Critical unpatched telnetd flaw CVE-2026-32746 allows unauthenticated root RCE
A newly disclosed flaw in GNU Inetutils telnetd could let an unauthenticated remote attacker execute code as root before any login prompt appears. The bug,…
OFAC sanctions DPRK IT worker network tied to fake remote jobs and WMD funding
The U.S. Treasury has sanctioned six individuals and two entities tied to North Korea’s fake remote IT worker scheme, saying the operation helped generate money…
Apple patches WebKit flaw that could let malicious web content bypass browser protections
Apple has released a security fix for a WebKit vulnerability that could let maliciously crafted web content bypass the Same Origin Policy on iPhones, iPads,…
UIDAI launches bug bounty programme to strengthen Aadhaar security
The Unique Identification Authority of India has launched a structured bug bounty programme aimed at improving the security of the Aadhaar ecosystem. UIDAI says the…
OpenAI launches GPT-5.4 mini and nano with faster performance for high-volume tasks
OpenAI has launched GPT-5.4 mini and GPT-5.4 nano, two smaller models designed for fast, high-volume workloads where latency matters as much as raw capability. OpenAI…
DarkSword iOS exploit chain used in real attacks to steal iPhone data
A newly disclosed iPhone exploit chain called DarkSword has been used in real-world attacks to fully compromise vulnerable devices and steal sensitive personal data. Google…
Cisco firewall zero-day was used to deploy Interlock ransomware before public disclosure
A critical Cisco Secure Firewall Management Center flaw was exploited as a zero-day by the Interlock ransomware group before Cisco disclosed and patched it. Amazon…
New malware campaigns turn routers and network devices into DDoS nodes and crypto miners
Two newly documented malware campaigns show how quickly attackers can turn network infrastructure into profit and attack capacity. Security researchers say one strain, called CondiBot,…
Fancy Bear server exposure reveals stolen credentials, 2FA secrets, and European defense targets
A server linked to Fancy Bear appears to have exposed a rare inside view of an active cyberespionage operation aimed at government and military organizations…
Critical ScreenConnect flaw can let attackers misuse server authentication material
ConnectWise has disclosed a critical ScreenConnect vulnerability that could let attackers gain unauthorized access if they obtain server-level cryptographic material used for authentication. The flaw,…
November 21, 2025
1 comment 
