Follow on Google News
Atlassian patches critical Bamboo command injection flaw and high-severity Netty issue
Atlassian has disclosed two major security issues in Bamboo Data Center and Server, including a critical OS command injection vulnerability and a high-severity denial-of-service flaw…
ProxySmart linked to 87 exposed SIM farm panels across 17 countries, researchers say
A shared software platform called ProxySmart appears to sit behind a large global SIM farm ecosystem that spans at least 87 exposed control panels in…
Compromised Namastex npm packages spread CanisterWorm in TeamPCP-style supply chain attack
A new npm supply chain attack hit packages tied to Namastex.ai, turning trusted package names into delivery vehicles for CanisterWorm, a self-propagating backdoor that steals…
DinDoor and ChainShell tie MuddyWater to Russian malware-as-a-service infrastructure
MuddyWater appears to be using commercial malware-as-a-service infrastructure rather than relying only on its own tooling. New research from JUMPSEC says the Iranian espionage group…
Claude Mythos helped Mozilla find 271 Firefox vulnerabilities ahead of Firefox 150
Mozilla says an early version of Anthropic’s Claude Mythos Preview helped its security team identify 271 vulnerabilities in Firefox, with fixes landing in Firefox 150…
Microsoft says Jasper Sleet uses fake IT worker identities to infiltrate cloud environments
Microsoft has warned that Jasper Sleet, a North Korea-aligned threat actor, is using fake IT worker identities to get hired into real companies and gain…
Lotus Wiper destroys drives and deletes files in targeted attack on Venezuela’s energy sector
Lotus Wiper is a destructive malware strain, not ransomware. Kaspersky says it targeted an organization in Venezuela’s energy and utilities sector, where it wiped physical…
Gh0st RAT and CloverPlus adware arrive together in stealthy dual-payload attack
Gh0st RAT and CloverPlus adware now appear together in a new dual-payload malware campaign that gives attackers both persistent access and a way to monetize…
CISA warns Gardyn smart garden flaws could let attackers take over devices remotely
CISA has warned that critical vulnerabilities in Gardyn Home Kit systems could let unauthenticated attackers remotely control connected smart garden devices and access sensitive cloud…
British man pleads guilty in U.S. cybercrime case tied to $8 million cryptocurrency theft
A British national has pleaded guilty in the United States for his role in a cybercrime operation that hacked company systems, stole sensitive data, and…
November 21, 2025
1 comment 
