The official X/Twitter Sesame Street Elmo account was hacked. Elmo starts spewing antisemitic messages and calls Trump a Child F*****R”.

The official X/Twitter Sesame Street Elmo account was hacked. Elmo starts spewing antisemitic messages and calls Trump a Child F*****R”.

The official X (formerly Twitter) account of Elmo, the iconic Sesame Street character, was compromised over the weekend, resulting in the publication of a series of highly offensive and antisemitic messages. The incident has raised serious concerns about social media security and the vulnerability of high-profile accounts.
Newly Discovered SMM Vulnerabilities in Gigabyte motherboard UEFI Firmware

Newly Discovered SMM Vulnerabilities in Gigabyte motherboard UEFI Firmware

Recent security research has revealed a series of critical vulnerabilities in Gigabyte motherboard firmware. Cybersecurity experts disclosed four severe vulnerabilities (CVE-2025-7026 through CVE-2025-7029) within the System Management Mode (SMM) components of Gigabyte’s UEFI firmware. SMM operates at a privilege level beneath the operating system, making it an attractive target for attackers seeking stealthy, persistent access.
Google Gemini can be exploited through indirect prompt injection to allow embedding of malicious content that directs users to phishing sites.

Google Gemini can be exploited through indirect prompt injection to allow embedding of malicious content that directs users to phishing sites.

Google Gemini for Workspace can be exploited through a technique called indirect prompt injection. This allows attackers to manipulate Gemini’s email summaries, making them appear legitimate while embedding malicious instructions or warnings that direct users to phishing sites—without using traditional attachments or direct links.
14 arrested for defrauding the UK government of 47 million in a sophisticated phishing attack.

14 arrested for defrauding the UK government of 47 million in a sophisticated phishing attack.

A coordinated international law enforcement operation has led to the arrest of 14 individuals suspected of orchestrating a sophisticated phishing attack that defrauded the UK government of an estimated £47 million. The large-scale scam, which targeted His Majesty’s Revenue and Customs (HMRC), compromised over 100,000 taxpayer accounts and stands as one of the most significant tax-related cybercrimes in recent UK history.
Computer hacker holding a video game controller

DOJ seizes several high-profile online marketplaces for distributing pirated video games.

The Department of Justice (DOJ) and the FBI’s Atlanta Field Office have announced the successful seizure and dismantling of several high-profile online marketplaces responsible for distributing pirated video games. This coordinated operation marks a significant victory in the ongoing fight against digital piracy and intellectual property theft.
Popular WordPress plugin Gravity Forms compromised in supply-chain attack.

Popular WordPress plugin Gravity Forms compromised in supply-chain attack.

The popular WordPress plugin Gravity Forms has been compromised in a supply-chain attack. For a brief window in July 2025, attackers managed to infect the manual installer packages available for download from the official Gravity Forms website with a backdoor. This incident did not affect automatic updates or installations performed through the built-in plugin updater, only manual downloads and composer installations.
Computer hacker holding a large metal lock and key

What are passkeys and how do they work? The future of secure, passwordless authentication.

In the evolving landscape of digital security, passkeys have become a transformative technology, ready to replace traditional passwords with a safer, more user-friendly alternative. Built on robust cryptographic principles and modern authentication standards, passkeys offer a seamless and highly secure way for users to access online services. They are the future of authentication.
Computer hacker holding a large metal lock and key

Force Push Scanner technique uncovers thousands of sensitive credentials and tokens in GitHub repositories.

White-hat researchers have recently exploited the Force Push Scanner technique to uncover thousands of active secrets in GitHub repositories. Security researcher Sharon Brizinov used the tool to scan "deleted" (dangling) commits and discovered a trove of sensitive credentials, including admin access tokens for major projects like Istio.