Top Tech Headlines for August 10, 2025

Today's tech news brings a sharp focus on security—Google's AI getting hijacked, Windows servers exposed to DDoS attacks, and a privilege escalation vulnerability patched just in time. Here's a breakdown of the top cybersecurity stories you need to know right now.

Google Calendar Invites Exploited to Hijack Gemini AI

A critical flaw in Google Calendar invites allowed researchers to hijack Gemini AI agents running on user devices. The bug could be exploited remotely—and worse, used to exfiltrate sensitive user data without any interaction.

Thankfully, Google has patched the vulnerability. But it's a stark reminder that AI integrations, especially those tied to calendars and email, can become serious threat vectors if not locked down tightly.

New Windows DoS Bugs Enable Stealthy DDoS Botnets

Security firm SafeBreach identified four previously unknown denial-of-service (DoS) flaws in Windows. These vulnerabilities, tied to Remote Procedure Call (RPC) and LDAP protocols, could let attackers covertly transform public-facing domain controllers into weapons for distributed denial-of-service (DDoS) attacks.

Microsoft issued patches, but organizations running outdated or unpatched domain controllers remain at risk. It’s another reminder to regularly audit and update public-facing infrastructure.

New Windows Exploit Chain Allowed Domain Privilege Escalation

A new exploit chain targeting Windows’ Endpoint Mapper (EPM) service has been disclosed, dubbed CVE-2025-49760. The attack chain uses spoofed RPC communications to steal NTLM hashes—then escalates privileges to seize control over entire domains.

Microsoft has patched the flaw, but the exploit demonstrates just how quickly misconfigurations and RPC-based attacks can be leveraged for full domain compromise. Another clear sign that layered security—and fast patching—are non-negotiable.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.