Security

Microsoft has admitted that the security updates released for Windows in August caused problems for a lot of users. Affected users experienced a series of unexpected UAC (User Account Control) prompts.

The scale of the issue is large. This is not a problem that is limited to a particular version of Windows – every supported version of Windows that received the August 2025 security update is affected. This means that Windows 10, Windows 11, Windows Server 2022 and Windows Server 2025 have all been hit with the UAC prompts.

WhatsApp has addressed a serious security flaw in certain versions of its app. The vulnerability was a zero-click exploit, which the company says was being used to target specific users.

No details have been provided about those who were being targeted, so it is not clear whether they are celebrities, people linked to businesses, or something else. What is interesting, however, is the fact that it was Apple users who had been single out.

Downloading apps from an official app store helps to avoid dodgy  software. The obstacles that can stand in the way of  developers getting their apps into the likes of the Google Play Store, however, means that sideloading remains incredibly popular.

Sideloaded apps – those downloaded from unofficial sources – can be safe, but it is something of a minefield. And this is why Google has announced plans to block the sideloading of apps from developers that it has not been able to verify.

Whether you have been waiting for it or not, Google Password Manager is now available as a standalone app for Android users.

Breaking the Password Manager component out of the Chrome browser is an interesting move. There is no real reason for Google doing so other than making it slightly easier to access saved passwords and usernames.

Nearly half of Americans admit to reusing passwords across accounts, even as phishing attacks continue to rise. A new survey by Yubico and Talker Research shows that while many people feel confident in their ability to stay secure online, their actual habits reveal a different story.

The study asked consumers in 10 major US metro areas about their digital security practices. Forty eight percent said they use the same password for multiple accounts, a behavior that leaves them exposed if one login is compromised.

Lenovo’s customer service AI chatbot Lena was recently found to contain a critical vulnerability that could allow attackers to steal session cookies and run malicious code.

Cybernews researchers discovered that with just one maliciously crafted prompt, the AI could be manipulated into exposing sensitive data. Lenovo has since fixed the issue, but the case shows how chatbots can create fresh risks when not properly secured.

The AI race is the modern-day space race, and the US is concerned that China will make too much progress too quickly. This is precisely why President Trump recently suggested that the likes of NVIDIA only allowed to sell limited versions of its AI chips to Chinese customers.

How could this be policed? Through the use of trackers, according to sources familiar with the matter.

Microsoft has launched a limited public preview of Windows 365 Reserve, a new cloud-based service to help reduce downtime and disruption for business when disaster strikes.

Whether there is a system failure, a cyberattack, or something else goes wrong, Windows 365 Reserve provides access to a Cloud PC to help reduce disruptions. Microsoft says that it offers businesses “secure and on-demand Cloud PC access from anywhere when you need it most”.

Google has revealed more details about an attack on one of its corporate Salesforce instances. The company now says that the attack exposed user data of Google Ads customers.

The security issue was spotted by Google Threat Intelligence Group (GTIG) back in June. Activity by UNC6040 – described as a financially motivated threat cluster that specializes in voice phishing (vishing) – hit Salesforce and subsequent investigations have revealed the extent and impact of the attacks.

Microsoft has issued a warning about a high-severity vulnerability in hybrid Microsoft Exchange Server deployments.

Tracked as CVE-2025-53786, the vulnerability could allow for privilege escalation by cyber threat actors with administrative access to an on-premise Microsoft Exchange server. Although there is not currently any indication of active exploitation, the issue is considered extremely serious and requires immediate attention.

Traditional detection methods are being outpaced, with a 127 percent rise in malware complexity and one in 14 files initially deemed ‘safe’ by legacy systems proving to be malicious.

A new report from OPSWAT uncovers layered threats designed to evade analysis, including obfuscated loaders such as NetReactor and evasive behaviors missed by traditional tools. These results show that modern malware intends to confuse rather than flood defenses.

WhatsApp is now an essential communication tool for both personal and business use, and its popularity means that it is also a prime target for scammers. As such, the company has just announced the rollout of a new series of tools designed to help keep users informed and protected.

Among these new tools is a safety warning for group chats that warns about being added to new chat groups by unknown contacts. There are also tools and advice for individual chats, which are also targets for scams.

Whenever there are privacy concerns voiced about software, they are almost always downplayed. But fears about Microsoft Recall appear to be well justified.

Announced and previewed last year, Microsoft Recall is a feature of Windows 11 which Microsoft says enables users to retrace their steps. It does this by capturing screenshots of computing activity, which can then be analyzed and searched using AI to home in on data, return to a project, and much more. But there have been lots of vocal protests about the potential for invasions of privacy.

Dropbox has suddenly announced that it plans to discontinue its password manager, Dropbox Passwords. With the discontinuation coming at the end of October, users are left with very little time to find an alternative service.

The company is best known for its cloud storage service, and in announcing the impending shuttering of Dropbox Passwords it says that it wants “to focus on enhancing other features in our core product”. More than just closing down the password management side of things, Dropbox is also bringing dark web monitoring to an end.

Attackers are finding new ways to get inside company systems, and deception is playing a bigger role than ever, according to the latest LevelBlue Threat Trends Report.

Threat actors are leaning on tactics like social engineering and AI tools to move quickly, stay hidden, and then extend their reach once inside. Even experienced users can be tricked into opening the door without realizing until it's too late.