Google has pushed an emergency update for Chrome to close a high-severity zero-day vulnerability that's already being exploited in the wild. The flaw stems from a use-after-free bug in Chrome's CSS font handling and can lead to crashes, rendering issues, or worse.
Obsolete edge gear is now seen as a primary intrusion path for state-backed hackers
TL;DR: When attackers probe government systems, they often begin not with stolen credentials or phishing emails but with aging routers and firewalls left running long past their expiration dates. Those neglected edge devices have become a top federal concern, and US agencies are now being told to remove them before attackers take advantage.
Notepad++ reports that attackers compromised its former ISP in 2025 and redirected app update traffic to malicious servers without exploiting the editor's code itself – an incident we reported last month. The project has since migrated to a new host and strengthened update verification. Users must manually update to Notepad++ 8.9.1 to receive the latest security fixes.
Connecting the dots: When Google's Threat Analysis Group uncovered unusual network activity rippling across millions of internet-connected devices, something didn't add up. The traffic patterns didn't match typical malware signatures. Instead, what they found looked more like a massive distributed relay system: millions of private phones, computers, and smart home devices quietly moving data for someone else. That someone, Google now says, was a Chinese company called IPIDEA.
The assistant can browse the web, handle files, and even use your credit card
In brief: A new local AI assistant first popularized under the name "Clawdbot" is experiencing a surge in popularity because it fulfills many of the promises made by prior smart assistants and AI agents. However, its impressive range of capabilities requires full access to the user's device, files, and login credentials – and security researchers have found gaping vulnerabilities.