Open WebUI patches SVG profile image flaw that could lead to one-click RCE
Open WebUI has patched a stored cross-site scripting flaw that could let attackers abuse SVG profile images to run malicious JavaScript in a victim’s browser.…
Critical FortiSandbox flaw lets unauthenticated attackers run code
Fortinet has fixed a Critical vulnerability in FortiSandbox that could let remote attackers execute unauthorized code or commands without logging in. The flaw is tracked…
Fortinet patches critical FortiSandbox flaw and four more enterprise vulnerabilities
Fortinet has patched five security vulnerabilities affecting FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS, FortiAP, FortiAP-W2, FortiAP-U, FortiOS, FortiAnalyzer, and FortiManager. The most serious issue is CVE-2026-26083,…
Microsoft’s May 2026 Patch Tuesday fixes 120 flaws with no zero-days reported
Microsoft’s May 2026 Patch Tuesday update fixes 120 security flaws across Windows, Office, SharePoint, Dynamics 365, SQL Server, Azure tools, Visual Studio Code, and Microsoft…
ODINI Research Shows Faraday Cages Cannot Fully Stop Air-Gap Data Leaks
ODINI is a proof-of-concept malware technique that can leak data from air-gapped computers by controlling magnetic fields generated by the CPU. The research shows that…
JDownloader Website Hack Served Python RAT Through Fake Installers
JDownloader’s official website was compromised in early May 2026, allowing attackers to replace some installer download links with malicious files. The attack affected users who…
Google reCAPTCHA QR Checks Could Lock Out De-Googled Android Users
Google’s new reCAPTCHA mobile verification flow could make it harder for privacy-focused Android users to access websites that rely on Google’s anti-bot checks. The issue…
Vidar Malware Uses Fake Activation Tool to Steal Passwords, Cookies, and Crypto Wallets
A new Vidar malware campaign is using a fake software activation tool to steal browser credentials, session cookies, cryptocurrency wallet files, and system data from…
Google Ads and Claude Shared Chats Used to Push macOS Malware
Attackers are using Google Ads and legitimate Claude shared chats to push macOS malware at users searching for Claude downloads. The campaign is dangerous because…
Weaponized JPEG File Drops Trojanized ScreenConnect Backdoor on Windows
A new malware campaign called Operation SilentCanvas is using a file disguised as a JPEG image to deploy a trojanized version of ConnectWise ScreenConnect on…
November 21, 2025
1 comment 
