How We Accidentally Built The World’s Largest Botnet Supply Chain

Carlos Morales is SVP and GM, DDoS and Application Security, DigiCert. Many of you probably unwrapped a smart device this ...

How ‘Reprompt’ Attack Let Hackers Steal Data From Microsoft Copilot

Varonis found a “Reprompt” attack that let a single link hijack Microsoft Copilot Personal sessions and exfiltrate data; ...

How a simple link allowed hackers to bypass Copilot's security guardrails - and what Microsoft did about it

Reprompt impacted Microsoft Copilot Personal and, according to the team, gave "threat actors an invisible entry point to perform a data‑exfiltration chain that bypasses enterprise security controls ...
Tech Xplore

World-first social media wargame reveals how AI bots can swing elections

On December 14, 2025, a terrorist attack occurred at Bondi Beach in Sydney, Australia, leaving 15 civilians and one gunman ...
Dark Reading

AsyncRAT Malware Infests Orgs via Python & Cloudflare

The phishing campaign shows how attackers continue to weaponize legitimate cloud services and open source tools to evade ...
CNET

A Beginner's Guide to ChatGPT: How to Get Started With the AI Chatbot

You can use ChatGPT as a search engine, much like Google's home page. Go to chatgpt.com or download the ChatGPT app on ...
SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers. The targeted security defect, tracked as CVE-2025-55182, impacts systems relying on ...
The Hacker News

RondoDox Botnet Exploits Critical React2Shell Flaw to Hijack IoT Devices and Web Servers

Cybersecurity researchers have disclosed details of a persistent nine-month-long campaign that has targeted Internet of Things (IoT) devices and web applications to enroll them into a botnet known as ...
The Hacker News

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

A high-severity security flaw has been disclosed in MongoDB that could allow unauthenticated users to read uninitialized heap memory. The vulnerability, tracked as CVE-2025-14847 (CVSS score: 8.7), ...