Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 2025 security conference. In a report examining the malicious use of LLMs, the cybersecurity company

The Hacker News
Open in Source
#vulnerability#web#windows#google#microsoft#The Hacker News
ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent

Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox data with a single crafted email without any user action. The new class of attack has been codenamed ShadowLeak by Radware. Following responsible disclosure on June 18, 2025, the issue was addressed by OpenAI in early August. "The attack

UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware

An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn. Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It's assessed to be affiliated with Iran's Islamic

Critical Azure Entra ID Flaw Highlights Microsoft IAM Issues

While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks, alarming some in the security community.

Russian Hackers Gamaredon and Turla Collaborate to Deploy Kazuar Backdoor in Ukraine

Cybersecurity researchers have discerned evidence of two Russian hacking groups Gamaredon and Turla collaborating together to target and co-comprise Ukrainian entities. Slovak cybersecurity company ESET said it observed the Gamaredon tools PteroGraphin and PteroOdd being used to execute Turla group's Kazuar backdoor on an endpoint in Ukraine in February 2025, indicating that Turla is very likely

CVE-2025-10501: Chromium: CVE-2025-10501 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10502: Chromium: CVE-2025-10502 Heap buffer overflow in ANGLE

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10500: Chromium: CVE-2025-10500 Use after free in Dawn

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

CVE-2025-10585: Chromium: CVE-2025-10585 Type Confusion in V8

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 140.0.3485.81 09/19/2025 140.0.7339.186

Put together an IR playbook — for your personal mental health and wellbeing

This edition pulls the curtain aside to show the realities of the VPN Filter campaign. Joe reflects on the struggle to prevent burnout in a world constantly on fire.