Google has expanded the capabilities of its Gemini artificial intelligence service by adding a tool to the app and web version to check images for signs of automatic generation . This feature seems like a logical step: visual content is increasingly being created using AI models, and the demand for methods to distinguish real images from synthetic ones is growing. The new detector is based on the SynthID system, digital markers invisible to the human eye, introduced in 2023. They are embedded in images created by Google generators and persist even after resizing or partial processing . For this reason, the check

Israeli company NSO Group has appealed a California federal court ruling that bars it from using WhatsApp’s infrastructure to distribute its Pegasus surveillance software. The case, which has been ongoing for several years, stems from a complaint filed by WhatsApp after the discovery of a large-scale attack on its users. The operation exploited zero-day vulnerabilities and zero-click techniques, allowing the spyware to be installed without any action on the part of the victims. Last October, Judge Phyllis Hamilton ruled that WhatsApp servers had been misused, allowing the infection of approximately 1,500 devices. According to the ruling, NSO had circumvented the platform’s security

In recent months, the insider problem has become increasingly important for large companies , and one recent episode involved CrowdStrike. The cybersecurity firm has in fact removed an employee believed to have shared confidential information on the company’s internal systems with a group of hackers. Reviewed by TechCrunch , the screenshots revealed internal dashboards, including an Okta Single Sign-On (SSO) panel that employees used to access company applications. Although the hackers claimed to have received authentication cookies , CrowdStrike maintains that its security operations center detected the activity before any malicious access could be fully established. It further reported that the leaked

Microsoft has announced that it will integrate the popular Sysmon tool directly into Windows 11 and Windows Server 2025 in 2026. The announcement was made by Sysinternals creator Mark Russinovich. Sysmon (System Monitor) is a free tool from Microsoft Sysinternals for monitoring and blocking suspicious activity in Windows. Events are logged in the Windows Event Log, making the tool indispensable for detecting threats and diagnosing problems. By default, Sysmon tracks basic events like process creation and termination, but you can use custom configuration files to monitor process tampering, DNS queries, executable file creation, clipboard changes, automatic backups of deleted files, and more.

Push Security specialists have noticed that the Sneaky2FA phishing platform now supports browser-in-the-browser attacks, which allow the creation of fake login windows and the theft of credentials and sessions. Sneaky2FA and other PhaaS (phishing-as-a-service) Sneaky2FA is one of the most popular Phishing-as-a-Service (PhaseaS) services among cybercriminals. Along with Tycoon2FA and Mamba2FA , Sneaky2FA primarily targets Microsoft 365 account theft. This phishing kit is known for attacks using SVG and the “attacker-in-the-middle” tactic: the authentication process is forwarded via a phishing page to the real service, allowing attackers to intercept session tokens. As a result, even with two-factor authentication (2FA) enabled, attackers gain

The large-scale TamperedChef campaign is once again attracting the attention of specialists, as attackers continue to distribute malware via fake installers of popular applications. This scam, disguised as legitimate software, helps deceive users and gain persistent access to devices. The Acronis team emphasizes that activity continues: new files are discovered, and the associated infrastructure remains operational. The method relies on social engineering. It uses the names of well-known utilities, fake click ads, search engine optimization, and fake digital certificates. Researchers Darrell Virtusio and József Gegenyi explain that these elements increase trust in the installers and help bypass security mechanisms. The campaign has

An authentication bypass vulnerability has been discovered in Azure Bastion , Microsoft’s managed service that enables secure RDP and SSH connections to virtual machines in Azure without directly exposing them to the Internet. The flaw, identified as CVE-2025-49752 , potentially allows a remote attacker to gain administrative privileges on all VMs accessible via Bastion. Technical details CVE-2025-49752 falls under the category of CWE-294 – Authentication Bypass by Capture-Replay , which involves the interception and reuse of valid tokens or credentials to gain unauthorized access . In the case of Azure Bastion, this could allow privilege escalation to the administrative level, without requiring

Microsoft has disclosed a critical vulnerability in SharePoint Online (discovered by RHC through our ongoing monitoring of critical CVEs on our portal), identified as CVE‑2025‑59245 , with a CVSS v3.1 score of 9.8/10 . The flaw affects the deserialization of untrusted data (CWE‑502) and allows a remote attacker to gain elevation of privilege without requiring credentials or user interaction, putting data confidentiality, integrity, and availability at high risk. Method and impact of the attack The vulnerability exploits the deserialization of data from untrusted sources. This allows an attacker to manipulate serialized objects that SharePoint Online deserializes insecurely, allowing them to execute arbitrary