Threat actors are exploiting ChatGPT’s content-sharing feature to set up fake OpenAI outage pages. These pages instruct users to download malware disguised as the ChatGPT desktop app. The campaign, called “LLMShare” and uncovered by Push Security, uses Google ads to lead users to a malicious shared ChatGPT page hosted on the legitimate chatgpt.com domain. Since…
A self-taught tech enthusiast who goes by the name “Louis” claims he found a vulnerability in the Trump Mobile website that let him extract customer data using simple HTTP POST requests. He says the flaw exposed information for more than 27,000 customers who had placed orders. The issue appears to have been fixed, although Trump…
OpenAI is launching Daybreak, an AI initiative focused on detecting and patching vulnerabilities before attackers find them. Daybreak uses the Codex Security AI agent that launched in March to create a threat model based on an organization’s code and focus on possible attack paths, validate likely vulnerabilities, and then automate the detection of the higher…
Attackers are currently running a malvertising campaign that uses Google Ads and legitimate shared chats on Claude.ai to spread macOS infostealer malware. The campaign was identified by Berk Albayrak, a security engineer at Trendyol Group, with BleepingComputer independently confirming a second active version using different infrastructure. Users searching for “Claude mac download” might see sponsored…
Google is introducing a new approximate location sharing option in Chrome for Android, replacing the previous all-or-nothing location permission model. Users can now share a neighborhood-level location with websites instead of their exact coordinates. The update was announced on the Google blog and is currently being rolled out on mobile devices first. According to Google,…
Instagram has removed end-to-end encryption from its direct messages as of May 8, 2026. This change allows Meta to access and process the content of Instagram DMs, ending the optional encryption feature that has been available since 2019. The company announced the change earlier this year, and the May 8 date is now in effect….
The Instructure-owned learning management platform, Canvas, is down after recently confirming a massive data breach that impacted student names, email addresses, ID numbers, and messages. Students attempting to access the system on Thursday saw a message from the hacking group ShinyHunters, which claimed responsibility for the attack: ShinyHunters has breached Instructure (again). Instead of contacting…
Google Chrome has been quietly downloading around 4GB of Gemini Nano AI model weights to user devices without their consent, and it automatically re-downloads the files if they are deleted. This behavior has been confirmed on Windows 11, Apple Silicon, and Ubuntu systems, with user reports indicating it has been happening for about a year….
Apple has announced that end-to-end encryption for RCS messaging between iPhone and Android devices will be included in iOS 26.5. The feature has been in testing since the beta of iOS 26.4 and is currently available in the release candidate of iOS 26.5. This release candidate is the version Apple plans to release publicly, assuming…
Zoom has announced a partnership with Tools for Humanity to bring World ID Deep Face into Zoom Meetings. The goal is to enable real-time verification that participants are human rather than AI-generated. The integration is mainly targeted at enterprises and regulated industries such as financial services, healthcare, and executive communications. During the process, no personal…
