Apple adds macOS Tahoe Terminal warning to disrupt ClickFix attacks
Apple has added a new security warning in macOS Tahoe 26.4 that can stop users before they paste potentially dangerous commands into Terminal. The feature…
CISA adds actively exploited Citrix NetScaler flaw to KEV as patch deadline lands April 2
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-3055, a critical Citrix NetScaler vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. For…
Cybercriminals abuse IRS and tax filing lures to push malware in new 2026 campaigns
DeepLoad is the more recent sample you shared earlier, but for this attached tax-season piece, the stronger angle is this: cybercriminals are using IRS, tax…
DeepLoad malware turns one fake fix into lasting enterprise access
DeepLoad is a newly reported malware threat that targets enterprise users through ClickFix, a social-engineering trick that pushes people to run a malicious command themselves.…
RoadK1ll malware turns hacked machines into quiet network relays for deeper intrusions
A newly documented malware implant called RoadK1ll turns an already compromised machine into a relay point that attackers can use to move deeper into an…
Notepad++ v8.9.3 is out with updater security hardening, crash fixes, and XML parser changes
Notepad++ has released version 8.9.3, and this is a meaningful maintenance update rather than a minor point release. It fixes a User Defined Language crash,…
Axios npm packages were compromised in supply chain attack, with malicious code pushed through official releases
Axios users need to check their projects right away. Security researchers say two real Axios releases, 1.14.1 and 0.30.4, were maliciously published to npm after…
Claude reportedly found zero-day RCE bugs in Vim and GNU Emacs, but one flaw is already patched
Anthropic’s Claude is at the center of a new security story after Calif said it used the model to uncover remote code execution bugs in…
Exposed server leaks TheGentlemen ransomware toolkit, victim credentials, and ngrok tokens
An exposed server has revealed what looks like the full working toolkit of a TheGentlemen ransomware affiliate, giving defenders a rare look at how one…
North Korean IT worker allegedly used stolen identity and AI-written resume in failed job scam
A suspected North Korean operative allegedly tried to land a remote cybersecurity job by posing as a U.S.-based AI architect, using a stolen identity, a…
November 21, 2025
1 comment 
