Tenable has published technical details of three now-fixed vulnerabilities in Google’s Gemini AI platform, collectively labeled Gemini Trifecta. The flaws—affecting Gemini Cloud Assist, Gemini Search Personalization, and the Gemini Browsing Tool—demonstrated how prompt injection can coerce large language models (LLMs) into leaking sensitive data or misusing integrated cloud privileges. What Is the Gemini Trifecta? Why … Read more

Microsoft announced a new security capability for Edge that will detect and revoke malicious extensions installed outside the official Edge Add-ons store (sideloaded). The rollout is planned for November 2025 and will be available across all global multi-tenant instances. While technical specifics were not disclosed, the feature targets a long-standing attack vector used to compromise … Read more

The OpenSSL Project has released security updates across multiple branches, addressing three vulnerabilities with varying impact. Patches are available in OpenSSL 3.5.4, 3.4.3, 3.3.5, 3.2.6, 3.0.18, 1.1.1zd, and 1.0.2zm. Given OpenSSL’s ubiquity in servers, applications, and embedded systems, timely upgrades are essential to protect the confidentiality and integrity of TLS traffic. OpenSSL vulnerabilities: overview and … Read more

Asahi Group Holdings, a leading global brewer and the top player in Japan, reported a cyberattack that disrupted core operations across its domestic business. The company suspended order intake and deliveries, and its call center and support lines were temporarily unavailable. According to Reuters, all 30 Asahi plants in Japan were halted as a precaution. … Read more

Internet connectivity in Afghanistan is gradually returning after a two-day nationwide blackout. Independent observers at NetBlocks and Cloudflare Radar recorded a staged recovery in network availability, while local broadcaster TOLOnews reported that “all telecommunications networks have resumed operations.” Authorities attributed the outage to aging fiber-optic infrastructure requiring replacement. Timeline of the Afghanistan Internet Shutdown On … Read more

Threat researchers at Sekoia have documented ongoing campaigns, active since 2023, in which adversaries compromise Milesight cellular IoT routers and repurpose them as infrastructure for large‑volume SMS phishing (smishing). Honeypot telemetry indicates that a subset of these industrial devices is being used as decentralized SMS gateways, complicating detection and blocking by mobile network operators (MNOs) … Read more

DrayTek has disclosed a critical vulnerability, tracked as CVE-2025-10547, that enables unauthenticated remote code execution (RCE) on multiple Vigor router models via specially crafted HTTP/HTTPS requests to the web management interface. A working proof-of-concept (PoC) exploit exists, significantly elevating the risk of rapid weaponization once more technical details circulate. Technical overview: memory corruption leading to … Read more

Security researchers at Cleafy have identified Klopatra, a previously undocumented Android banking trojan combined with a full-fledged remote access tool (RAT). The malware is distributed via a sideloaded IPTV/VPN app and has already led to more than 3,000 unique infections. Klopatra stands out by blending traditional credential theft with covert, operator-driven control of the device … Read more

Brave Software has introduced Ask Brave, a new interface that merges traditional web search with a generative AI chat in a single workflow. The service is free, accessible from any browser at search.brave.com/ask, and emphasizes privacy by default. The design aims to bridge the gap between classic “ten blue links” and long-form LLM answers, keeping … Read more

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that attackers are actively exploiting CVE-2025-32463, a critical flaw in sudo—the ubiquitous utility for executing commands with superuser privileges on Linux. The vulnerability carries a CVSS score of 9.3 and enables local privilege escalation to root on affected systems. What happened: affected versions and exploitation … Read more