Researchers found malicious VS Code extensions and Go, npm, and Rust packages stealing developer data via hidden payloads and exfiltration.
Get the latest international news and world events from around the world.
SAP fixes three critical vulnerabilities across multiple products
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws.
The most severe (CVSS score: 9.9) of all the issues is CVE-2025–42880, a code injection problem impacting SAP Solution Manager ST 720.
“Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module,” reads the flaw’s description.
Windows PowerShell now warns when running Invoke-WebRequest scripts
Microsoft says Windows PowerShell now warns when running scripts that use the Invoke-WebRequest cmdlet to download web content, aiming to prevent potentially risky code from executing.
As Microsoft explains, this mitigates a high-severity PowerShell remote code execution vulnerability (CVE-2025–54100), which primarily affects enterprise or IT-managed environments that use PowerShell scripts for automation, since PowerShell scripts are not as commonly used outside such environments.
The warning has been added to Windows PowerShell 5.1, the PowerShell version installed by default on Windows 10 and Windows 11 systems, and is designed to add the same secure web parsing process available in PowerShell 7.
Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws
Microsoft releases Windows 10 KB5071546 extended security update.
https://www.bleepingcomputer.com/news/microsoft/microsoft-re…ty-update/
#
Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.
Nvidia can sell the more advanced H200 AI chip to China — but will Beijing want them?
Nvidia has approval from the U.S. government to sell its more advanced H200 AI chips to China. But the question is whether Beijing wants it or will let companies buy it.
The company can now ship its H200 chip to “approved customers”, provided the U.S. government gets a 25% cut of those sales. It had been effectively banned from selling any semiconductors to China earlier this year, but since July sought to resume H20 sales, a less advanced chip designed specifically to comply with export restrictions.
Reports had suggested Beijing prohibited local companies from buying the H20. Nvidia is not baking in huge China sales into its forecasts as a result. After the ban was lifted, the Financial Times reported China would “limit access” to the H200, citing unidentified sources.
Google CEO Sundar Pichai hints at building data centres in space; Elon Musk replies
The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk’s news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.
