McAfee researchers have reported new activity by the Astaroth banking trojan , which has started using GitHub as a persistent channel for distributing configuration data. This approach allows attackers to maintain control over infected devices even after the primary command and control servers are disabled, significantly increasing the malware’s survivability and making it more difficult to neutralize. The attack begins with a phishing email disguised as a notification from popular services like DocuSign or purporting to contain a candidate’s resume . The body of the email contains a link to download a ZIP archive. Inside is a shortcut file (.lnk) that launches

Satellite communications links used by government agencies, the military, businesses, and mobile operators have been discovered to be the source of a massive data leak. Researchers at the University of California, San Diego, and the University of Maryland have found that about half of all geostationary satellites transmit information without any protection . Over the course of three years, they intercepted signals using equipment costing no more than $800 and discovered thousands of phone conversations and text messages from T-Mobile users, data from the U.S. and Mexican military, and internal communications from energy and industrial companies. Using a standard satellite dish on

While Internet Explorer has officially been out of support since June 2022, Microsoft recently faced a threat that exploited Internet Explorer Mode (IE Mode) in Edge , which was designed to provide compatibility with legacy applications and government portals. Cybercriminals exploited zero-day vulnerabilities in the Chakra JavaScript engine , coupled with social engineering techniques, to execute remote code and gain complete control over victims’ devices. “Our security team received intelligence that malicious actors were abusing IE mode in Edge to compromise unsuspecting devices,” explains Gareth Evans, head of security for Microsoft Edge. The attacks followed a specific pattern: users were directed to

Developer Andrej Karpathy has unveiled nanochat , a minimalist, fully open-source version of ChatGPT that can be trained and run on a single computer. Designed as a learning platform for Eureka Labs’ LLM101n course , the project allows users to build their own language model “from scratch to the web interface” without cumbersome dependencies or complex infrastructure. The goal of nanochat is to demonstrate that a basic analog of ChatGPT can be built in a few hours and for about $100. The speedrun.sh script automatically performs all the steps, from tokenization and training to inference and launching a web interface that can

Data centers in space, lunar landers, Martian missions: the future designed by Bezos in Turin. But the real revelation is the anecdote about his grandfather that reveals his human profile. This year, Turin was once again the European capital of innovation for three days, with Italian Tech Week bringing together global icons from the tech scene and beyond. But the undisputed star? Jeff Bezos, who, between a vision of the future of AI and a moon landing, also gave the audience an unexpected life lesson. In the coming decades, millions of people will live in space. This isn’t the plot of a

Sophos analysts have discovered a complex malware operation by security experts that uses the popular messaging service WhatsApp to spread banking Trojans, targeting Brazilian banks and cryptocurrency exchanges. A self-replicating malware emerged on September 29, 2025, featuring advanced evasion techniques and a complex, multi-stage infection chain designed to bypass current security protections. The attack campaign had a widespread impact, affecting more than 1,000 endpoints across over 400 customer environments, demonstrating the effectiveness and vast reach of the threat. The attack occurs when victims download a malicious ZIP archive via WhatsApp Web from a previously infected contact. The social engineering component is particularly

China continues to pursue technological independence, and this time the signal has come not from microchip manufacturers, but from government officials. For the first time, the Chinese Ministry of Commerce has released official documents that cannot be opened in Microsoft Word . All materials are published exclusively in a format supported by the Chinese office suite WPS Office, developed by Beijing-based Kingsoft . This publication coincided with a new wave of tensions between Beijing and Washington. Last week, China announced the expansion of export controls on rare earths, strategically important materials essential for the production of electronics, weapons, and communications systems. Washington

A critical vulnerability has been identified in the AMD SEV-SNP hardware security architecture, impacting major cloud providers (AWS, Microsoft Azure, and Google Cloud) . This flaw allows malicious hypervisors to compromise encrypted virtual machines and gain full access to their memory. The attack, dubbed RMPocalypse , undermines the fundamental confidentiality and integrity guarantees on which the SEV-SNP trusted execution model is based. The research, presented at the ACM CCS 2025 conference in Taipei, details how a vulnerability is exploited during the initialization of SEV-SNP’s key structure, the Reverse Map Table (RMP) . This table maps host physical addresses to guest virtual pages

Researchers at Anthropic, in collaboration with the UK government’s AI Safety Institute, the Alan Turing Institute, and other academic institutions, reported that just 250 specially crafted malicious documents were enough to force an AI model to generate incoherent text when it encountered a specific trigger phrase. AI poisoning attacks rely on introducing malicious information into AI training datasets, which ultimately causes the model to return, for example, incorrect or malicious code snippets. Previously, it was believed that an attacker needed to control a certain percentage of a model’s training data for the attack to work. However, a new experiment has shown that

Israeli company NSO Group, developer of the infamous Pegasus spyware , recently came under the control of American investors. A company spokesperson announced that the new funding amounts to tens of millions of dollars and confirmed the transfer of a controlling stake. According to Calcalist, Hollywood producer Robert Simonds, who had previously attempted to acquire the company, played a key role in the deal. Details regarding the investor group and the exact amount of the deal were not disclosed. NSO emphasizes that the agreement does not affect jurisdiction or oversight: the company’s headquarters will remain in Israel and it will continue to