Tenable Research has disclosed multiple vulnerabilities in OpenAI’s ChatGPT that could allow attackers to steal private information from users’ memories and chat history without their knowledge. The vulnerabilities, discovered through months of investigation and responsibly disclosed in March 2024, have since been fully patched by OpenAI. The vulnerabilities center around prompt injection, a known weakness

Continue Reading

QNAP has released security updates addressing multiple critical vulnerabilities in several of its applications, including a severe SQL injection flaw in QuMagie, the company’s photo management application for network-attached storage (NAS) devices. SQL injection occurs when an attacker can insert malicious code into database queries, potentially allowing them to view, modify, or delete data they

Continue Reading

Google’s TAG (Threat Intelligence Group) has reported identification of malware actively querying AI language models during attacks to generate code on the fly and evade detection. The discovery marks a shift from attackers using AI as a productivity tool to deploying malware with built-in AI capabilities that adapt in real time. Google identified five new

Continue Reading

Four security flaws allowed message manipulation and caller ID spoofing; all issues resolved after responsible disclosureFour security flaws in Microsoft Teams has that allowed attackers to impersonate executives, manipulate messages, and forge identities in video calls have been patched. Disclosed by Check Point Research, the flaws, affecting the platform’s 320+ million monthly users, have been

Continue Reading

Google has recently pushed out an urgent Chrome security update, patching five vulnerabilities that could leave users exposed to attacks while browsing. Three of the flaws are rated high-severity, prompting security experts to urge immediate updates. The rollout of Chrome 142 began yesterday and will reach users gradually over the coming weeks across Windows, Mac,

Continue Reading

Microsoft has released an important security update for its Edge browser, addressing a remote code execution vulnerability that could allow attackers to run malicious code on users’ systems. Here’s what you need to know about this latest security patch. Last week, Microsoft disclosed CVE-2025-60711, a remote code execution vulnerability affecting Chromium-based versions of Microsoft Edge.

Continue Reading

Over 4,500 exploitation attempts already blocked as attackers target critical flaw allowing password reset hijackingA severe security vulnerability in the Post SMTP WordPress plugin has left more than 400,000 websites exposed to potential account takeover attacks. The flaw, discovered in mid-October 2025, allows unauthenticated attackers to access password reset emails and gain administrative control of

Continue Reading

Ubiquiti Networks has disclosed and patched a critical security vulnerability in its UniFi Access application that could have allowed attackers to bypass authentication and gain unauthorized control over door access systems. If you’re running UniFi Access for physical security management, this is one update you don’t want to skip. In the Security Advisory Bulletin 056,

Continue Reading