The cybersecurity landscape was recently rocked by the discovery of a critical Remote Code Execution (RCE) vulnerability in Microsoft’s Windows Server Update Services (WSUS) . Identified as CVE-2025-59287 and with a CVSS score of 9.8 (Critical) , this flaw poses a high and immediate risk to organizations using WSUS for centralized update management. The vulnerability is particularly dangerous because it allows a remote, unauthenticated attacker to execute arbitrary code with system privileges on the affected WSUS servers. After Microsoft released an emergency out-of-band patch on October 23, 2025, which was necessary because the initial October patch had not fully addressed the issue,

For the second time in recent months, Google has been forced to deny reports of a massive Gmail data breach . The news was sparked by reports of a “hack of 183 million accounts ” spreading online, despite there having been no actual breach or incident involving Google’s servers. As company representatives explained , this is not a new attack, but rather old login and password databases collected by attackers through infostealers and other attacks in recent years. “Reports of a ‘Gmail breach affecting millions of users’ are false. Gmail and its users are reliably protected,” Google representatives said. The company also

After nearly a year of negotiations with its longtime backer Microsoft, OpenAI has granted the latter a 27% stake . This move eliminates significant uncertainty for both companies and paves the way for the ChatGPT developer to become a for-profit venture. In a statement released Tuesday, both companies said that under the revised agreement, Microsoft will acquire approximately $135 billion in OpenAI stock . Additionally , Microsoft will have access to the artificial intelligence (AI) startup’s technology through 2032, including models that have already reached the benchmark for artificial general intelligence (AGI). OpenAI has spent much of this year pushing for restructuring,

The developers of password manager LastPass have warned users of a large-scale phishing campaign that began in mid-October 2025. Attackers are sending emails containing fake requests for emergency access to the password vault, related to the death of users. According to experts, the financially motivated hacker group CryptoChameleon (also known as UNC5356 ) is behind this campaign. The group specializes in cryptocurrency theft and previously attacked LastPass users in April 2024. The new campaign has proven to be extensive and technologically advanced: attackers are now hunting not only master passwords, but also passkeys. CryptoChameleon uses a specialized phishing kit that targets cryptocurrency

Worldline payment terminals, widely used in Switzerland, have been exposed to an attack that allows anyone to gain complete control of the device in just a minute . The vulnerability affects the Worldline Yomani XR model, installed in supermarkets, cafes, repair shops, and other locations that accept credit cards. Despite its seemingly secure appearance and sophisticated vandal-proof design, the terminal allows passwordless root access via the backdoor if an attacker gains physical access. Analysis revealed an unused debugger connector on the terminal’s rear panel, hidden under a small flap. After connecting a standard serial cable and booting the device, the specialist observed

NeuralTrust researchers have discovered a vulnerability in OpenAI’s ChatGPT Atlas browser. This time, the attack vector is linked to the omnibox, the bar where users enter URLs or search queries. Apparently, a malicious prompt can be disguised as a harmless link, tricking the browser into interpreting it as a trusted user command. The root of the problem lies in how Atlas handles input in the Omnibox. Traditional browsers (like Chrome) clearly distinguish between URLs and text search queries. However, Atlas must recognize not only URLs and search queries, but also natural language prompts addressed to the AI agent. And that’s where the

The ClayRat spyware campaign is expanding rapidly and increasingly targeting Android users. According to Zimperium, the malware is actively spreading among Russian users through fake websites and Telegram channels, masquerading as popular apps like WhatsApp, TikTok, YouTube, and Google Photos . Once installed, the malware gains access to a wide range of functions, including reading SMS and notifications, viewing the list of installed apps, taking photos with the front-facing camera, making calls, and sending messages. ClayRat’s key feature is its aggressive self-propagation mechanism. The malware automatically sends malicious links to all of the victim’s contacts, turning the infected device into an active

In an age where every question is answered with a simple tap, we users have perhaps gotten a little too comfortable with the new AI-based assistants. Ultimately, it makes little difference which one we choose: the most popular language models all belong to large private companies. Nothing new, some might say; most of the digital services we use every day are, too. The difference, however, is that here we’re not interacting with a search engine or a social network, but with a system that simulates human conversation. And it’s precisely this naturalness that drives us, often without realizing it, to share information

Von der Leyen launches “AI First” at Italian Tech Week: three obstacles to overcome and a €2 billion startup lost along the way. Turin, October 3, 2025. Before thousands of entrepreneurs and investors at the OGR, Ursula von der Leyen launched her vision: “AI First.” And to explain the urgency of this revolution, the President of the European Commission told a story that still stings: that of the Italian startup Kong , which was forced to cross the Atlantic to find someone who believed in it. The startup that Europe let slip away It all began with two young men from Milan,