Gemini’s Deep Research now taps Gmail, Drive, and Chat when users allow it. Because the agent can fuse internal messages and files with web context, output quality rises along with privacy risk. This guide shows how to roll out safely: set consent norms, restrict high-risk teams, validate audit coverage, and keep DLP and labels active so Deep Research never reads more than policy permits.
GlassWorm is the first known self-propagating worm targeting developer environments by infecting VS Code extensions with hidden Unicode payloads. Once installed, it steals credentials from NPM, GitHub and Git, and upgrades machines into proxy nodes and part of a distributed criminal infrastructure. It uses a blockchain-based command and control mechanism and auto-updates to spread across the developer ecosystem. In this article, we dissect how GlassWorm works, what makes it a paradigm shift in supply-chain attacks, and what organisations must do to detect and contain it before their dev workstations become weaponised.
X plans to retire the twitter.com domain for WebAuthn. Consequently, accounts that use hardware security keys or passkeys must re-enroll under x.com. Otherwise, access can break. This guide explains why re-enrollment matters, how to do it safely, and what SOC teams should monitor during the transition.
Google Mandiant has launched an investigation into a new cyberattack campaign targeting Oracle systems, raising alarms over advanced threat activity and enterprise risks.
A rapid cascade of cyber events Chrome zero-day, a record DDoS, Cisco IOS exploit, and Kali Linux upgrade highlight how threat activity keeps accelerating.
NVIDIA’s Jensen Huang says there are no active discussions to sell Blackwell chips to China. Because U.S. export controls bind shipments and Beijing restricts foreign accelerators in state-funded data centers, near-term access looks unlikely. This analysis explains what that means for procurement, security, and model roadmaps and how to design for heterogeneous accelerators without betting your budget on rumors.
Hackers have corrupted trusted antivirus software installers, injecting malicious code that installs hidden malware instead of legitimate protection.
Security researchers warn that this supply chain compromise could expose enterprises and consumers to large-scale remote control and data theft.
The recent outage at AWS’s US-EAST-1 region grounded dozens of major services and exposed a deeper issue: the loss of senior engineering expertise at Amazon. As widespread apps and platforms went offline, one question loomed large: Can the world’s largest cloud infrastructure sustain itself amid massive talent reductions? Below, we analyse the root causes, implications and lessons for infrastructure reliability.
A new cloud native botnet called ShadowV2 is taking aim at organizations worldwide. By abusing exposed Docker daemons and blending into legitimate cloud environments, the malware enables large scale distributed denial of service (DDoS) attacks while evading traditional defenses. With over 24,000 Docker instances exposed online, the potential for exploitation is significant What is ShadowV2?…
Encrypted doesn’t mean invisible. Microsoft’s “Whisper Leak” shows a passive observer can classify AI chat topics by watching packet sizes and timing on streaming language models. Here’s how the side-channel works, who can exploit it, and which mitigations actually move the needle.