A historic Myanmar earthquake was caught on CCTV, revealing the fault moving 2.5 meters in just 1.3 seconds.
The rare footage confirmed a pulse-like rupture and a curved slip path, offering groundbreaking clues for earthquake science.
Powerful Earthquake Shakes Central Myanmar.
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate privileges in Exchange Online cloud environments undetected.
Exchange hybrid configurations connect on-premises Exchange servers to Exchange Online (part of Microsoft 365), allowing for seamless integration of email and calendar features between on-premises and cloud mailboxes, including shared calendars, global address lists, and mail flow.
However, in hybrid Exchange deployments, on-prem Exchange Server and Exchange Online also share the same service principal, which is a shared identity used for authentication between the two environments.
A recently fixed WinRAR vulnerability tracked as CVE-2025–8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.
The flaw is a directory traversal vulnerability that was fixed in WinRAR 7.13, which allows specially crafted archives to extract files into a file path selected by the attacker.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path,” reads the WinRAR 7.13 changelog.
OpenAI’s CEO, Sam Altman, overpromised on GPT-5, and real-life results are underwhelming, but it looks like a new update is rolling out that might address some of the concerns.
GPT-5 is a state-of-the-art model. In our tests, BleepingComputer found that GPT-5 does really well in coding. It was significantly faster than the other OpenAI models, including o3.
However, GPT-5 struggles to be ‘creative’ in writing, and it also often fails to switch to its new reasoning capabilities when users expect.
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.
In June, Google warned that a threat actor they classify as ‘UNC6040’ is targeting companies’ employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data. This data is then used to extort companies into paying a ransom to prevent the data from being leaked.
In a brief update to the article last night, Google said that it too fell victim to the same attack in June after one of its Salesforce CRM instances was breached and customer data was stolen.
ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls.
Dell ControlVault is a hardware-based security solution that stores passwords, biometric data, and security codes within firmware on a dedicated daughterboard, known as the Unified Security Hub (USH).
The five vulnerabilities, reported by Cisco’s Talos security division and dubbed “ReVault,” affect both the ControlVault3 firmware and its Windows application programming interfaces (APIs) across Dell’s business-focused Latitude and Precision laptop series.
