Microsoft has rolled out its final set of security updates for 2025, fixing 56 vulnerabilities in Windows, including one that has already been exploited by hackers.

Of these issues, three are critical and the rest are considered important. The problems affect a wide range of Windows features and could allow attackers to take control of computers or access sensitive information if left unpatched.

One of the most serious flaws affects the...

Microsoft quietly fixed a security bug in Windows shortcut (.LNK) files in its November 2025 updates. This bug, called CVE-2025-9491, let attackers hide harmful commands inside shortcut files. When a user looked at the file’s properties, Windows only showed the first 260 characters, hiding the rest. This made the shortcut look safe even when it was not.

Hackers from several countries, including China, Iran, North Korea, and Russia, had used this flaw since 2017 to...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are increasingly targeting people who use popular mobile messaging apps, such as Signal, WhatsApp, and Telegram.

According to CISA, cybercriminals are using sneaky tricks and fake apps to gain access to users’ accounts and steal sensitive information. The attacks are aimed at high-profile individuals, including government officials, military personnel, and leaders of civil society organizations,...

Attackers using a Phishing-as-a-Service kit called Sneaky 2FA have added Browser-in-the-Browser (BitB) attacks to their tools. This method creates fake pop-up login windows that look real, helping criminals steal Microsoft account credentials. BitB works by copying the look of a normal login pop-up and showing what appears to be a legitimate URL, even though the page is fake.

In one example, victims visited a suspicious site, passed a bot check, and...

Microsoft has released new security updates to fix 63 flaws in Windows and other products, including one that hackers are already taking advantage of.

The company says the most serious issue, known as CVE-2025-62215, affects the core of the Windows operating system. It could allow attackers who already have limited access to a computer to take full control of it. Microsoft discovered the problem itself and rushed to...

Cybersecurity experts at Tenable have found seven security flaws in OpenAI’s GPT-4o and GPT-5 models that could let attackers steal users’ personal data or chat histories. OpenAI has already fixed some of the issues.

These flaws enable prompt injection attacks, where hackers hide malicious instructions that trick ChatGPT into revealing information or performing unintended actions. Examples...

Meta is adding new features to protect users of Messenger and WhatsApp from scams. On WhatsApp, users get a warning before sharing their screen with unknown people during video calls to avoid sharing private info. On Messenger, there’s a “Scam detection” setting that alerts users about suspicious messages from strangers. If users choose, they can send messages to an AI for review, which helps find scams but means those messages aren’t fully private anymore. If a scam is detected, users get...

Microsoft has released fixes for 183 security problems across its products, including three serious bugs currently being used by hackers. The update comes as Microsoft officially ends support for Windows 10, unless users sign up for a paid Extended Security Updates (ESU) program.

What's the Risk?

• Three of the fixed problems have already been used in real-world cyberattacks:
• Two issues in Windows could let hackers...

  ---

  October 15, 2025 19:02 (on 10/16/25) |  0 | 2 minutes read

Researchers found three serious problems in Google’s Gemini AI that could have let hackers steal personal data like your location or saved info. These issues have now been fixed by Google.

One problem allowed hackers to hide secret commands in cloud logs, tricking Gemini into giving access to private cloud data. Another issue let hackers add fake searches to a person’s browser history, causing Gemini to leak private info when using that history. The third flaw allowed hackers to hide...

A recent phishing campaign is targeting users by pretending to be Ukrainian government agencies. Hackers send emails with malicious SVG files that start a chain of downloads, eventually installing malicious software like Amatera Stealer (which steals personal data and login info) and PureMiner (which secretly mines cryptocurrency using the victim’s computer). These malicious software tools are part of a larger set created by a group known as...