In a recent experiment with OpenAI’s ChatGPT, a security researcher uncovered a potentially serious vulnerability(CVE-2025-43714) involving the way the chatbot handles and renders SVG and image tags within code blocks. The flaw, which has since been reported to OpenAI and partially mitigated, raised concerns around stored cross-site scripting (XSS) and phishing vectors. The issue emerged when … Continued
A cyberattack on the U.K.’s Legal Aid Agency(LAA) has compromised a vast trove of personal and financial data dating back to 2010, the government confirmed, raising concerns over the safety of thousands of legal aid applicants. What Happened On April 23, officials discovered a cyberattack on the agency’s online portal used by legal aid providers … Continued
After Trump’s NSA Mike Waltz was photographed using the TM SGNL app during a cabinet meeting, the incident set off alarm bells across the global cybersecurity community. Hackers and threat actors scrambled to uncover potential zero-day vulnerabilities in the app. Meanwhile, security researcher Micah Lee began publishing a series of explosive reports that gradually led … Continued
A newly released tool named Defendnot can effectively disable Microsoft Defender on Windows systems by exploiting an undocumented Windows Security Center (WSC) API. Developed as a security research project by researcher es3n1n, the tool tricks Windows into believing a legitimate antivirus solution is installed, even when no actual security software is present. Under normal conditions, … Continued
A persistent cyber-espionage operation tied to Russia’s military intelligence agency has been targeting high-level Ukrainian officials and foreign defense contractors supplying arms to Kyiv, new research reveals. Security analysts at ESET report that the hacking group fancy bear, widely attributed to Russia’s GRU—has been conducting an aggressive cyberespionage campaign since at least 2023. The operation … Continued
Nova Scotia Power, one of Canada’s largest utility providers, has confirmed it suffered a significant data breach following a cyberattack discovered last month. The Halifax-based company, a subsidiary of Emera Inc., revealed that threat actors gained unauthorized access to portions of its network and servers supporting business operations. While electricity generation and distribution remained unaffected, … Continued
Threat actors are actively exploiting a high-severity zero-day vulnerability in Samsung’s MagicINFO Server 9, a digital signage management platform widely used for content creation and display control. The flaw, tracked as CVE-2025-4632, poses a serious security risk, allowing unauthenticated attackers to achieve remote code execution by uploading malicious files to vulnerable servers. CVE-2025-4632 On April … Continued
Google has issued an urgent security update for its Chrome web browser to address a critical vulnerability that could enable attackers to fully take over user accounts if exploited. The flaw, identified as CVE-2025-4664, is categorized as high-severity and involves insufficient policy enforcement in Chrome’s Loader component. This could allow remote attackers to steal sensitive … Continued
The Australian Human Rights Commission (AHRC) has confirmed it was impacted by a significant data breach that exposed hundreds of sensitive documents uploaded via its website. The breach involved attachments submitted through the Commission’s online complaint webform between March 24 and April 10, 2025. These documents were inadvertently made publicly accessible and were viewed between … Continued
A report by blockchain analytics firm Elliptic has exposed Xinbi Guarantee, a massive Chinese-language Telegram marketplace, as a central player in Southeast Asia’s pig butchering scams and other organized cyberfraud. The platform is also implicated in laundering stolen cryptocurrency linked to North Korean hackers. According to Elliptic, Xinbi Guarantee has facilitated at least $8.4 billion … Continued
