Follow on Google News
PayPal Working Capital Bug Exposed Customer SSNs and PII for Six Months
PayPal disclosed a data exposure affecting approximately 100 customers of its Working Capital loan application. A software coding error from July 1 to December 13,…
Grandstream GXP1600 VoIP Phones CVE-2026-2329 Enables Unauthenticated Root RCE and Call Interception
Grandstream GXP1600 series VoIP phones suffer critical CVE-2026-2329 stack buffer overflow. Attackers gain root privileges remotely without authentication via web API endpoint /cgi-bin/api.values.get. Rapid7 researchers…
CharlieKirk Grabber Stealer Targets Windows Credentials, Cookies, and Session Data
CharlieKirk Grabber infostealer hits Windows systems to grab login credentials from browsers. The Python malware arrives as PyInstaller executable. It kills browser processes, steals passwords,…
Critical Jenkins CVE-2026-27099 Exposes CI/CD Pipelines to Stored XSS Attacks
Jenkins core contains two vulnerabilities including high-severity stored XSS tracked as CVE-2026-27099. Attackers with Agent/Configure or Agent/Disconnect permissions inject JavaScript via node offline descriptions. Builds…
Critical Apache Tomcat CVE-2026-24733 Enables Security Constraint Bypass via HTTP/0.9
Apache Tomcat patched CVE-2026-24733, a security constraint bypass vulnerability. Attackers use HTTP/0.9 requests to evade access controls. The flaw rated Low severity affects specific configurations.…
Critical VS Code Extension Vulnerabilities Expose 128 Million Developer Machines to Attack
Three critical vulnerabilities hit four popular VS Code extensions with 128 million downloads. CVE-2025-65715, CVE-2025-65716, and CVE-2025-65717 allow remote code execution, file exfiltration, and network…
LLM-Generated Passwords Show Predictability, Repetition, and Low Entropy Flaws
Large language models generate weak passwords despite complex appearances. A password like G7$kL9#mQ2&xP4!w looks random. Research proves it repeats often. Standard strength meters miss these…
PoC Released for Critical Chrome CVE-2026-2441 Zero-Day Exploited in the Wild
A public proof-of-concept exploit targets CVE-2026-2441, a critical use-after-free zero-day in Chrome’s Blink CSS engine. Google confirms active in-the-wild exploitation. Security researcher Shaheen Fazim reported…
Silicon Valley Engineers Indicted for Stealing Google Trade Secrets and Sending Data to Iran
Three Silicon Valley engineers face federal charges for stealing trade secrets from Google and other tech firms. They allegedly sent sensitive processor data to Iran.…
Ploutus Malware Drains U.S. ATMs Without Cards or Accounts as FBI Issues FLASH Alert
The FBI issued FLASH-20260219-001 on February 19, 2026, warning about Ploutus malware jackpotting attacks on U.S. ATMs. Criminals gain physical access to machines and use…
November 21, 2025
1 comment 
