Microsoft patches Defender zero-day that could give attackers SYSTEM privileges
Microsoft has fixed a publicly disclosed zero-day in Microsoft Defender that could let a local attacker raise privileges to SYSTEM, the highest level of access…
JanaWare ransomware targets Turkish users through a customized Adwind RAT chain
A new ransomware operation called JanaWare is targeting users in Turkey through a tailored version of the Adwind remote access trojan. Acronis Threat Research Unit…
Windows BitLocker flaw lets local attackers bypass a key security protection
Microsoft has patched a Windows BitLocker vulnerability that could let a local attacker bypass a security feature on a vulnerable machine. The flaw, tracked as…
Triad Nexus rebuilds after FUNNULL sanctions with rotating domains and scam portals
Triad Nexus, a cybercrime network linked to the FUNNULL ecosystem, has rebuilt part of its fraud infrastructure after U.S. sanctions and now uses more than…
Agentic AI browsers open a new path for prompt injection and data theft
Agentic AI browsers can turn a single malicious webpage into something much more dangerous than a normal browser exploit. Varonis Threat Labs says these browsers…
Microsoft 365 mailbox rules let hackers quietly intercept sensitive business emails
Attackers who break into Microsoft 365 accounts are increasingly using mailbox rules to spy on email, hide warnings, and forward sensitive messages outside the company.…
Trusted WordPress plugins carried a hidden backdoor for months before malware went live
A supply chain attack hit the WordPress plugin ecosystem after a buyer acquired a portfolio of widely used plugins and slipped in malicious code that…
Hackers abuse Google Cloud Storage to slip past email filters and deliver Remcos RAT
Threat actors are using Google Cloud Storage URLs to host fake Google Drive pages, steal login details, and then deliver Remcos RAT to Windows systems.…
MuddyWater-style campaign scanned 12,000 systems before hitting Middle East critical sectors
A new cyber campaign with tactics that resemble MuddyWater scanned more than 12,000 internet-facing systems before moving into targeted attacks against critical organizations in the…
Claude outage on April 13 hit logins, not a hidden platform-wide collapse
Anthropic’s Claude did suffer a real disruption on April 13, 2026, but the public record does not support the claim that the company left its…
November 21, 2025
1 comment 
