Researchers found three serious problems in Google’s Gemini AI that could have let hackers steal personal data like your location or saved info. These issues have now been fixed by Google.

One problem allowed hackers to hide secret commands in cloud logs, tricking Gemini into giving access to private cloud data. Another issue let hackers add fake searches to a person’s browser history, causing Gemini to leak private info when using that history. The third flaw allowed hackers to hide...

A recent phishing campaign is targeting users by pretending to be Ukrainian government agencies. Hackers send emails with malicious SVG files that start a chain of downloads, eventually installing malicious software like Amatera Stealer (which steals personal data and login info) and PureMiner (which secretly mines cryptocurrency using the victim’s computer). These malicious software tools are part of a larger set created by a group known as...

Microsoft and internet security company Cloudflare have shut down a major cybercrime operation known as RaccoonO365, which tricked thousands of people around the world into giving away their Microsoft 365 login information.

The group behind RaccoonO365 ran a subscription-based service that allowed other criminals to launch fake email attacks. These emails looked like they came from trusted companies such as Microsoft, Adobe, and DocuSign, but were designed to steal...

Cybersecurity experts have found two new malicious software threats: CHILLYHELL and ZynorRAT. CHILLYHELL targets macOS and is designed to secretly control infected devices. It can steal data, crack passwords, and run hidden commands. It connects to a remote server and stays hidden using multiple tricks. This malware was notarized by Apple in 2021, which made it harder to detect, but its certificate has now been revoked....

Cybersecurity experts have discovered a phishing campaign that uses fake voicemail and purchase order emails to spread malicious software called UpCrypter. The emails link to fake websites that look real by using company logos and domains. Victims are tricked into downloading a ZIP file with a hidden script that installs remote access tools, giving hackers full control of the device. The campaign started in August 2025 and mainly targets industries like...

Google has announced new rules to improve safety on Android phones. Starting in September 2026, all developers—whether they use the Play Store or not—will need to verify their identity before their apps can be installed on certified Android devices.

The new rule will first apply in Brazil, Indonesia, Singapore, and Thailand. Google says it will begin inviting developers to verify their identities starting in October 2025, with a full rollout by March 2026.

According to Google,...

A new Android malicious software called PhantomCard is targeting bank customers in Brazil by stealing credit and debit card data using NFC (near-field communication). The malware copies card info from a victim’s phone and sends it to criminals, who can then make fake payments.

PhantomCard spreads through fake Google Play pages offering a “card protection” app called Proteção Cartões, tricking users with fake positive reviews. When...

Zoom and Xerox have released important software updates to fix serious security problems that could let hackers break into computers or take control of them remotely.

What Happened with Zoom?

Zoom found a major flaw in some of its Windows apps that could allow a hacker to gain more control over a computer than they should. The issue was discovered by Zoom’s own security team and has now been fixed in the latest update.

The problem affects several Zoom...

A group called VexTrio Viper made fake apps that looked helpful—like phone cleaners, dating apps, or spam blockers—but were actually scams. These apps were found on both the Apple and Google app stores and were downloaded millions of times.

Once installed, they charged users secretly, showed endless ads, and collected personal info. Some users had a hard time...

Cybersecurity experts have uncovered a scam where fake cryptocurrency trading apps are being used to spread a dangerous malware called JSCEAL. This malware steals login info, crypto wallet data, and more.

Hackers post fake ads on Facebook using stolen or fake accounts. These ads lead victims to fake websites that look like real services (like TradingView), tricking them into downloading harmful apps.

The malware is hidden in parts—some in the website’s code, others in...