Cybersecurity researchers are warning about a new scam on LinkedIn where hackers use private messages to trick people into downloading harmful files.

According to security firm ReliaQuest, attackers contact professionals through LinkedIn, build trust, and convince them to download what appears to be a harmless file. In reality, the download secretly installs malicious software on the victim’s computer.

Once opened, the file allows attackers to quietly gain ongoing access to the...

Researchers have discovered a new attack called Reprompt that can steal sensitive data from AI chatbots like Microsoft Copilot. The attack works with just one click on a real Microsoft link and does not need any plugins or extra user actions. It tricks the chatbot into following hidden instructions from the attacker’s server, even after the chat is closed, so data can be taken without the user knowing. Microsoft has fixed this issue, and enterprise users...

Security experts have found two popular Chrome browser extensions that secretly read and send users’ ChatGPT and DeepSeek conversations to outside servers without their knowledge. Together, the extensions have been downloaded by more than 900,000 people.

The affected extensions are:

• Chat GPT for Chrome with GPT-5, Claude Sonnet & DeepSeek AI
• AI Sidebar with Deepseek, ChatGPT, Claude, and more

The...

Microsoft has rolled out its final set of security updates for 2025, fixing 56 vulnerabilities in Windows, including one that has already been exploited by hackers.

Of these issues, three are critical and the rest are considered important. The problems affect a wide range of Windows features and could allow attackers to take control of computers or access sensitive information if left unpatched.

One of the most serious flaws affects the...

Microsoft quietly fixed a security bug in Windows shortcut (.LNK) files in its November 2025 updates. This bug, called CVE-2025-9491, let attackers hide harmful commands inside shortcut files. When a user looked at the file’s properties, Windows only showed the first 260 characters, hiding the rest. This made the shortcut look safe even when it was not.

Hackers from several countries, including China, Iran, North Korea, and Russia, had used this flaw since 2017 to...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are increasingly targeting people who use popular mobile messaging apps, such as Signal, WhatsApp, and Telegram.

According to CISA, cybercriminals are using sneaky tricks and fake apps to gain access to users’ accounts and steal sensitive information. The attacks are aimed at high-profile individuals, including government officials, military personnel, and leaders of civil society organizations,...

Attackers using a Phishing-as-a-Service kit called Sneaky 2FA have added Browser-in-the-Browser (BitB) attacks to their tools. This method creates fake pop-up login windows that look real, helping criminals steal Microsoft account credentials. BitB works by copying the look of a normal login pop-up and showing what appears to be a legitimate URL, even though the page is fake.

In one example, victims visited a suspicious site, passed a bot check, and...

Microsoft has released new security updates to fix 63 flaws in Windows and other products, including one that hackers are already taking advantage of.

The company says the most serious issue, known as CVE-2025-62215, affects the core of the Windows operating system. It could allow attackers who already have limited access to a computer to take full control of it. Microsoft discovered the problem itself and rushed to...

Cybersecurity experts at Tenable have found seven security flaws in OpenAI’s GPT-4o and GPT-5 models that could let attackers steal users’ personal data or chat histories. OpenAI has already fixed some of the issues.

These flaws enable prompt injection attacks, where hackers hide malicious instructions that trick ChatGPT into revealing information or performing unintended actions. Examples...

Meta is adding new features to protect users of Messenger and WhatsApp from scams. On WhatsApp, users get a warning before sharing their screen with unknown people during video calls to avoid sharing private info. On Messenger, there’s a “Scam detection” setting that alerts users about suspicious messages from strangers. If users choose, they can send messages to an AI for review, which helps find scams but means those messages aren’t fully private anymore. If a scam is detected, users get...