A suspected Iran-linked botnet operation was exposed after researchers found an open directory on an Iranian-hosted server that contained the actor’s working files, deployment scripts,…
A North Korea-linked threat cluster known as WaterPlum has started using a new malware family called StoatWaffle in a supply chain-style campaign that abuses Visual…
CISA has added a Microsoft SharePoint vulnerability, tracked as CVE-2026-20963, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The agency…
A newly documented malware implant called SnappyClient gives attackers remote access to infected Windows systems, steals data from browsers and crypto apps, and uses several…
A compromised Open VSX extension called fast-draft quietly delivered a remote access trojan and an infostealer to developer machines by downloading second-stage payloads from GitHub.…
Horabot is back, and researchers say the latest campaign has hit Mexico hard. Kaspersky says the banking trojan uses a fake CAPTCHA page, a multi-stage…
Three linked flaws in Claude.ai could have let attackers steal sensitive chat data and send users to malicious websites through what looked like trusted Claude…
A malicious Python package called pyronut briefly appeared on PyPI and targeted developers who build Telegram bots with the Pyrogram framework. Security researchers say the…
A large malware campaign has been abusing fake software downloads to infect users with coin miners, infostealers, and remote access tools, and McAfee says some…
CISA has added CVE-2025-66376, a stored cross-site scripting flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and ordered federal civilian agencies to…
November 21, 2025
1 comment 
