IDrive for Windows flaw can let low-privilege users gain SYSTEM access
A newly disclosed IDrive vulnerability can let an authenticated local user escalate privileges to NT AUTHORITY\SYSTEM on affected Windows systems. The issue affects IDrive Cloud…
CISA adds actively exploited Langflow flaw to KEV as unauthenticated RCE risk grows
CISA has added CVE-2026-33017, a critical Langflow vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. The flaw affects Langflow, an open-source low-code…
VoidLink rootkit uses eBPF and kernel modules to hide deep inside Linux systems
VoidLink is an advanced Linux malware framework that blends classic kernel rootkit techniques with eBPF-based stealth, giving attackers a deeper and more flexible way to…
Leak Bazaar turns stolen corporate data into a more organized criminal marketplace
A new cybercrime service called Leak Bazaar appears to show how data extortion is evolving beyond the usual leak-site model. Instead of just dumping stolen…
New ClickFix campaigns push Windows and macOS users to infect their own devices
ClickFix has become one of the most effective social engineering tricks in active cybercrime campaigns, and new research shows it now targets both Windows and…
Critical NVIDIA flaws hit Apex, Triton, NeMo, and Megatron-LM in March security update
NVIDIA has released March 2026 security bulletins for several enterprise and AI products, including Apex, Triton Inference Server, NeMo Framework, Megatron-LM, Model Optimizer, and B300…
Claude Chrome extension flaw enabled zero-click prompt injection attacks against millions of users
Anthropic has patched a serious vulnerability in its Claude Chrome extension after researchers showed that a malicious website could silently inject prompts into the AI…
Anthropic’s Claude Mythos leak reveals a stronger AI model and a serious security lapse
Anthropic has confirmed that Claude Mythos is real after leaked draft materials exposed the unreleased model on March 27. The leak matters for two reasons.…
ISC warns Kea DHCP bug can crash key services with a single remote message
ISC has disclosed a high-severity vulnerability in Kea DHCP that can let a remote attacker crash several Kea daemons by sending a specially crafted message…
LiteLLM PyPI breach exposed AI credentials after attackers pushed malicious versions 1.82.7 and 1.82.8
LiteLLM, a widely used Python library for routing requests across multiple LLM providers, was compromised on PyPI after attackers published two malicious releases, versions 1.82.7…
November 21, 2025
1 comment 
