Follow on Google News
VoidLink malware framework raises alarms for Kubernetes, cloud, and AI-hosting Linux workloads
VoidLink is one of the most advanced Linux malware frameworks disclosed this year, and it matters because it was built for the kind of infrastructure…
Stolen Gemini API Key Turned $180 Bill to $82000 in Two Days
A small three-person dev team says attackers stole its Google API key and ran up $82,314.44 in usage charges in 48 hours, turning a normal…
Iranian APT activity rises as Middle East conflict widens, putting critical infrastructure on alert
Critical infrastructure operators should treat the current Iran-related cyber risk as elevated. New research from Nozomi Networks says it is already seeing a systematic increase…
Ransomware gangs now use Microsoft AzCopy to steal data over trusted Azure traffic
Ransomware operators have started using Microsoft AzCopy, a legitimate Azure Storage command-line utility, to exfiltrate data before they encrypt systems, according to a new report…
CISA flags exploited Qualcomm chipset bug CVE-2026-21385, Android updates now carry the fix
CISA has added CVE-2026-21385 to its Known Exploited Vulnerabilities program, which means federal agencies must remediate by March 24, 2026. The flaw affects multiple Qualcomm…
Phishing campaign abused Google Cloud Storage links to redirect victims to scam pages
A phishing campaign spotted in early March used Google Cloud Storage (GCS) links on the trusted storage.googleapis.com domain to funnel victims to scam pages. Research…
Honeywell Trend IQ4 controllers may expose building controls online with no login
Thousands of Honeywell Trend IQ4 building-management controllers may be reachable over the internet without authentication if installers leave them in a factory-default style configuration, according…
Silver Dragon used Google Drive to hide cyber espionage activity across Europe and Southeast Asia
A China-linked threat cluster called Silver Dragon has targeted government and public-sector organizations in Southeast Asia and parts of Europe since at least mid-2024, according…
Perplexity Comet flaw let a calendar invite steer the AI browser into leaking local data
A malicious calendar invite was enough to steer Perplexity’s Comet browser into reading local files and sending their contents to an attacker-controlled site, according to…
IPVanish VPN for macOS flaw could let local attackers run code as root
Security researchers have published a new report that claims a local privilege escalation weakness in IPVanish’s macOS app can let an unprivileged user run arbitrary…
November 21, 2025
1 comment 
