Follow on Google News
Critical GNU Inetutils telnetd flaw allows pre-auth remote code execution over port 23
A critical vulnerability in GNU Inetutils telnetd can let an unauthenticated remote attacker trigger memory corruption during the Telnet handshake and potentially execute code as…
ForceMemo attacks GitHub accounts and quietly backdoors Python repositories with force-pushed malware
A new supply chain attack tracked as ForceMemo is compromising GitHub accounts and silently injecting malware into Python repositories by rewriting recent commit history. StepSecurity,…
Iran-linked cyber operations expand alongside electronic warfare as conflict spreads
Iran-linked cyber activity has intensified alongside the wider regional war, with espionage, disruptive attacks, GPS interference, and influence operations now unfolding at the same time.…
Fake game cheats on GitHub and Reddit are spreading Vidar Stealer 2.0
Vidar Stealer 2.0 is spreading through hundreds of fake game cheat repositories on GitHub and promotional posts on Reddit, according to new research from Acronis…
Fake Telegram installer site pushes malware with in-memory execution and Defender bypass
A fake Telegram download site is distributing a Windows installer that looks legitimate but launches a multi-stage malware chain designed to weaken defenses and run…
Court-themed phishing campaign hits Argentina’s judicial sector with COVERT RAT
A phishing campaign targeting Argentina’s judicial sector uses fake court documents and GitHub-hosted malware to infect legal and government targets with a remote access trojan…
Boggy Serpens steps up attacks on diplomats and critical infrastructure, Unit 42 says
Boggy Serpens, the Iranian cyberespionage group also known as MuddyWater, has intensified operations against diplomats, energy firms, maritime organizations, and financial entities in a multi-wave…
Microsoft pauses automatic installation of the Microsoft 365 Copilot app on Windows devices
Microsoft has temporarily stopped the automatic installation of the Microsoft 365 Copilot app on eligible Windows devices with Microsoft 365 desktop apps. The change affects…
RegPwn vulnerability lets low-privilege Windows users gain SYSTEM access
A newly disclosed Windows privilege escalation flaw known as RegPwn can let a low-privileged local user gain full SYSTEM access on affected machines. The issue…
Critical FortiClient EMS flaw lets attackers reach the database without logging in
A critical vulnerability in Fortinet FortiClient Endpoint Management Server (EMS) can let an unauthenticated attacker send crafted HTTP requests and execute unauthorized code or commands.…
November 21, 2025
1 comment 
