Articles about Security

Lenovo’s customer service AI chatbot Lena was recently found to contain a critical vulnerability that could allow attackers to steal session cookies and run malicious code.

Cybernews researchers discovered that with just one maliciously crafted prompt, the AI could be manipulated into exposing sensitive data. Lenovo has since fixed the issue, but the case shows how chatbots can create fresh risks when not properly secured.

Continue reading →

The AI race is the modern-day space race, and the US is concerned that China will make too much progress too quickly. This is precisely why President Trump recently suggested that the likes of NVIDIA only allowed to sell limited versions of its AI chips to Chinese customers.

How could this be policed? Through the use of trackers, according to sources familiar with the matter.

Continue reading →

Microsoft has launched a limited public preview of Windows 365 Reserve, a new cloud-based service to help reduce downtime and disruption for business when disaster strikes.

Whether there is a system failure, a cyberattack, or something else goes wrong, Windows 365 Reserve provides access to a Cloud PC to help reduce disruptions. Microsoft says that it offers businesses “secure and on-demand Cloud PC access from anywhere when you need it most”.

Continue reading →

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Continue reading →

Microsoft has issued a warning about a high-severity vulnerability in hybrid Microsoft Exchange Server deployments.

Tracked as CVE-2025-53786, the vulnerability could allow for privilege escalation by cyber threat actors with administrative access to an on-premise Microsoft Exchange server. Although there is not currently any indication of active exploitation, the issue is considered extremely serious and requires immediate attention.

Continue reading →

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

Continue reading →

WhatsApp is now an essential communication tool for both personal and business use, and its popularity means that it is also a prime target for scammers. As such, the company has just announced the rollout of a new series of tools designed to help keep users informed and protected.

Among these new tools is a safety warning for group chats that warns about being added to new chat groups by unknown contacts. There are also tools and advice for individual chats, which are also targets for scams.

Continue reading →

Whenever there are privacy concerns voiced about software, they are almost always downplayed. But fears about Microsoft Recall appear to be well justified.

Announced and previewed last year, Microsoft Recall is a feature of Windows 11 which Microsoft says enables users to retrace their steps. It does this by capturing screenshots of computing activity, which can then be analyzed and searched using AI to home in on data, return to a project, and much more. But there have been lots of vocal protests about the potential for invasions of privacy.

Continue reading →

Dropbox has suddenly announced that it plans to discontinue its password manager, Dropbox Passwords. With the discontinuation coming at the end of October, users are left with very little time to find an alternative service.

The company is best known for its cloud storage service, and in announcing the impending shuttering of Dropbox Passwords it says that it wants “to focus on enhancing other features in our core product”. More than just closing down the password management side of things, Dropbox is also bringing dark web monitoring to an end.

Continue reading →

Attackers are finding new ways to get inside company systems, and deception is playing a bigger role than ever, according to the latest LevelBlue Threat Trends Report.

Threat actors are leaning on tactics like social engineering and AI tools to move quickly, stay hidden, and then extend their reach once inside. Even experienced users can be tricked into opening the door without realizing until it's too late.

Continue reading →

Cybersecurity exposure management company Intruder has introduced GregAI, an AI-powered security analyst that, unlike generic AI assistants, has full visibility into each user’s security environment.

Currently in beta, GregAI is available to free trial users and customers on Intruder’s Cloud, Pro, and Enterprise plans. The assistant is named after Intruder’s original mascot, following a design file mix-up involving a designer named Greg.

Continue reading →

Microsoft has released emergency patches for two remote code execution vulnerabilities in SharePoint. The CVE-2025-53770 and CVE-2025-53771 security flaws are addressed by KB5002768 and KB5002754.

The issue was discovered by security researchers back in May, when it was found that the vulnerability allows for RCE attacks dubbed ToolShell. Microsoft had tried to plug the security holes earlier in the month with the July Security Update, but this only partly addressed the problem – hence the need for the emergency, out-of-band patches.

Continue reading →

The Matanbuchus malware loader is not new – it has been around for at least 4 years – but it has evolved into something incredibly dangerous.

Matanbuchus 3.0 has been found targeting victims as part of a ransomware attack. Described as being “highly targeted”, the cyberattack campaign uses Microsoft Teams as a delivery method for the latest version of the malware loader. The highly sophisticated attack employs a Microsoft Teams call impersonating an IT helpdesk.

Continue reading →

As we are being reminded on a near daily basis, Microsoft is ending support for Windows 10 in mid-October. The company has made it clear that the end of support means the end of security updates, but this does not mean that all Windows 10 users will take notice and jump to Windows 11.

However much Microsoft might wish otherwise, Windows 10 will remain in popular usage for some years to come – so the company is tightening the thumbscrews. A quiet announcement reveals that anyone sticking with Windows 10 will no longer receive feature updates for their Microsoft 365 (Office) apps.

Continue reading →

When we think about storage, the primary concern is usually reliability – you need to know that the data you save remain safe and accessible. But there are plenty of other things to consider, and new offerings from TEAMGROUP takes a unique approach to security.

With the internal P250Q‑M80 NVMe SSD and the portable T‑Create Expert P35S external, there is not only military-grade AES-256 encryption to ensure data is not going to fall into the wrong hands, but also an uninterruptible self-destruct option. Push a red button on either of the devices and they can be wiped, or completely nuked – and nothing can stop the process.

Continue reading →