Latest news as of 11/8/2025, 4:56:22 PM
The Hacker News
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive adversary with capabilities to observe network traffic to glean details about model conversation topics despite encryption protections under certain circumstances. This leakage of data exchanged between humans and streaming-mode language models could pose serious risks to
The Register
Esra'a Al Shafei spoke with The Reg about the spy tech 'global trade' Digital rights activist Esra'a Al Shafei found FinFisher spyware on her device more than a decade ago. Now she's made it her mission to surveil the companies providing surveillanceware, their customers, and their funders.… interview
Have I Been Pwned
In late October 2025, . Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses. data breached from the Hungarian political party TISZA was published online before being extensively redistributed
The Register
'Precision espionage campaign' began months before the flaw was fixed A previously unknown Android spyware family called LANDFALL exploited a zero-day in Samsung Galaxy devices for nearly a year, installing surveillance code capable of recording calls, tracking locations, and harvesting photos and logs before Samsung finally patched it in April.…
Dark Reading
The tool let its operators secretly record conversations, track device locations, capture photos, collect contacts, and perform other surveillance on compromised devices.
Bleeping Computer
Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. [...]
Dark Reading
A published VS Code extension didn't hide the fact that it encrypts and exfiltrates data and also failed to remove obvious signs it was AI-generated.
Dark Reading
In partnership with Emirates tech company G42, Microsoft is building the first stage of a 5-gigawatt US-UAE AI campus using Nvidia GPUs.
Bleeping Computer
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a Windows clean install. [...]
Bleeping Computer
A threat actor exploited a zero-day vulnerability in Samsung's Android image processing library to deploy a previously unknown spyware called 'LandFall' using malicious images sent over WhatsApp. [...]