Fake TradingView Premium posts on Reddit spread Vidar and AMOS stealers
A live malware campaign is using fake Reddit posts that promise free TradingView Premium access to infect victims with Vidar on Windows and Atomic macOS…
Researcher releases BlueHammer exploit code for Windows Defender flaw, raising risk of full system compromise
A publicly released exploit called BlueHammer has exposed an unpatched Windows local privilege escalation flaw that can let a low-privileged user gain NT AUTHORITY\SYSTEM or,…
OpenAI Codex flaw let attackers steal GitHub access tokens through command injection
A critical command injection flaw in OpenAI Codex let attackers steal GitHub access tokens from users and automated workflows, according to BeyondTrust Phantom Labs. The…
50,000 WordPress sites exposed to critical Ninja Forms file upload RCE flaw
A critical flaw in the Ninja Forms File Upload plugin has exposed roughly 50,000 WordPress sites to possible takeover. The bug, tracked as CVE-2026-0740, lets…
Storm-1175 exploits web-facing flaws to deploy Medusa ransomware, Microsoft warns
Microsoft says Storm-1175 is running high-speed ransomware attacks that target vulnerable web-facing systems, steal data, and then deploy Medusa ransomware. The company says some intrusions…
BlueHammer PoC turns Microsoft Defender updates into a privilege escalation risk on Windows
A newly disclosed proof of concept called BlueHammer shows how a local attacker may abuse Microsoft Defender’s signature update flow to gain higher privileges on…
Iran-linked hackers target Microsoft 365 tenants in Middle East with password spray campaign
Organizations using Microsoft 365 in the Middle East face a fresh identity-based threat after researchers linked a March 2026 password spray campaign to an Iran-nexus…
Microsoft refreshes Defender update package for Windows installation images, but latest live signatures are newer
Microsoft has updated its offline Microsoft Defender package for Windows installation images, which helps admins bake newer antimalware components into WIM and VHD images before…
Phishing campaign abuses LogMeIn Resolve and ScreenConnect to gain remote access at US organizations
A phishing campaign has abused legitimate remote monitoring and remote access tools to compromise more than 80 organizations in the United States. Sophos said the…
Critical Android zero-interaction flaw can crash devices with no user action
Google’s April 2026 Android Security Bulletin fixes a critical Framework flaw, CVE-2026-0049, that can cause a local denial-of-service attack without any user interaction and without…
November 21, 2025
1 comment 
