PCWorld reports that Google Chrome 148 patches over 150 security vulnerabilities across desktop and mobile platforms, with 22 classified as critical. The update addresses 66 Use-after-free vulnerabilities that could potentially allow attackers to exploit browser memory, though none were actively exploited. Users should immediately update their Chrome browsers through Help About Google Chrome to protect against these security flaws.

Does'federated unlearning' in AI improve data privacy, or create a new cybersecurity risk? As the capacity of artificial intelligence (AI) increases at an exponential rate, so do concerns about the privacy of user data . Increasingly, organizations around the world are adopting something called federated unlearning that enables AI training without centralizing sensitive data. This allows hospitals, banks and government agencies to collaborate while keeping data local -- an approach that's regarded as a major advance in privacy . Federated unlearning promises that user data can be removed from a trained AI system .

Microsoft released its May Patch Tuesday update addressing 120 security vulnerabilities across Windows and Office, with 30 classified as critical including dangerous remote code execution flaws. PCWorld reports that Office received fixes for 27 vulnerabilities, nearly double April's count, with four critical Word flaws exploitable through preview panes without opening files. Critical Windows vulnerabilities in DNS client and Netlogon services require immediate patching, though Microsoft states none are currently exploited in the wild. Yesterday was May's Patch Tuesday, meaning Microsoft released new updates that addressed 120 security vulnerabilities. In addition to Windows and Office, Microsoft's cloud services were also affected.

This update matters significantly as it patches over double the vulnerabilities from the previous version, covering high-risk, medium-risk, and low-risk security issues. Chrome automatically updates across Windows, macOS, Android, and iOS platforms, though users can manually check via Help menu for immediate protection.

A social network for AI looks disturbing, but it's not what you think A social network solely for AI - no humans allowed - has made headlines around the world. Chatbots are using it to discuss humans' diary entries, describe existential crises or even plot world domination . It looks like an alarming development in the rise of the machines - but all is not as it seems. Like any chatbots, the AI agents on Moltbook are just creating statistically plausible strings of words - there is no understanding, intent or intelligence. And in any case, there's plenty of evidence that much of what we can read on the site is actually written by humans.

Cybersecurity was already a nightmare. Listen to more stories on the Noa app. Earlier this fall, a team of security experts at the AI company Anthropic uncovered an elaborate cyber-espionage scheme. Hackers--strongly suspected by Anthropic to be working on behalf of the Chinese government--targeted government agencies and large corporations around the world. And it appears that they used Anthropic's own AI product, Claude Code, to do most of the work.

Abstract--The prevalence of security vulnerabilities has prompted companies to adopt static application security testing (SAST) tools for vulnerability detection. Nevertheless, these tools frequently exhibit usability limitations, as their generic warning messages do not sufficiently communicate important information to developers, resulting in misunderstandings or oversight of critical findings. In light of recent developments in Large Language Models (LLMs) and their text generation capabilities, our work investigates a hybrid approach that uses LLMs to tackle the SAST explainability challenges. In this paper, we present SAFE, an Integrated Development Environment (IDE) plugin that leverages GPT -4o to explain the causes, impacts, and mitigation strategies of vulnerabilities detected by SAST tools. Our expert user study findings indicate that the explanations generated by SAFE can significantly assist beginner to intermediate developers in understanding and addressing security vulnerabilities, thereby improving the overall usability of SAST tools. With the rise in software security vulnerabilities such as those in the Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list [1], many companies resort to static application security testing (SAST) tools for the detection of software vulnerabilities.

Protecting cloud applications is critical in an era where security threats are increasingly sophisticated and persistent. Continuous Integration and Continuous Deployment (CI/CD) pipelines are particularly vulnerable, making innovative security approaches essential. This research explores the application of Natural Language Processing (NLP) techniques, specifically Topic Modelling, to analyse security-related text data and anticipate potential threats. We focus on Latent Dirichlet Allocation (LDA) and Probabilistic Latent Semantic Analysis (PLSA) to extract meaningful patterns from data sources, including logs, reports, and deployment traces. Using the Gensim framework in Python, these methods categorise log entries into security-relevant topics (e.g., phishing, encryption failures). The identified topics are leveraged to highlight patterns indicative of security issues across CI/CD's continuous stages (build, test, deploy). This approach introduces a semantic layer that supports early vulnerability recognition and contextual understanding of runtime behaviours.

The choice of a suitable visual language projector (VLP) is critical to the successful training of large visual language models (LVLMs). Mainstream VLPs can be broadly categorized into compressed and uncompressed projectors, and each offers distinct advantages in performance and computational efficiency. However, their security implications have not been thoroughly examined. Our comprehensive evaluation reveals significant differences in their security profiles: compressed projectors exhibit substantial vulnerabilities, allowing adversaries to successfully compromise LVLMs even with minimal knowledge of structure information. In stark contrast, uncompressed projectors demonstrate robust security properties and do not introduce additional vulnerabilities. These findings provide critical guidance for researchers in selecting optimal VLPs that enhance the security and reliability of visual language models. The code is available at https://github.com/btzyd/TCP.

The rapid adoption of Large Language Models(LLMs) for code generation has transformed software development, yet little attention has been given to how security vulnerabilities evolve through iterative LLM feedback. This paper analyzes security degradation in AI-generated code through a controlled experiment with 400 code samples across 40 rounds of "improvements" using four distinct prompting strategies. Our findings show a 37.6% increase in critical vulnerabilities after just five iterations, with distinct vulnerability patterns emerging across different prompting approaches. This evidence challenges the assumption that iterative LLM refinement improves code security and highlights the essential role of human expertise in the loop. We propose practical guidelines for developers to mitigate these risks, emphasizing the need for robust human validation between LLM iterations to prevent the paradoxical introduction of new security issues during supposedly beneficial code "improvements".