Google now lets some users change their @gmail.com address without creating a new account
Google has finally made it possible for eligible users to change the main @gmail.com address tied to their existing Google Account. That means people who…
Mercor confirms cyberattack tied to LiteLLM compromise as Lapsus$ claims it stole company data
Mercor has confirmed a security incident, but some of the biggest claims circulating online still need careful framing. The AI recruiting startup told TechCrunch it…
XLoader’s latest update makes analysis harder by hiding real command servers among decoys
XLoader is not new, but its latest versions are becoming much harder to study and block. Zscaler ThreatLabz says recent XLoader builds, from version 8.1…
Malicious npm package undicy-http impersonates undici and deploys a Windows-focused RAT plus browser stealer
A new npm supply chain attack is targeting developers who mistype undici and install undicy-http instead. JFrog says the package, published as [email protected], contains no…
PNG vulnerabilities in libpng can crash apps and expose memory on affected systems
Two newly disclosed libpng vulnerabilities can let attackers crash apps that parse crafted PNG files, and in some cases leak heap data or corrupt memory.…
Telnyx Python SDK on PyPI was backdoored in supply chain attack that targeted Windows, macOS, and Linux
Developers who installed recent Telnyx Python SDK releases from PyPI may have pulled malicious code instead of a normal update. Security researchers and Telnyx’s own…
North Korea-linked hackers briefly poisoned Axios on npm, putting Windows, macOS, and Linux systems at risk
Yes, developers and organizations that installed [email protected] or [email protected] during the brief exposure window should treat those systems as potentially compromised. Google Threat Intelligence Group…
Apple adds macOS Tahoe Terminal warning to disrupt ClickFix attacks
Apple has added a new security warning in macOS Tahoe 26.4 that can stop users before they paste potentially dangerous commands into Terminal. The feature…
CISA adds actively exploited Citrix NetScaler flaw to KEV as patch deadline lands April 2
The Cybersecurity and Infrastructure Security Agency has added CVE-2026-3055, a critical Citrix NetScaler vulnerability, to its Known Exploited Vulnerabilities catalog after confirming active exploitation. For…
Cybercriminals abuse IRS and tax filing lures to push malware in new 2026 campaigns
DeepLoad is the more recent sample you shared earlier, but for this attached tax-season piece, the stronger angle is this: cybercriminals are using IRS, tax…
November 21, 2025
1 comment 
