Follow on Google News
Next.js and React Server Components Get Urgent Security Fixes for DoS, SSRF, and Auth Bypass Flaws
Vercel has released a major Next.js security update that fixes 13 advisories across denial-of-service, middleware bypass, server-side request forgery, cache poisoning, and cross-site scripting bugs.…
Dirty Frag Linux Flaws Let Local Attackers Gain Root Access
Dirty Frag is a newly disclosed Linux kernel vulnerability chain that can let a local, unprivileged user gain root access on affected systems. The issue…
Critical Spring Cloud Config Flaws Can Expose Files and GCP Secrets
The Spring team has patched four Spring Cloud Config Server vulnerabilities that can expose sensitive files, Google Cloud secrets, Git repository paths, and internal log…
Trellix investigates source code breach after RansomHouse claim
Trellix has confirmed unauthorized access to a portion of its source code repository, while the RansomHouse extortion group has claimed responsibility for the incident. The…
DarkMoon brings AI-driven autonomous penetration testing to open source
DarkMoon is a new open-source platform that uses AI agents to run automated penetration testing workflows across web, network, Active Directory, Kubernetes, cloud, and application…
TCLBANKER banking trojan abuses signed Logitech installer to target Brazil
A new Brazilian banking trojan called TCLBANKER is spreading through a trojanized Logitech installer and using WhatsApp and Outlook worm modules to reach more victims.…
HumanitarianBait campaign uses GitHub Releases to host Python infostealer payloads
A cyberespionage campaign named HumanitarianBait is using fake humanitarian aid documents to deliver a Python-based infostealer on Windows systems. The attack hides a malicious shortcut…
Fake moustache trick exposes gaps in UK online age checks
A 12-year-old boy reportedly fooled an online age verification system by drawing a moustache on his face with an eyebrow pencil. The system then verified…
Hackers abuse Hugging Face and ClawHub to spread malware through AI tools
Hackers are abusing trusted AI platforms, including Hugging Face and ClawHub, to distribute malware disguised as models, datasets, and agent skills. The campaign shows how…
ZiChatBot malware abuses Zulip APIs after hiding in PyPI packages
A newly documented malware campaign used fake Python packages on PyPI to deliver ZiChatBot, a cross-platform backdoor that targets Windows and Linux systems. The malware…
November 21, 2025
1 comment 
