OpenAI plans to give content owners greater control over how their characters appear in Sora, moving toward an opt-in model and instituting revenue-sharing for participating rights holders.
The Oracle E-Business Suite campaign continues to grow. This analysis explains the expanding victim list, enterprise impact, and the steps teams should take now to patch, hunt, and contain risk.
A malicious MCP server can exfiltrate API keys and sensitive data from applications, exposing how trust in developer frameworks can be abused.
NGAV (next-gen antivirus) focuses on stopping malware and exploits with AI and behavior analysis. EDR adds continuous visibility, investigation, and one-click response when prevention misses. For most SMEs, start with a strong NGAV baseline and move to EDR as soon as you can support alerts and response especially if ransomware or hands-on-keyboard attacks worry you. …
The Trump administration is reportedly considering licenses that would let Nvidia sell its H200 AI chips to China, reversing earlier restrictions that treated the GPU as too advanced for export. The debate pits Nvidia’s lost China revenue and a fragile tech truce against fresh smuggling indictments, the proposed CHIP Security Act and mounting fears that high-end AI hardware will accelerate China’s weapons and surveillance programmes.
A U.S. court ordered Israeli spyware maker NSO Group to halt operations targeting WhatsApp and reduced damages in Meta’s lawsuit. The decision reinforces accountability for private surveillance firms accused of breaching digital privacy.
Security researchers have identified a new StealIt malware campaign abusing the NodeJS SingleFile module to exfiltrate sensitive data from compromised environments. This JavaScript-based threat demonstrates how legitimate developer tools can be turned into effective espionage vectors within open-source ecosystems.
The Iran-linked APT MuddyWater has resurfaced with a new, stealthy malware loader disguised as a retro Snake-style game. The loader delivers a memory-only backdoor to Israeli targets. This shift shows how APTs increasingly combine social-engineering and covert execution to bypass defenses.
CISA is warning that state-linked threat actors are actively using commercial spyware and remote access trojans to hijack Signal and WhatsApp accounts, weaponize linked devices and deploy zero-click exploits. This article breaks down the campaigns, the tools involved and the specific hardening steps high-value targets should take immediately.
This Windows 11 (24H2) hardening guide delivers 20 Group Policy settings you can deploy today. You’ll protect credentials, block ransomware, enforce SMB signing, harden RDP, and tighten audit logging with version-specific notes and quick tests. Roll out in phases, validate with gpresult, and keep exceptions minimal and time-boxed.