Follow on Google News
Coruna iPhone exploit kit tied to Russian spies likely came from stolen U.S. contractor tools
A powerful iPhone exploit kit called Coruna appears to have started as a Western government-grade capability before spreading to Russian spies and Chinese cybercriminals. Google…
Apache ZooKeeper patches two important flaws that can expose sensitive data and weaken trust checks
Apache ZooKeeper has disclosed two important-severity vulnerabilities that administrators should patch quickly. The flaws can expose sensitive client configuration data in log files and weaken…
Anthropic sues U.S. government over ‘supply chain risk’ label on Claude
Anthropic has sued the U.S. government after the Pentagon labeled the company a “supply chain risk,” escalating a high-stakes fight over how far the military…
OpenClaw advisory wave exposes a growing split between GitHub and CVE tracking
OpenClaw’s rapid rise on GitHub has turned into something else entirely: a live stress test for vulnerability disclosure at scale. In just a few weeks,…
SAP ships March 2026 patches for critical flaws that can lead to code execution
SAP has released 15 new security notes for March 2026, and two of them fix critical vulnerabilities that could let attackers take control of affected…
CISA warns Ivanti Endpoint Manager flaw is now under active attack
CISA has warned that a recently patched Ivanti Endpoint Manager vulnerability is now being exploited in real attacks. The flaw, tracked as CVE-2026-1603, lets a…
Signed fake Teams and Zoom apps used to plant remote access backdoors
A new phishing campaign is pushing signed malware disguised as Microsoft Teams, Zoom, Adobe Reader, and other familiar workplace apps. Microsoft says the attackers used…
Chinese-linked hackers targeted Qatar with PlugX lures within a day of the Middle East escalation
A China-linked cyber-espionage campaign targeted organizations in Qatar almost immediately after the latest Middle East conflict escalated. Public reporting says the operation used war-themed lure…
GhostClaw poses as OpenClaw in npm attack that can empty developer machines
A malicious npm package has surfaced under the name @openclaw-ai/openclawai, and researchers say it impersonates an OpenClaw installer while stealing passwords, browser data, SSH keys,…
ScamAgent shows how AI agents can automate scam calls from start to finish
Researchers have built a system called ScamAgent that can carry out realistic, multi-turn scam conversations with very little human input. The project, described in an…
November 21, 2025
1 comment 
