Researchers hammered ChatGPT, Gemini, and Claude with adversarial prompts across hate, self-harm, sexual content, and crime. Gemini Pro 2.5 leaked the most unsafe answers, Gemini Flash 2.5 resisted best, and Claude models looked strict but cracked under “academic-style” questions in some categories.
Researchers identified Android-based photo frames that auto-download malware at boot, then execute payloads after each restart. Consequently, attackers gain control on rooted devices with disabled SELinux and weak signing.
A fake Chrome wallet called “Safery” steals seed phrases by encoding them into Sui addresses and sending dust transactions, allowing attackers to reconstruct mnemonics later. Consequently, users risk full account takeover. Enforce extension allowlists, remove unknown wallets, rotate seeds, and migrate assets to new addresses immediately.
CISA warned that multiple federal agencies still haven’t fully patched Cisco ASA/FTD devices despite active exploitation. Because the campaign targets the VPN web server and enables device takeover, teams must apply fixes for CVE-2025-20333/20362, follow ED 25-03 inventory and validation steps, and disconnect end-of-support hardware. This analysis explains impact, attack flow, high-signal detection, and fast remediation so defenders can reduce edge-device risk without slowing operations.
A worm-like spam campaign flooded npm with tens of thousands of fake packages, polluting search results and straining CI/CD. Consequently, treat registries as hostile input. Enforce allowlists, verify npm provenance with Sigstore, disable lifecycle scripts by default, and promote dependencies through SLSA-aligned stages to cut risk.
Apache OpenOffice 4.1.16 fixes seven vulnerabilities that allowed silent external content loading and possible memory corruption during CSV import. Update immediately, restrict DDE and Calc external data sources, and replace templates that embed remote URLs. Verify the new prompts and monitor document-triggered network fetches
Google filed a lawsuit in New York to disrupt “Lighthouse,” a phishing-as-a-service network behind large-scale smishing. Consequently, the case seeks injunctions, domain seizures, and damages. For defenders, the move creates detection windows as operators pivot infrastructure so tighten filters, accelerate takedowns, and harden fraud telemetry now.
DanaBot restarted Windows campaigns after a six-month break. Consequently, teams tighten email defenses, inspect loaders, and hunt for fresh C2 as affiliates pivot tooling.
GootLoader reappeared with custom WOFF2 web-fonts that swap glyph shapes, so a gibberish string in source renders as a harmless-looking filename in the browser. Consequently, victims on SEO-poisoned WordPress sites download ZIP archives carrying JavaScript loaders that trigger rapid, hands-on compromises. Therefore, block risky downloads, hunt for loader execution, and harden WordPress and endpoints to cut dwell time and prevent domain-wide impact within hours.
Microsoft’s November update fixes an exploited Windows Kernel zero-day (CVE-2025-62215) and a critical zero-click GDI+ RCE (CVE-2025-60724). Therefore, prioritize domain controllers, management servers, upload-handling services, and developer workstations using WSLg. Then complete fleet rollout and validate Kerberos delegation settings to blunt identity abuse.