Microsoft has rolled out patches for 183 security vulnerabilities across its products this October, including three flaws already being exploited in the wild. Among them, two zero-days affect Windows systems and allow attackers to elevate privileges. One vulnerability involves the ltmdm64.sys driver (part of the Agere modem stack), which ships with every Windows installation—even if […]
Microsoft has taken steps to strengthen security around its Internet Explorer (IE) compatibility mode in Edge after learning that hackers had been using the legacy feature as a backdoor into systems. In August 2025, reports revealed that unknown threat actors exploited IE mode by combining social engineering with zero-day vulnerabilities in the old Chakra JavaScript […]
A new kind of cyber threat has emerged: malware that uses GPT-4 — the same type of AI behind advanced chat assistants — to generate malicious programs like ransomware. It’s like giving a weapon the ability to forge its own bullets. Researchers have discovered a prototype called MalTerminal that does just that. MalTerminal is a […]
A dangerous new Android malware called Datzbro has been discovered, and it’s specifically tricking seniors through fake Facebook groups and AI-generated posts. The attackers are pretending to organize friendly travel or community events, but their real goal is to convince people to install malicious apps that give hackers full control of their phones. The scam […]
Google’s new AI assistant, Gemini, had some serious security holes — and researchers say hackers could’ve used them to sneak in, steal data, or manipulate the system in sneaky ways. The good news is: these flaws have been patched. Here’s what went wrong, how it could’ve been abused, and what it means for you. What […]
A massive ad-fraud operation called SlopAds was found operating through 224 Android apps, which together were downloaded 38 million times across 228 countries and territories. The apps inflated ad impressions and clicks using hidden techniques, sending about 2.3 billion bid requests every day at its peak. The apps carried out this fraud in a stealthy […]
The Akira ransomware group has ramped up its attacks on SonicWall devices, exploiting a critical SSL VPN vulnerability and misconfigurations to gain unauthorized access. Security researchers have observed a surge in intrusions linked to SonicWall firewalls since late July 2025, particularly involving the flaw designated CVE-2024-40766, which scored 9.3 in severity. This issue stemmed from […]
Cybersecurity researchers have linked a new wave of attacks on financial institutions to the notorious group known as Scattered Spider, contradicting their earlier statements that they were disbanding. The group has shifted its focus toward the financial services industry, creating look-alike domains aimed at organizations in that sector, and launching a recent targeted intrusion against […]
In a joint operation, Microsoft’s Digital Crimes Unit and Cloudflare have dismantled RaccoonO365, a phishing-as-a-service (PhaaS) network, by seizing 338 domains tied to the toolkit. The network had been used to steal over 5,000 Microsoft 365 credentials across 94 countries since July 2024. The action was enabled by a court order from the Southern District […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two serious security problems—one in WhatsApp and another in a TP-Link Wi-Fi device—to its Known Exploited Vulnerabilities list. When a flaw makes this list, it means hackers have already taken advantage of it in real-world attacks, so quick action is needed to protect against further […]