Windows 11 users with PC Copilot+ will be able to take advantage of advanced artificial intelligence features, now an integral part of the Notepad application, thanks to an update that includes powerful tools for creating and editing text. New features include “Summarize,” “Write,” and “Rewrite,” which can be used directly on the device without a subscription. Innovative AI-powered tools built into Notepad enable users to efficiently create, optimize, and summarize text. Running directly on the Neural Processing Unit (NPU) of Copilot+ PCs, these tools run locally, allowing offline use without a Microsoft 365 subscription or Microsoft account access. A key element of

A new threat is beginning to emerge in the IT world: the world of artificial intelligence agents. ShadowLeak is a recently discovered clickless indirect prompt injection (IPI) vulnerability that occurs when OpenAI’s ChatGPT is connected to corporate Gmail and allowed to browse the web. How ShadowLeak Works The attack, discovered by Radware, exploits the vulnerability by sending a legitimate-looking email that silently embeds malicious instructions in invisible or non-obvious HTML code. When an employee asks the assistant to “recap today’s emails” or “search my inbox for a topic,” the agent captures the booby-trapped message and, without further user interaction, exfiltrates sensitive data

By Umberto Pirovano, Senior Manager Technical Solutions at Palo Alto Networks Generative Artificial Intelligence (GenAI) is redefining the technology and business landscape at an astonishing rate. According to Palo Alto Networks’ report “The State of Generative AI in 2025,” GenAI traffic is expected to surge more than 890% in 2024. This explosive growth is attributable to the maturation of AI models, increasing business automation, and increased deployment, driven by increasingly evident productivity returns. The increase in adoption and use marks a definitive shift: GenAI is no longer a novelty, but an essential utility. According to Research by the Artificial Intelligence Observatory of

The collaborative development platform GitLab has announced the fix for a critical vulnerability, identified as CVE-2025-6454. The issue affected server installations of the Community and Enterprise editions and allowed requests to be made to internal resources via specially crafted webhook headers. The attack required an account with minimum developer privileges and no intervention from other users was necessary. The bug received a high CVSS score of 8.5 out of 10. It affected versions 16.11 through 18.1.6, 18.2 through 18.2.6, and 18.3 through 18.3.2. The fixes were included in version 18.3.2, released on September 10. GitLab emphasized that the issue was discovered through

Security researchers have discovered the compromise of over 180 npm packages, infected with a self-propagating malware designed to infect other packages. The campaign, dubbed Shai-Hulud, likely began with the hack of the @ctrl/tinycolor package, which is downloaded over 2 million times a week. The name Shai-Hulud comes from the shai-hulud.yaml files used by the malware. It is a reference to the giant sandworms from Frank Herbert’s Dune. The issue was first brought to the attention of developer Daniel Pereira developer Daniel Pereira, who alerted the community to a large-scale supply chain attack. “Right now, as you read this, malware is being distributed

The High Court in London has overturned the decision to extradite Portuguese citizen Diogo Santos Coelho to the United States. The young man, known by the pseudonym Omnipotent, was the administrator of one of the largest hacker forums, RaidForums. The story begins in January 2022, when Coelho travels to the United Kingdom to visit his mother. There, he is arrested. Since then, he has been in limbo for more than three years: two countries are fighting over his extradition. The United States is seeking Coelho’s extradition for crimes related to his management of RaidForums. Portugal has sent its own order, citing the

The hackers of NoName057(16) have recently resumed their hostile activities against several Italian targets, using Distributed Denial-of-Service (DDoS) attacks. Based on what we observed, Italian infrastructure has strengthened its structure, and the period of service interruption has significantly decreased compared to two years ago, almost to zero, thanks to the implementation of measures against DDoS attacks and the growing awareness that such attacks inevitably entail. The following are the targets claimed today by the hacktivist group: NoName057(16) is a hacker group that declared itself in support of the Russian Federation in March 2022. They have claimed responsibility for cyberattacks on countries such as Ukraine,

Google has taken immediate security action for Chrome browser users globally, targeting four critical vulnerabilities, one of which, a zero-day vulnerability, is currently being actively exploited. Users are therefore urged to update their browsers urgently to prevent potential cyberattacks. A type confusion flaw in Chrome’s V8 JavaScript engine represents the most concerning vulnerability in this security update, tracked as CVE-2025-10585. This vulnerability was discovered and reported on September 16, 2025, by Google’s Threat Analysis Group. This vulnerability has already been exploited in real-world attacks, as confirmed by the company, which highlighted how attackers are taking advantage of this flaw. This type of

F6 analysts have published a study on a new phishing campaign active from spring 2025. The group, dubbed ComicForm, sent emails containing malicious attachments to Russian, Belarusian, and Kazakh companies in the industrial, financial, tourism, biotechnology, and other sectors. The first recorded email with the subject “Signature Verification Report” was sent on June 3, 2025. The attachment contained an archive containing an executable file that started a multi-stage infection chain. During activation, an obfuscated .NET loader, the MechMatrix Pro.dll module, and the Montero.dll dropper were downloaded. The latter remained on the system, added itself to Windows Defender exceptions, injected the payload into

We had already discussed the proposed “ChatControl” regulation almost two years ago, but given the roadmap currently underway, we find ourselves embarrassed to have to discuss it again. It feels like déjà vu, but instead of the black cat in the hallway, we are witnessing the EU, alternating generous doses of fatal slopes and stolen arguments, continuing to align its desire for technological control with the US example denounced at the time by Snowden. Probably because of the ambition inherent in the Old Continent, which still believes itself to be the center of the world. But can we really think that it