Security

An group of Switzerland's data protection watchdogs has issued a stark warning to public sector organizations: steer clear of major cloud platforms like Microsoft 365, Google Cloud, and AWS. The guidance points to critical shortcomings in data encryption and conflicting legal frameworks as the main reasons for concern. The group, named Privatim, says that the majority of software-as-a-service (SaaS) offerings lack robust end-to-end encryption. According to their findings, this gap could potentially allow providers to access data in a plaintext state, a vulnerability considered far too great ...view more

Security researchers are warning about a powerful new Android malware known as Albiriox. Reports indicate that this threat can potentially grant attackers full control over a smartphone, allowing them to carry out financial fraud directly from the compromised device. In these cases, banks may refuse to reverse or reimburse the losses, since the fraudulent activity appears to originate from the user's own phone. The malware is suspected to be the work of Russian cybercriminals and is being sold on the dark web through a Malware-as-a-Service (MaaS) framework. This concerning distribution model ...view more

Microsoft has released its final Windows 11 update for 2025, combining a security patch that addresses numerous bugs with several system refinements. The mandatory cumulative update, codenamed KB5072033 for versions 25H2 and 24H2, is rolling out now via Windows Update and includes fixes from the month's previous optional releases. The release tackled a persistent issue for gamers using certain AMD graphics cards. Following widespread user reports of frequent crashes and driver timeout errors in popular gaming titles, this update is reported to have resolved the instability. Key Stability and ...view more

A British man responsible for a high-profile 2020 hack of Twitter, now known as X, has been ordered to pay back 4.1 million British Pounds ($5.37 million USD) in cryptocurrency. Joseph James O'Connor, 26, is currently serving a five-year prison sentence in the United States after pleading guilty to multiple charges including computer intrusion and wire fraud. The cyber attack in July 2020 affected the accounts of numerous public figures, including then-presidential candidate Joe Biden, former President Barack Obama, and Tesla CEO Elon Musk. Other notable victims included Bill Gates, Warren ...view more

WhatsApp has announced a significant security enhancement: passkey support for end-to-end encrypted chat backups on both iOS and Android devices. This update means users can secure their valuable chat histories using the same simple methods they use to unlock their phones, such as a fingerprint, face scan, or screen lock PIN. (Source: forbes.com ) The move is designed to make robust security more accessible by removing a major hurdle for users. Previously, securing a cloud backup with end-to-end encryption required users to remember a complex password or safeguard a cumbersome 64-digit key. ...view more

Google has declined to fix a security vulnerability in its Gemini AI assistant that allows attackers to embed hidden instructions in emails and calendar invites. The flaw, known as ASCII smuggling, uses invisible characters that users cannot see but that artificial intelligence systems can read and process. Security researcher Viktor Markopoulos from cybersecurity firm FireTail discovered the vulnerability and reported it to Google in September. The company dismissed the issue, stating it only constitutes social engineering rather than a technical security bug. How the Attack Works ASCII ...view more

Microsoft has officially released Windows 11 version 25H2, marking the company's annual "feature update" for 2025. It's a quicker install than many updates, which is down to both the delivery and content of the update. Unlike traditional Windows updates that replace entire system files, version 25H2 utilizes a streamlined "enablement package" approach. The update activates feature code already present on machines running 24H2, requiring only a single restart to complete the installation process. Shared Codebase Simplifies Update Process Windows 11 versions 24H2 and 25H2 share the same ...view more

Microsoft has announced it will provide one year of no-strings free Extended Security Updates (ESUs) for Windows 10 users in the European Economic Area (EEA). Unlike the rest of the world, there's no need to follow any special conditions. Windows 10: The End is Near The end-of-support date for Windows 10 is October 14, 2025. Beyond this date, devices will no longer receive crucial security patches unless they are enrolled in the ESU program. Microsoft has shifted policy several times, originally suggesting the ESU was - as with previous Windows editions - only for businesses. It then offered ...view more

Researchers say a malware operation involving 224 malware-laden Android apps was particularly creative. They used a combination of tactics to disguise the malware and hide it from Google and security researchers. Human Security, which revealed details of the operation, has labeled the operation as "SlopAds". Its ultimate goal was to hijack phones and tablets to make bogus clicks to make it look like a user has viewed an ad on a site operated by the scammers. They then collect revenue from advertisers who are unaware no human saw their message. (Source: humansecurity.com ) The researchers say ...view more

Emails which appear to come from Apple email servers may be carefully crafted spam. Scammers have found a way to abuse Apple's calendar tools to disguise the spam and bypass filters. The spam is getting to many more recipients than usual as the messages appear to come from the user noreply[@]email.apple.com. It appears to be convincing enough that some spam filter systems are treating it as coming from a legitimate source within Apple, which is clearly not something most people would want blocked. The trick behind the spam is that the original message isn't sent as a standard email. Instead ...view more