WhatsApp may let users chat by username instead of sharing phone numbers
WhatsApp is testing a username system that could let people start chats without exposing their phone number to new contacts. Right now, the feature appears…
AWS patches three severe RES flaws that could lead to root command execution and privilege escalation
Amazon Web Services has published an important security bulletin for Research and Engineering Studio, or RES, covering three vulnerabilities that could let an authenticated attacker…
Single line of code can jailbreak 11 AI models through a prompt injection trick
]A newly disclosed jailbreak technique called sockpuppeting can push some major AI models past their safety guardrails by abusing assistant prefills. Trend Micro says the…
Hackers hide a Magecart skimmer in SVG code on 99 Magento stores
A new Magecart campaign has compromised 99 Magento stores by hiding the skimmer inside a tiny inline SVG element on checkout pages. Sansec says the…
React Server Components vulnerability enables DoS attacks
A high-severity vulnerability in React Server Components can let remote attackers trigger denial-of-service conditions by sending specially crafted HTTP requests to Server Function endpoints. The…
DesckVB RAT uses obfuscated JavaScript and a fileless .NET loader to evade detection
DesckVB RAT is a remote access trojan that uses layered scripting, fileless loading, and process injection to avoid many traditional defenses. Point Wild’s LAT61 team…
Juniper default password flaw can hand attackers full control of vLWC appliances
Juniper Networks has disclosed a critical flaw in its Support Insights Virtual Lightweight Collector that can let an unauthenticated attacker take full control of the…
Trojanized OpenVSX extension spreads GlassWorm across VS Code, Cursor, and Windsurf
A fake OpenVSX extension that impersonates WakaTime can infect multiple VS Code-based editors on the same machine, not just the one where a developer installs…
CPUID hack turns CPU-Z and HWMonitor downloads into a malware risk
Anyone who downloaded CPU-Z or HWMonitor from CPUID around April 9 to April 10, 2026 should treat that installer as suspicious. CPUID now says attackers…
Multiple TP-Link Archer AX53 flaws could let attackers take over vulnerable routers
TP-Link has disclosed five security vulnerabilities affecting the Archer AX53 v1.0 router, including command injection, buffer overflow, and arbitrary file read flaws. The company says…
November 21, 2025
1 comment 
