Cyber Security

Microsoft Identifies “Summarize with AI” Prompts Manipulating Chatbot Recommendations

Microsoft has identified a new tactic used by legitimate businesses to influence artificial intelligence chatbot responses through so-called “Summarize with AI” buttons embedded on websites. The technique mirrors traditional search engine optimization abuse but targets AI systems instead of search rankings. The research, conducted by the Microsoft Defender Security Research Team, describes the method as AI Recommendation […]

Microsoft Identifies “Summarize with AI” Prompts Manipulating Chatbot Recommendations Read More »

Apple Tests End to End Encrypted RCS Messaging in iOS 26.4 Developer Beta

Apple has rolled out a new developer beta of iOS and iPadOS that introduces end-to-end encryption, E2EE, for Rich Communication Services (RCS) messaging. The capability is currently available in iOS 26.4 and iPadOS 26.4 beta builds and is expected to reach general users in a future software release across iOS, iPadOS, macOS, and watchOS. In its

Apple Tests End to End Encrypted RCS Messaging in iOS 26.4 Developer Beta Read More »

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers

A newly published academic study has revealed 25 distinct password recovery attacks affecting leading cloud-based password managers, including Bitwarden, Dashlane, and LastPass. Under specific threat conditions, these vulnerabilities could allow attackers to recover stored credentials or compromise organizational vaults. The research, conducted by academics from ETH Zurich and Università della Svizzera italiana, evaluated the security claims surrounding zero-knowledge encryption architectures implemented

Study Reveals 25 Password Recovery Vulnerabilities in Leading Cloud Password Managers Read More »

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released

Google has released critical security updates for its Chrome browser on Friday to fix a high-severity vulnerability that has already been exploited in the wild. The flaw, tracked as CVE-2026-2441 with a CVSS score of 8.8, is a use-after-free bug in CSS. Security researcher Shaheen Fazim reported the vulnerability on February 11, 2026, and has been credited for its discovery.

New Chrome Zero Day CVE-2026-2441 Actively Exploited, Security Patch Released Read More »

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging

Microsoft has uncovered a new evolution of the ClickFix social engineering technique, where attackers manipulate users into executing a DNS lookup command to retrieve malicious payloads. The campaign demonstrates how threat actors continue refining ClickFix methods to bypass traditional security defenses. How the DNS-Based ClickFix Variant Works In this newly observed attack chain, victims are

Microsoft Reveals DNS-Based ClickFix Attack Leveraging Nslookup for Malware Staging Read More »

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks

Cybercriminals have launched a new wave of cryptocurrency phishing attacks by sending physical letters to users of Trezor and Ledger hardware wallets. The fraudulent mail is designed to trick recipients into revealing their wallet recovery phrases, ultimately enabling attackers to steal digital assets. QR Code Scam Delivered by Post Unlike traditional email phishing, this campaign

Snail Mail Campaign Targets Trezor and Ledger Users in Cryptocurrency Theft Attacks Read More »

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Organizations

A previously undocumented cyber threat actor has been tied to malware attacks against Ukrainian organizations using a strain known as CANFAIL, according to Google Threat Intelligence Group (GTIG). GTIG notes that this group is likely connected to Russian intelligence services and has primarily targeted defense, military, government, and energy entities within Ukraine at both regional

Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Organizations Read More »

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks

Several state-sponsored and criminal cyber groups from China, Iran, North Korea, and Russia have increasingly targeted the defense industrial base (DIB), according to the latest findings from the Google Threat Intelligence Group (GTIG). GTIG reports that these attacks revolve around four main strategies: targeting defense entities using battlefield technologies during the Russia-Ukraine conflict, exploiting employees

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks Read More »

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors

A previously unknown threat actor, tracked as UAT-9921, has been linked to sophisticated campaigns targeting technology and financial services organizations. The adversary employs a modular malware framework named VoidLink, capable of long term, stealthy access across Linux and Windows systems, according to findings by Cisco Talos. VoidLink demonstrates advanced capabilities, including kernel level rootkits, on-demand plugin compilation, and

UAT-9921 Deploys VoidLink Malware Against Technology and Financial Sectors Read More »

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support

Google has reported that the North Korea-linked threat actor UNC2970 is using its generative AI model Gemini for reconnaissance, highlighting a growing trend of hacking groups weaponizing AI to accelerate cyber attack operations. These capabilities include information gathering, model extraction, and enhancing attack efficiency. According to the Google Threat Intelligence Group (GTIG), UNC2970 leveraged Gemini

Google Reports State-Backed Hackers Leveraging Gemini AI for Reconnaissance and Attack Support Read More »