New Progress ShareFile bugs can let attackers take over servers without logging in
Organizations running the on premises ShareFile Storage Zones Controller should patch now. Two newly disclosed flaws in the 5.x branch can be chained to let…
Hackers weaponize Claude Code leak to spread Vidar and GhostSocks malware
Developers searching for Anthropic’s leaked Claude Code source are getting trapped by fake GitHub repositories that deliver malware instead of code. Security researchers say attackers…
Top Node.js maintainers are under attack in a coordinated social engineering campaign
Open source developers behind some of the most widely used Node.js packages are facing a coordinated social engineering campaign that security researchers say closely mirrors…
LinkedIn faces privacy backlash over hidden browser extension checks
LinkedIn appears to scan Chrome-based browsers for installed extensions when users load its site, and that claim now has support beyond the original BrowserGate report.…
Anthropic ends Claude subscription access for OpenClaw and other third-party tools
Anthropic has officially stopped letting Claude Pro and Max subscribers use their flat-rate subscription limits with third-party agent tools such as OpenClaw. Starting April 4,…
Adobe breach claim puts 13 million support tickets and employee records in focus
Adobe has not publicly confirmed a new breach, but a threat actor calling himself “Mr. Raccoon” claims to have stolen 13 million support tickets, about…
North Korea-linked hackers hide phishing command traffic inside GitHub in new LNK attacks
A newly disclosed cyber campaign tied to North Korea-linked threat activity uses Windows shortcut files, or LNK files, to target organizations in South Korea while…
North Korea-linked hackers likely used the Axios npm compromise to deliver a cross-platform RAT
The Axios npm compromise now appears tied to a North Korea-linked threat cluster, according to multiple security vendors. CrowdStrike attributed the activity to STARDUST CHOLLIMA…
CERT-EU says Trivy supply chain attack helped lead to European Commission AWS breach
The European Commission’s cloud breach now appears tied to the Trivy supply chain compromise, according to CERT-EU. In a detailed incident write-up, CERT-EU said a…
700+ Next.js hosts hit in React2Shell campaign as attackers steal cloud and database secrets
A large-scale credential theft campaign has compromised more than 700 internet-facing hosts by exploiting React2Shell, the remote code execution flaw tracked as CVE-2025-55182. Cisco Talos…
November 21, 2025
1 comment 
