Follow on Google News
Iran-linked botnet exposed after open directory leak revealed relay nodes, SSH scripts, and active C2 work
A suspected Iran-linked botnet operation was exposed after researchers found an open directory on an Iranian-hosted server that contained the actor’s working files, deployment scripts,…
North Korea-linked WaterPlum used new StoatWaffle malware in VSCode supply chain campaign
A North Korea-linked threat cluster known as WaterPlum has started using a new malware family called StoatWaffle in a supply chain-style campaign that abuses Visual…
CISA adds exploited Microsoft SharePoint flaw to KEV catalog and urges fast action
CISA has added a Microsoft SharePoint vulnerability, tracked as CVE-2026-20963, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The agency…
SnappyClient malware targets Windows users with remote access, data theft, and stealth features
A newly documented malware implant called SnappyClient gives attackers remote access to infected Windows systems, steals data from browsers and crypto apps, and uses several…
Backdoored Open VSX extension used GitHub-hosted downloader to install RAT and stealer
A compromised Open VSX extension called fast-draft quietly delivered a remote access trojan and an infostealer to developer machines by downloading second-stage payloads from GitHub.…
Horabot resurfaces in Mexico with phishing chain that turns infected PCs into email spam hubs
Horabot is back, and researchers say the latest campaign has hit Mexico hard. Kaspersky says the banking trojan uses a fake CAPTCHA page, a multi-stage…
Claude flaws could have exposed chat data and redirected users to malicious links
Three linked flaws in Claude.ai could have let attackers steal sensitive chat data and send users to malicious websites through what looked like trusted Claude…
Malicious PyPI package ‘pyronut’ backdoored Telegram bots with remote code execution
A malicious Python package called pyronut briefly appeared on PyPI and targeted developers who build Telegram bots with the Pyrogram framework. Security researchers say the…
‘Vibe-coded’ malware campaign uses fake tools, CDNs, and file hosts to infect users
A large malware campaign has been abusing fake software downloads to infect users with coin miners, infostealers, and remote access tools, and McAfee says some…
CISA orders federal agencies to patch actively exploited Zimbra XSS flaw
CISA has added CVE-2025-66376, a stored cross-site scripting flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and ordered federal civilian agencies to…
November 21, 2025
1 comment 
