Follow on Google News
Anthropic Exposes Chinese AI Labs’ Claude Distillation Attacks with 16M+ Exchanges
Anthropic accused DeepSeek, Moonshot AI, and MiniMax of orchestrating large-scale distillation attacks against Claude models. The Chinese labs used 24,000 fake accounts to extract over…
Conduent Data Breach Exposes Millions in Largest U.S. Healthcare Incident
Conduent Business Services suffered a massive data breach from October 21, 2024, to January 13, 2025. Ransomware group Safepay claims responsibility for stealing 8+ terabytes…
MIMICRAT RAT Delivered Through Sophisticated ClickFix Campaign Targets Global Enterprises
Elastic Security Labs uncovered MIMICRAT, a custom C++ remote access trojan spreading via “ClickFix” attacks on compromised legitimate websites. Malicious JavaScript injects fake Cloudflare verification pop-ups…
Microsoft MFA Outage Blocks U.S. Users with 504 Gateway Timeouts (MO1237461)
Microsoft 365 Multi-Factor Authentication failed for North American users starting February 23, 2026, at 8:22 PM IST. Widespread 504 Gateway Timeout errors block MFA verification…
Starkiller Phishing Framework Bypasses MFA with Real-Time Login Proxies
Starkiller, a new phishing-as-a-service platform by Jinkusu group, proxies legitimate login pages to defeat multi-factor authentication. Attackers load real brand websites dynamically through malicious servers, capturing…
North Korean IT Worker Scam and Contagious Interview Malware Campaigns Exposed
North Korean threat actors run dual operations targeting developers worldwide. Contagious Interview tricks candidates into running malware during fake technical interviews. Fake IT workers embed inside real…
jsPDF addJS Vulnerability Enables PDF Object Injection (CVE-2026-25755)
jsPDF developers face a critical vulnerability in the popular PDF generation library. CVE-2026-25755 (CVSS 8.8) affects the addJS method, allowing attackers to inject arbitrary PDF objects and actions…
HPE Telco Service Activator Flaw Enables Remote Access Bypass (CVE-2025-12543)
HPE released a security bulletin on February 19, 2026, warning of CVE-2025-12543 affecting Telco Service Activator. The critical flaw (CVSS 9.6) stems from improper Host…
Wendy’s International Franchise Database Allegedly Leaked in Major Breach Claim
A threat actor claimed on February 22, 2026, to have breached the Wendy’s International Franchise Database. The leak allegedly exposes franchisee contacts, operational configs, and…
OWASP Smart Contract Top 10 2026: Critical Web3 Vulnerabilities Ranked
OWASP released the Smart Contract Top 10 for 2026, ranking the most dangerous smart contract flaws based on 2025 incidents. This awareness document guides Web3…
November 21, 2025
1 comment 
