Security

Both Microsoft and Valve have issued warnings about flaws in the Unity engine that could expose gamers to attack. A new version of Steam has been released to plug the security hole as well.

Tracked as CVE-2025-59489, the Unity Gaming Engine Editor vulnerability has a severity rating of 8.4. The nature of Unity is such that the flaw affects multiple platforms – Windows, Linux, macOS and Android. There is good news for some, however; Xbox consoles, Xbox Cloud Gaming, iOS and HoloLens all remain unaffected.

The situation regarding Red Hat’s recent data breach is worsening – both for the company and for its customers. With GitLab instances belonging to the company having been breached by the Crimson Collective, hundreds of gigabytes of data were stolen.

Now the data breach has transformed into a demand for ransom – perhaps predictably. Interestingly, though, the extortion is not being perpetrated by the Crimson Collective, but by ShinyHunters.

Oracle has released an emergency patch and an urgent security warning about a 0-day vulnerability in Oracle E-Business Suite.

Tracked as CVE-2025-61882, the security flaw has a severity rating of 9.8 and is described as an “easily exploitable vulnerability”. Oracle warns that the vulnerability is “remotely exploitable without authentication”, going some way to explaining why it is seen as being so serious an issue.

The personal data of Discord users has been exposed after a third-party customer service provider suffered a data breach.

Hackers were able to obtain support tickets from an unnamed company used by Discord to provide support. From this, they were then able to gain access to data including names and government-issued IDs.

Perplexity is the latest company to release an AI-powered web browser. Comet is available free of charge for Windows and macOS, and it is looking to compete with the likes of Opera’s Neon.

Comet is not brand new. It launches in July to a limited audience, but now its AI powers are being made available to everyone. But while there is much excitement from Perplexity about the launch, and excitement from users, there is also a warning from security experts.

A group of hackers calling itself the Crimson Collective says that it has compromised GitLab instances belonging to Red Hat and stolen hundreds of gigabytes of data.

Red Hat has confirmed that it has suffered a data breach, but is yet to provide much in the way of details. The hacking group says that it managed to access 28,000 internal development repositories, and has stolen almost 570GB of compressed data.

A new study of 500 US IT and cybersecurity staff reveals that 84 percent report feeling uncomfortable levels of stress at work due to IT security risks, while 78 percent fear they will be personally blamed for security incidents.

The report from Object First exposes a gap in how organizations support their IT staff, highlighting the opportunity to provide mental health resources and less complex security technology to help reduce stress as cyber threats continue to rise.

Details have emerged about a now-patched flaw in Microsoft Entra ID which could have been exploited to gain access to any tenant of any company in the world.

Tracked as CVE-2025-55241, the Azure Entra Elevation of Privilege Vulnerability has a CVSS 3.1 severity rating of 10.0. The security researcher who discovered the flaw said that he had “found the most impactful Entra ID vulnerability that I will probably ever find. This vulnerability could have allowed me to compromise every Entra ID tenant in the world”.

The move from passwords to passkeys is making gradual progress, and Google is among the companies pushing to encourage people to make the switch.  Now there are signs that things are being taken up a notch.

Hidden away in the most recent Canary build of Chrome, Google is testing a flag which, when enabled, will automatically convert saved passwords into passkeys when logging into a site or service.

A growing cybersecurity skills crisis is forcing 64 percent of the organizations across Europe the Middle East and Africa to take risky shortcuts and temporary fixes to meet security demands.

Research from Insight Enterprises shows only 24 percent of IT decision-makers across EMEA say they have sufficient in-house cyber skills to keep pace with evolving threats. These shortages are delaying key initiatives (57 percent) and leaving more than half (57 percent) struggling to meet compliance requirements.

PasswordManager.com has released a new survey looking at how business leaders view Gen Z employees (those born around the mid-to-late 1990s through the early 2010s), especially when it comes to the handling of sensitive company information.

The results reveal that many bosses are worried about the younger generation, with nearly half of respondents believing they could leak secrets for social media attention.

History appears to be repeating. Plex has announced that it has suffered a security breach, exposing user data. The last time this happened was in 2022, and users are being advised to change passwords as soon as possible.

The company is referring to it as a “security incident that may potentially involve your Plex account information”. While Plex tries to downplay the severity of the breach, the fact that “an unauthorized third party accessed a limited subset of customer data from one of our databases” is concerning – especially when you consider that this is not the first time.

In an age where there is increased concern about privacy and security, people are embracing messaging platforms such as Signal. While Signal and other apps of its ilk mean enjoying a security boost, such apps are playing catch-up with mainstream messaging platforms in terms of other features and options.

Signal has just announced the availability of secure backups for chats, promising an easy way to restore your messaging history to a new device. This is something that Signal users have been begging for, and now it is here. As you might expect with a platform associated with security and privacy, backups are not a simple matter with Signal.

Microsoft has admitted that the security updates released for Windows in August caused problems for a lot of users. Affected users experienced a series of unexpected UAC (User Account Control) prompts.

The scale of the issue is large. This is not a problem that is limited to a particular version of Windows – every supported version of Windows that received the August 2025 security update is affected. This means that Windows 10, Windows 11, Windows Server 2022 and Windows Server 2025 have all been hit with the UAC prompts.

WhatsApp has addressed a serious security flaw in certain versions of its app. The vulnerability was a zero-click exploit, which the company says was being used to target specific users.

No details have been provided about those who were being targeted, so it is not clear whether they are celebrities, people linked to businesses, or something else. What is interesting, however, is the fact that it was Apple users who had been single out.