BlackSanta EDR killer targets HR teams through fake resume files
A newly documented malware campaign has spent more than a year targeting HR and recruitment staff with resume-themed lures and a kernel-level EDR killer called…
BeatBanker Android malware hides as a fake Starlink app and can take over phones
BeatBanker is a newly documented Android threat that spreads through fake app pages posing as Google Play and, in one recent campaign, masqueraded as a…
Zombie ZIP can help malware hide inside ZIP files and evade security scans
Zombie ZIP is a newly disclosed archive evasion technique that can let malware pass through some antivirus and EDR checks by tampering with ZIP metadata.…
HPE warns of critical AOS-CX flaw that can let attackers reset admin passwords
Hewlett Packard Enterprise has patched a set of security flaws in Aruba Networking AOS-CX, including a critical authentication bypass issue that can let an unauthenticated…
Microsoft brings phishing-resistant Windows sign-ins with Entra passkeys
Microsoft is rolling out Entra passkeys on Windows, giving organizations a new way to offer phishing-resistant, passwordless sign-ins through Windows Hello. The feature lets users…
New KadNap botnet hijacks ASUS routers and turns them into criminal proxy nodes
A newly tracked botnet named KadNap is hijacking ASUS routers and other edge networking devices, then using them to relay malicious traffic for a cybercrime…
Dutch Intelligence Warns of Signal and WhatsApp Account Hijacking Attacks Targeting Officials and Journalists
Dutch intelligence agencies have issued a warning about an ongoing phishing campaign that attempts to hijack Signal and WhatsApp accounts. The attacks reportedly target government…
Ericsson U.S. discloses data breach affecting more than 15,000 people after vendor hack
Ericsson Inc., the U.S. subsidiary of Swedish telecom giant Ericsson, has disclosed a data breach that exposed personal information belonging to more than 15,000 employees…
Gogs flaw let attackers overwrite LFS files across repositories until 0.14.2 fix
Gogs has patched a critical security flaw that could let attackers overwrite Git Large File Storage objects across repositories on the same server. The issue,…
Microsoft patches publicly disclosed .NET DoS flaw that can crash apps with crafted requests
Microsoft has released security updates for CVE-2026-26127, a publicly disclosed denial-of-service vulnerability in .NET and Microsoft.Bcl.Memory. The flaw can let a remote, unauthenticated attacker crash…
November 21, 2025
1 comment 
