A vulnerability has been discovered in the Unity game engine, which has been present since 2017. The issue can be exploited for code execution on Android and privilege escalation on Windows . Valve developers have already updated Steam, and Microsoft has updated Microsoft Defender, advising users to uninstall vulnerable games until they receive patches. The security bug Unity is a cross-platform game engine and development platform that provides rendering, physics, animation, and scripting tools for creating games for Windows, macOS, Android, iOS, consoles, and the web . Unity powers a large number of mobile games, as well as numerous independent projects for

Amid China’s long battle against cross-border fraud, authorities have issued a verdict in one of the most high-profile cases in recent years. It concerns a large-scale criminal network operating in northern Myanmar and linked to four clans, dubbed the ” Four Big Families ” by Chinese media. The court found 39 people guilty, 16 of whom were sentenced to death , 11 to life imprisonment , and the remainder to prison terms ranging from 5 to 24 years. Those executed include key figures involved in the creation and control of so-called telecommunications fraud factories. The investigation began in the summer of 2023

In the UK, they’ve started testing an unusual way to heat homes: using mini data centers powered by Raspberry Pis. The project is being implemented by UK Power Networks as part of the SHIELD (Smart Heat and Intelligent Energy in Low-Income Areas) programme. UK Power Networks operates the electricity grid and substations in southeast England and is responsible for the “last mile” of energy delivery to consumers. The SHIELD program involves installing solar panels and batteries in homes and, in some cases, replacing gas boilers with HeatHub compact data processing systems. HeatHub is developed and operated by Thermify . Each unit contains

A group calling itself Scattered LAPSUS$ Hunters has resurfaced after months of silence and the arrest of its members. On a new leak site, the attackers published a list of approximately 40 Salesforce corporate environments and demanded a payment of nearly $1 billion—$989.45 million—in exchange for non-disclosure of the data, which, according to the extortionists, includes approximately one billion customer records. They have set an ultimatum of October 10: if Salesforce fails to negotiate, the criminals threaten to publish everything they have stolen. A Salesforce representative told The Register that the company was aware of the extortion attempts and had conducted an

WebSockets offer persistent two-way communication between client and server, essential for real-time applications like chat, gaming, dashboards, and notifications. However, this persistence introduces specific attack surfaces: if the channel or its rules are not adequately protected, data exfiltration, session hijacking, and vulnerabilities related to unfiltered input can occur. This article provides a practical explanation of the most significant risks and essential countermeasures for protecting this type of connection. But what makes WebSockets risky? Their useful features include long connections, bidirectional traffic, and extremely low latency, which simultaneously create opportunities for attackers. A persistent connection means that a single breach can maintain access

Very little has been said about this event, which I personally consider strategically important and a sign of a major shift in the management of undocumented vulnerabilities in Italy. In March 2024, I wrote an article describing a nearly bleak Italian landscape: the culture of undocumented bugs, or zero-days, was practically nonexistent, and there was no active CNA (CVE Numbering Authority) in our country. Vulnerability management is often left to chance or, worse, hidden behind a veil of secrecy and incapable of fostering dialogue with the research community. That piece, published on Red Hot Cyber, ricocheted across social media and sparked widespread

Trend Micro researchers have detected a large-scale malware campaign targeting users in Brazil. It is distributed via the desktop version of WhatsApp and is characterized by a high infection rate. The malware, internally named SORVEPOTEL , does not steal data or encrypt, as is typically the case with spyware or ransomware. Its primary goal is to replicate as quickly as possible and infect new systems. The infection begins with a phishing message sent from a compromised WhatsApp contact . This creates the illusion of authenticity and entices the victim to open the attached ZIP file. The file is disguised as a harmless

OpenAI appears to be preparing ChatGPT to become a social platform, not just a traditional AI-powered chat app. The company already has Sora 2, which offers a feed of generated videos. Now, signs of a similar socialization have appeared in ChatGPT. Users have noticed that ChatGPT is testing private messaging in X. It will be possible to send messages to other GPT users similar to X. To find someone to chat with, the app now supports usernames in addition to full profiles with photos. An AI researcher named Tibor found references to Direct Messages in the code of the Android app ChatGPT.

Seacom, an African submarine infrastructure operator, has announced the launch of Seacom 2.0 , an international cable system designed to connect Europe, the Middle East, Africa and Asia. The project envisages a 25,000-kilometer (15,534-mile) long route, equipped with 48 pairs of optical fibers , with 20 landing points spread across 15 countries . According to the company, the new cable meets the growing demand for artificial intelligence, cloud, and real-time data services. Seacom claims the network could reduce connectivity costs by up to 300% , fostering the development of cloud services, fintech, and the regional technology ecosystem. The planned route begins in

The Chinese company DeepSeek has presented an experimental version of its language model, DeepSeek-V3.2-Exp, which for the first time implements its own version of sparse attention, a technique that significantly reduces the computational cost of processing long text sequences . The new mechanism, called DeepSeek Sparse Attention, is said to be able to reduce the model’s running costs by nearly half . To demonstrate these savings, the company has reduced the price of its API by 50%. The problem of computational overhead in large language models is particularly acute for long dialogues. The classic Transformer architecture, developed in 2017, compares every word