OpenAI is preparing the GPT-5.1 family for public rollout. This includes GPT-5.1 (base), GPT-5.1 Reasoning, and GPT-5.1 Pro for those who pay a $200 monthly subscription. […]
GlassWorm malware returns on OpenVSX with 3 new VSCode extensions
The GlassWorm malware campaign, which impacted the OpenVSX and Visual Studio Code marketplaces last month, has returned with three new VSCode extensions that have already been downloaded over 10,000 times. […]
Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday
With the first Patch Tuesday following Windows 10’s end of support approaching next week, users who continue to run the operating system should enroll in the Extended Security Updates (ESU) program to remain protected against newly discovered security vulnerabilities. […]
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances.
This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to
This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to
Malicious NuGet packages drop disruptive ‘time bombs’
Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. […]
Microsoft testing faster Quick Machine Recovery in Windows 11
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. […]
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. […]
New LandFall spyware exploited Samsung zero-day via WhatsApp messages
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. […]
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp
A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary
In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests
Other noteworthy stories that might have slipped under the radar: rogue ransomware negotiators charged, F5 hack prompts OT security guidance, Germany targets Huawei tech.
The post In Other News: Controversial Ransomware Report, Gootloader Returns, More AN0M Arrests appeared first on SecurityWeek.