investment , Xinchen Capital (a subsidiary of CITIC Capital), CDH VGC , Chaoxi Capital , Beijing Artificial Intelligence Industry Investment Fund , and a major Chinese internet company. According to founder and CEO Yu Enyuan , the funds will be used to

On October 24, the world’s first human-inspired intelligent computing system, the “BI Explorer BIE-1,” was officially unveiled at the Guangdong-Macao Deep Cooperation Zone in Hengqin. Zhang Xu, director of the Guangdong Institute of Intelligent Science and Technology and an academician of the Chinese Academy of Sciences, described the project as a significant breakthrough. According to Zhang, BIE-1 expands the ways in which supercomputing can be deployed, providing the technological foundation for a more sustainable, flexible, and accessible future computing power system. A supercomputer in the size of a small refrigerator At the launch event, Nie Lei, general manager of Zhuhai Hengqin Neogene

A global alert has been issued by the United States Cybersecurity and Infrastructure Security Agency (CISA) regarding the active exploitation of a critical remote code execution (RCE) flaw in Microsoft’s Windows Server Update Service ( WSUS ) , addressed to all organizations worldwide. The vulnerability, classified as CVE-2025-59287, has a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code within a network, thus threatening the entire IT infrastructure. The security flaw, originating from deserialization within WSUS, was partially corrected by Microsoft’s October monthly patch. However, an extraordinary update released on October 23, 2025, was necessary due to the inadequacy of

On September 25, 2025, Google DeepMind released Gemini Robotics-ER 1.5, a model designed for use in robotics. This is the first version of the reasoning system publicly available to developers . The model functions as a ” high-level brain” for the robot : it understands natural language commands, plans multi-step actions, and organizes complex behavioral chains . It combines visuospatial perception, progress assessment, and the ability to access third-party tools, including Google Search, the Robot API, or VLA (vision-language-action) models. You can start working with the system right away via Google AI Studio and the Gemini API . A technical report with

In early September 2025, Kaspersky Lab experts discovered a new campaign from the BO Team group, targeting Russian organizations across various sectors. Hacktivists updated their toolkit, targeting companies with a new version of the BrockenDoor backdoor. The hacktivist group BO Team (also known as Black Owl, Lifting Zmiy, and Hoody Hyena) made its first appearance in early 2024 via a Telegram channel. It primarily targets victims’ IT infrastructure and, in some cases, encrypts data and commits extortion. Researchers warn that this is a serious threat, aimed both at inflicting maximum damage on the attacked organization and at achieving financial gain . The