A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, researchers at Check Point have said. The attackers leveraged CVE-2025-8088, a path traversal vulnerability in the widely used file archive and… Read More "New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability"
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google’s strongest protections against targeted attacks. To… Read More "Google’s Strongest Security for Mobile Devices"
Digital evidence, especially that extracted from smartphones, is now key to nearly all police investigations, a new report from Cellebrite has confirmed. The Israeli forensics company compiled its 2026 Industry Trends Report based on interviews with 1200 law enforcement practitioners… Read More "Smartphones Now Involved in Nearly Every Police Investigation"
Google Quantum AI’s mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able… Read More "Tracking the Cost of Quantum Factoring"
A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how default behaviours in the cloud-based development service can… Read More "Malicious Commands in GitHub Codespaces Enable RCE"
Posted by Chrome Root Program, Chrome Security Team Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025. The Chrome Root Program Policy states that Certification Authority (CA)… Read More "Google Online Security Blog: Sustaining Digital Certificate Security"
Security researchers at Sysdig have observed new campaigns exploiting React2Shell which appear to have the hallmarks of North Korean hackers. React2Shell is a remote code execution vulnerability in React Server Components (RSCs). Tracked as CVE-2025-55182, the flaw has a maximum… Read More "React2Shell Exploit Campaigns Tied to North Korean Cyber Tactics"
With the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where… Read More "Mitigating prompt injection attacks with a layered defense strategy"
Microsoft patched an actively exploited zero-day vulnerability as part of its monthly security update cycle yesterday. CVE-2025-62221 is an elevation of privilege (EoP) bug in the Windows Cloud Files Mini Filter Driver, which enables a low-privileged user to achieve system-level… Read More "Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025"
The Department of Homeland Security is moving to consolidate its face recognition and other biometric technologies into a single system capable of comparing faces, fingerprints, iris scans, and other identifiers collected across its enforcement agencies, according to records reviewed by… Read More "DHS Wants a Single Search Engine to Flag Faces and Fingerprints Across Agencies"
