Operation Alice shuts down 373,000 fake dark web sites in global child protection crackdown
An international law enforcement operation has shut down more than 373,000 dark web sites tied to a fraud network that advertised illegal abuse material and…
Trivy GitHub Actions compromised again as attackers hijack 75 tags to steal CI/CD secrets
Trivy has suffered a second supply chain incident in March, this time through its GitHub Actions ecosystem. Security researchers say an attacker force-pushed 75 out…
Critical Langflow flaw was exploited within 20 hours, exposing AI pipelines to unauthenticated RCE
A critical Langflow security flaw is already under active attack, and defenders had very little time to react. Langflow says CVE-2026-33017 allows unauthenticated remote code…
Magento “PolyShell” flaw lets attackers upload files without logging in, raising RCE and takeover risks
A newly disclosed Magento flaw called PolyShell can let unauthenticated attackers upload files through the platform’s REST API, creating a serious risk for Adobe Commerce…
FBI, CISA warn Russian hackers are targeting Signal and other messaging apps to hijack high-value accounts
The FBI and CISA have warned that Russian intelligence-linked hackers are targeting high-value individuals through phishing attacks aimed at commercial messaging apps, especially Signal accounts.…
Chrome security update fixes 26 flaws, including critical bugs in WebGL and V8
Google has released a new Chrome desktop security update that fixes 26 security vulnerabilities across Windows, macOS, and Linux. The latest Stable channel build moves…
Oracle issues urgent patch for critical RCE flaw in Identity Manager and Web Services Manager
Oracle has released an out-of-band security update for CVE-2026-21992, a critical remote code execution vulnerability affecting Oracle Identity Manager and Oracle Web Services Manager. The…
Anthropic adds Projects to Claude Cowork Desktop to keep files, instructions, and memory in one workspace
Anthropic has added Projects to Claude Cowork, giving users a more persistent way to manage long-running desktop tasks. The new feature lets people create a…
Windows 11 March update breaks Microsoft account sign-ins in Teams, OneDrive, Edge, and more
Microsoft has confirmed that the March 2026 Windows 11 security update can block Microsoft account sign-ins in several apps, including Microsoft Teams Free and OneDrive.…
7,500 Magento sites hit in mass defacement campaign tied to suspected file upload flaw
More than 7,500 Magento-powered websites have been caught in a large defacement campaign that has spread across roughly 15,000 hostnames since February 27, according to…
November 21, 2025
1 comment 
