Baronesses Nadine and Ariane de Rothschild at odds over future of Swiss chateau’s priceless contents

After three generations of genteel discretion bordering on secrecy, the international banking family the Rothschilds has been riven by rival claims to a vast collection of masterpieces that are part of the family’s multibillion-euro fortune.

The battle now playing out in the courts and media has pitched the 93-year-old senior baroness, Nadine de Rothschild – widow of Edmond de Rothschild, the late scion of the French-Swiss branch of the family – against her daughter-in-law, Ariane de Rothschild, the current baroness.

Continue reading...

© Photograph: Luc Castel/Getty Images

© Photograph: Luc Castel/Getty Images

© Photograph: Luc Castel/Getty Images

About 56,000 people control three times as much wealth as half of humanity. Here’s one way to illustrate that

Cruising around on private jets, the ultra-rich are the world’s financial elite – but how many people actually occupy this exclusive wealth club? Could they all fit into a floating mega-yacht, or is the group much bigger, possibly the size of a dazzling mega-rich city?

Thanks to an inequality report out on Wednesday, we now have a snapshot of the size of the topmost layer floating above everyone else – the 0.001%.

Continue reading...

© Composite: Getty Images / The Guardian / Guardian design

© Composite: Getty Images / The Guardian / Guardian design

© Composite: Getty Images / The Guardian / Guardian design

Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses affect all versions of Windows, including Windows 10.

Affected products this month include the Windows OS, Office, SharePoint, SQL Server, Visual Studio, GitHub Copilot, and Azure Monitor Agent. The zero-day threat concerns a memory corruption bug deep in the Windows innards called CVE-2025-62215. Despite the flaw’s zero-day status, Microsoft has assigned it an “important” rating rather than critical, because exploiting it requires an attacker to already have access to the target’s device.

“These types of vulnerabilities are often exploited as part of a more complex attack chain,” said Johannes Ullrich, dean of research for the SANS Technology Institute. “However, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities.”

Ben McCarthy, lead cybersecurity engineer at Immersive, called attention to CVE-2025-60274, a critical weakness in a core Windows graphic component (GDI+) that is used by a massive number of applications, including Microsoft Office, web servers processing images, and countless third-party applications.

“The patch for this should be an organization’s highest priority,” McCarthy said. “While Microsoft assesses this as ‘Exploitation Less Likely,’ a 9.8-rated flaw in a ubiquitous library like GDI+ is a critical risk.”

Microsoft patched a critical bug in Office — CVE-2025-62199 — that can lead to remote code execution on a Windows system. Alex Vovk, CEO and co-founder of Action1, said this Office flaw is a high priority because it is low complexity, needs no privileges, and can be exploited just by viewing a booby-trapped message in the Preview Pane.

Many of the more concerning bugs addressed by Microsoft this month affect Windows 10, an operating system that Microsoft officially ceased supporting with patches last month. As that deadline rolled around, however, Microsoft began offering Windows 10 users an extra year of free updates, so long as they register their PC to an active Microsoft account.

Judging from the comments on last month’s Patch Tuesday post, that registration worked for a lot of Windows 10 users, but some readers reported the option for an extra year of updates was never offered. Nick Carroll, cyber incident response manager at Nightwing, notes that Microsoft has recently released an out-of-band update to address issues when trying to enroll in the Windows 10 Consumer Extended Security Update program.

“If you plan to participate in the program, make sure you update and install KB5071959 to address the enrollment issues,” Carroll said. “After that is installed, users should be able to install other updates such as today’s KB5068781 which is the latest update to Windows 10.”

Chris Goettl at Ivanti notes that in addition to Microsoft updates today, third-party updates from Adobe and Mozilla have already been released. Also, an update for Google Chrome is expected soon, which means Edge will also be in need of its own update.

The SANS Internet Storm Center has a clickable breakdown of each individual fix from Microsoft, indexed by severity and CVSS score. Enterprise Windows admins involved in testing patches before rolling them out should keep an eye on askwoody.com, which often has the skinny on any updates gone awry.

As always, please don’t neglect to back up your data (if not your entire system) at regular intervals, and feel free to sound off in the comments if you experience problems installing any of these fixes.

[Author’s note: This post was intended to appear on the homepage on Tuesday, Nov. 11. I’m still not sure how it happened, but somehow this story failed to publish that day. My apologies for the oversight.]

Phishing attacks are becoming increasingly targeted as scammers refine their tactics to exploit social and economic issues. Instead of mass emailing identical messages, cybercriminals now create tailored campaigns that appear legitimate to specific audiences. The National Cyber Security Centre (NCSC) has warned that these phishing attacks are becoming more advanced, often imitating trusted institutions such as government agencies, banks, or health insurers. By leveraging familiar branding and credible topics like cryptocurrency or tax rule changes, scammers are deceiving individuals into sharing personal information.

Phishing Emails Impersonate Canton of Zurich

In one of the latest reported incidents, recipients received emails that appeared to originate from the Canton of Zurich, urging them to update information to comply with new cryptocurrency tax regulations. The email carried the official logo and layout, included a short compliance deadline, and threatened fines or legal action if ignored. [caption id="attachment_106720" align="aligncenter" width="1000"] Source: NCSC[/caption] Victims were directed to a fake website that closely mirrored the legitimate Canton of Zurich portal. After providing personal details such as their address, IBAN, date of birth, and telephone number, users were shown a confirmation page and then redirected to the real website — reinforcing the illusion of authenticity. [caption id="attachment_106721" align="aligncenter" width="1000"] Source: NCSC[/caption]   [caption id="attachment_106722" align="aligncenter" width="1000"] Source: NCSC[/caption]   Although the stolen data might not seem highly sensitive, authorities warn that it can be misused in follow-up scams. For instance, fraudsters may later call victims pretending to be bank representatives, using the collected personal details to sound credible and gain further access.

Emails Targeting Senior Citizens

A second phishing attack reported by the NCSC impersonated the Federal Tax Administration and focused on senior citizens. These emails referenced pension fund benefits, promising payouts and asking recipients to update their information. The messages used personalized greetings and professional formatting to build trust. While it is unclear if the emails were sent exclusively to older individuals, the targeted tone suggests an attempt to exploit a more vulnerable demographic. [caption id="attachment_106719" align="aligncenter" width="358"] Source: NCSC[/caption] Such campaigns highlight the shift from random spam emails to targeted phishing, where scammers invest more effort in psychological manipulation and social engineering.

Recommendations from the NCSC

Authorities are advising citizens to remain alert and follow these steps to reduce the risk of falling victim to phishing attacks:

• Be cautious of any email requesting personal or financial details.
• Never click on links or fill out forms from unsolicited messages.
• Verify the sender’s address and look for missing salutations or unofficial URLs.
• When uncertain, contact the official organization directly for clarification.
• Report suspicious links to antiphishing.ch.
• If financial information has been disclosed, contact your bank or card issuer immediately.
• In case of monetary loss, report the incident to the police via the Suisse ePolice platform.

Proactive Measures Against Phishing Attacks

The evolution of phishing attacks in Switzerland demonstrates how cybercriminals continuously adapt their methods to exploit trust and uncertainty. While public awareness campaigns remain vital, organizations must also invest in threat intelligence solutions that detect fraudulent domains, fake websites, and malicious email infrastructure before they reach potential victims. Platforms like Cyble provide proactive visibility into phishing campaigns and threat actor activity across the dark web and surface web, enabling businesses to take timely action and protect their customers and employees. Learn more about how intelligence-led defense can safeguard your organization from phishing and social engineering threats: Request a demo from Cyble