FBI and CISA release Zero Trust guide for OT environments
The FBI, CISA, the Department of Energy, the Department of State, and the Department of War have released new joint guidance to help organizations apply…
Phoenix phishing platform fuels global smishing attacks against banks, telecoms, and delivery firms
A new phishing-as-a-service platform called Phoenix is powering large smishing campaigns that impersonate banks, telecom providers, and logistics companies worldwide. The platform gives criminals ready-made…
Fake event invitations are being used to attack U.S. organizations with RMM tools
A large phishing campaign is targeting U.S. organizations with fake event invitations that can lead to credential theft, one-time password interception, and remote access tool…
Qilin ransomware uses RDP history to quietly map compromised networks
Qilin ransomware operators have been observed using Windows Remote Desktop Protocol logs to map activity on a compromised server. The technique gives attackers a quick…
Windows 11 April security update is breaking some third-party backup apps
Microsoft’s April 2026 security update for Windows 11 is causing backup failures for some users who rely on third-party backup tools. The issue appears linked…
cPanel patches critical authentication bypass flaw after emergency warning
cPanel has released emergency security updates for a critical authentication bypass vulnerability affecting cPanel & WHM, cPanel DNSOnly, and WP Squared. The flaw is tracked…
BlueNoroff uses fake Zoom meetings and fileless PowerShell to target crypto firms
BlueNoroff, a financially motivated subgroup of North Korea’s Lazarus Group, has been linked to a new campaign targeting cryptocurrency and Web3 professionals through fake Zoom…
VECT 2.0 ransomware destroys large files instead of encrypting them
A newly analyzed ransomware strain called VECT 2.0 can permanently destroy large files instead of encrypting them in a recoverable way. Check Point Research found…
Google fixes critical Chrome flaws that could allow remote code execution
Google has released a Chrome security update for Windows, macOS, and Linux to fix 30 vulnerabilities, including multiple critical flaws that could allow remote attackers…
Hugging Face LeRobot flaw enables unauthenticated remote code execution
A critical vulnerability in Hugging Face LeRobot can let unauthenticated attackers run commands on systems that expose the framework’s async inference service to a network.…
November 21, 2025
1 comment 
