Microsoft has released new security updates to fix 63 flaws in Windows and other products, including one that hackers are already taking advantage of.

The company says the most serious issue, known as CVE-2025-62215, affects the core of the Windows operating system. It could allow attackers who already have limited access to a computer to take full control of it. Microsoft discovered the problem itself and rushed to...

Cybersecurity experts at Tenable have found seven security flaws in OpenAI’s GPT-4o and GPT-5 models that could let attackers steal users’ personal data or chat histories. OpenAI has already fixed some of the issues.

These flaws enable prompt injection attacks, where hackers hide malicious instructions that trick ChatGPT into revealing information or performing unintended actions. Examples...

Meta is adding new features to protect users of Messenger and WhatsApp from scams. On WhatsApp, users get a warning before sharing their screen with unknown people during video calls to avoid sharing private info. On Messenger, there’s a “Scam detection” setting that alerts users about suspicious messages from strangers. If users choose, they can send messages to an AI for review, which helps find scams but means those messages aren’t fully private anymore. If a scam is detected, users get...

Microsoft has released fixes for 183 security problems across its products, including three serious bugs currently being used by hackers. The update comes as Microsoft officially ends support for Windows 10, unless users sign up for a paid Extended Security Updates (ESU) program.

What's the Risk?

• Three of the fixed problems have already been used in real-world cyberattacks:
• Two issues in Windows could let hackers...

  ---

  October 15, 2025 19:02 (on 10/16/25) |  0 | 2 minutes read

Researchers found three serious problems in Google’s Gemini AI that could have let hackers steal personal data like your location or saved info. These issues have now been fixed by Google.

One problem allowed hackers to hide secret commands in cloud logs, tricking Gemini into giving access to private cloud data. Another issue let hackers add fake searches to a person’s browser history, causing Gemini to leak private info when using that history. The third flaw allowed hackers to hide...

A recent phishing campaign is targeting users by pretending to be Ukrainian government agencies. Hackers send emails with malicious SVG files that start a chain of downloads, eventually installing malicious software like Amatera Stealer (which steals personal data and login info) and PureMiner (which secretly mines cryptocurrency using the victim’s computer). These malicious software tools are part of a larger set created by a group known as...

Microsoft and internet security company Cloudflare have shut down a major cybercrime operation known as RaccoonO365, which tricked thousands of people around the world into giving away their Microsoft 365 login information.

The group behind RaccoonO365 ran a subscription-based service that allowed other criminals to launch fake email attacks. These emails looked like they came from trusted companies such as Microsoft, Adobe, and DocuSign, but were designed to steal...

Cybersecurity experts have found two new malicious software threats: CHILLYHELL and ZynorRAT. CHILLYHELL targets macOS and is designed to secretly control infected devices. It can steal data, crack passwords, and run hidden commands. It connects to a remote server and stays hidden using multiple tricks. This malware was notarized by Apple in 2021, which made it harder to detect, but its certificate has now been revoked....

Cybersecurity experts have discovered a phishing campaign that uses fake voicemail and purchase order emails to spread malicious software called UpCrypter. The emails link to fake websites that look real by using company logos and domains. Victims are tricked into downloading a ZIP file with a hidden script that installs remote access tools, giving hackers full control of the device. The campaign started in August 2025 and mainly targets industries like...

Google has announced new rules to improve safety on Android phones. Starting in September 2026, all developers—whether they use the Play Store or not—will need to verify their identity before their apps can be installed on certified Android devices.

The new rule will first apply in Brazil, Indonesia, Singapore, and Thailand. Google says it will begin inviting developers to verify their identities starting in October 2025, with a full rollout by March 2026.

According to Google,...